Cybersecurity

CISA: SolarWinds' Orion may not be only entry point for hackers

CISA's latest alert suggests hackers may have found other entry points into the federal government's networks than just the IT management software suite.

Cybersecurity

GAO Issues ‘Wake-Up Call’ Report on Agencies’ Lax Supply Chain Security Management

The bottom line is that none of the 23 agencies audited fully implemented foundational risk management practices. 

Cybersecurity

DOD announces first CMMC pilot contract nominees

The Dec. 15 announcement calls out seven pilot contracts across the Air Force, Navy and Missile Defense Agency.

Cybersecurity

After Solar Winds, it's time for a National Software Security Act

The time has come for Congress to regulate security in the software industry by mandating minimal best practices for software companies selling software products or services in America.

Cybersecurity

Pentagon Preps for First CMMC Pilots in 2021

The Pentagon’s Cybersecurity Maturity Model Certification program will begin including security requirements in select solicitations starting next year.

Cybersecurity

Lawmakers seek details on damage done by the SolarWinds hack

As information trickles out about which federal agencies have been compromised by a sophisticated hacking operation, lawmakers have begun seeking an extensive accounting of what damage has been done.

Cybersecurity

What We Know About the SolarWinds Breach

The White House invoked Presidential Policy Directive-41 to coordinate a "whole of government" response.

Cybersecurity

Senate Bill Targets Government’s Response to Agency-Involved Cyber Incidents

Agencies would see new reporting requirements to keep Congress and impacted individuals more informed about security breaches.

Cybersecurity

NSC invokes 2016 directive to respond to SolarWinds hack

The National Security Council's announcement to create a special group for coordinating the federal government's response to the SolarWinds hack comes as the list of affected agencies grows.

Cybersecurity

CISA Orders Federal Agencies to Turn Off SolarWinds Products 

A critical flaw in software used throughout government was reportedly used to breach a major security company and at least two federal agencies.

Cybersecurity

Hack at Treasury and Commerce spurs emergency order from CISA

The Cybersecurity and Infrastructure Security Agency issued an emergency directive late Sunday night after reported breaches at two cabinet agencies. The Department of Homeland Security, CISA's parent agency, also has reportedly been breached.

Cybersecurity

Reports: Suspected Russian Hackers Breach Commerce, Treasury Departments 

U.S. officials are investigating what data may have been stolen and whether the hack is more widespread.

Ideas

Your Robot Vacuum Could Spy on You

Researchers managed to recover speech data with high accuracy.

Cybersecurity

Presidential Advisers Make the Case for a New Cybersecurity Center for Sharing Threats

Current federal efforts to help mitigate threats against privately operated critical infrastructure fall short, according to a National Infrastructure Advisory Council report.

Ideas

5 Rules to Keep Breaking Barriers in Government

The pandemic disrupted how agencies conducted business but federal leaders can harness that momentum. 

Cybersecurity

FBI, CISA, State Leaders Warn Schools About Ransomware Threats

The percentage of ransomware attacks perpetrated against schools more than doubled in 2020.

Cybersecurity

FCC Adopts Order to Rip and Replace Huawei, ZTE Equipment Amid 5G Security Challenges

The senior Democrat on the commission noted China’s continued leadership of global 5G standards development in urging further action.

Modernization

GSA Relaunches Federal Service Desk With New Look and Added Security

The help desk for all General Services Administration procurement systems got a makeover and a security lockdown.

Cybersecurity

Beware of COVID-19 Vaccine Scammers, FTC Warns

The Federal Trade Commission expects some opportunists to attempt to bilk the public when COVID-19 vaccines are made available.

Cybersecurity

Why Certain Cybersecurity Provisions Made it into the NDAA and Others Didn’t  

An effort to establish a public-private collaboration environment was cut from the final bill but a controversial insurance provision was retained.