Cybersecurity

CISA, FBI warn of hacking threat against Fortinet product

The advisory warns that an unattributed threat actor is using known vulnerabilities in a Fortinet security product to gain access to government and industry networks.

Cybersecurity

Electric Cars, Smart Refrigerators Pose Cyber Risk To US Utilities, GAO Finds

The risks aren’t well understood by researchers, in part because of local and state control of electrical utilities.

Cybersecurity

DOD Concludes Review of First CMMC Certification Organization

The Accreditation Body in charge of the department’s developing certification program also has a notable new leader as others take their leave.

Cybersecurity

Krebs cautions on push for national cyber director

The former CISA chief expressed confidence in Deputy National Security Advisor Anne Neuberger to help the White House confront the multiple cybersecurity incidents it is facing.

Cybersecurity

Mandatory review of DOD's compliance on CMMC is delayed

The Defense Department was supposed to submit a review to Congress by March 1 assessing whether components complied with the guidelines of the Cybersecurity Maturity Model Certification program. That deadline has been pushed to June.

Cybersecurity

CISA Orders Agencies to Conduct Fresh Scans of Microsoft Exchange Servers

The agency issued supplemental guidance requiring new tests with Microsoft-provided tools and measures to harden the attractive target.

Cybersecurity

First set of CMMC certification orgs emerge

The Defense Department's unified cybersecurity program is making gains with its first tranche of certifying bodies, but assessments for defense contractors are a ways off.

Cybersecurity

Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Ideas

Getting and Growing the Cyber Workforce You Need for 2021—and Beyond

It’s no secret that the competition for cyber talent is stiff. With a 0% unemployment rate and nearly 400K open positions across the U.S., federal agencies must reinvent their cyber employee experience. 

Cybersecurity

CMMC body hires ex-CISA deputy as first CEO

The governing body in charge of implementing the Defense Department's Cybersecurity Maturity Model Certification program has hired Matthew Travis, former CISA deputy director, as new CEO.

Modernization

Army Using DevSecOps for Tactical Radio Program 

The iterative development approach allowed the program executive office to start making adjustments to network operations quickly, according to a news release. 

Cybersecurity

FedRAMP Outlines Requirements for Using Containers

Container technology allows operability across operating systems and faster development but is a primary security concern for implementers. 

Cybersecurity

Air Force Working on Foundational Zero Trust Activities, CIO Says

Some programs are already operating under a zero trust framework, but the enterprise as a whole still needs basic tools for things like identity, credentials and access management. 

Cybersecurity

Director Says NSA’s Domestic Surveillance Authority ‘Rightly’ Limited

Gen. Paul Nakasone, who oversees both the intelligence agency and U.S. Cyber Command, stressed the need for greater visibility through private-sector information streams.

Cybersecurity

Impatient lawmakers press Biden for cyber director nominee

President Joe Biden has said cybersecurity will be a top priority for his administration, but two senior positions focused on the issue remain either vacant or held by an acting official.

Cybersecurity

Energy Launches Supply Chain Program As Watchdog Called for More Action 

The Energy Department has been focused on securing the generation and transmission of power, but distribution processes are also increasingly vulnerable.

Cybersecurity

New Software Vendor Standards Coming Within Weeks, CISA Head Says 

The White House is leading an interagency effort focused on software development that will determine federal procurement of information technology.

Modernization

Deputy Federal CIO on Fate of Trump-era IT Policies

The Office of American Innovation, Cloud Smart and the Federal Reskilling Academy are some of Trump-era tech policies left behind. Now the Biden team must decide what to do with them.