Cybersecurity

Expect ‘AI versus AI’ cyber activity between US and adversaries, Pentagon official says

Researchers and officials say AI will usher in the next phase of cyber warfare, enabling new ways to carry out classic cyberattacks and build out new hacking tools.

Cybersecurity

US regulators have done little to address firmware vulnerabilities, think tank argues

Firmware connects the hardware and software of a device, but efforts to protect it have been absent in many of the government’s recent cybersecurity initiatives, according to the report.

Cybersecurity

Feds to compete for cyber glory at fifth annual President's Cup

CISA officials describe the positive impact the annual cybersecurity game aims to have across the federal workforce.

Cybersecurity

CISA directs agencies to mitigate widespread VPN bugs

Two unpatched flaws in Ivanti's Connect Secure VPN are being exploited by hackers in the wild.

Cybersecurity

Pentagon’s cyber red teams get clearer roles, governance

A document released by DOD’s chief information officer attempts to “address gaps in existing guidance” when it comes to the activities of the department’s cyber red teams.

Cybersecurity

CISA, FBI warn on risks of China-made drones

The new guidance is meant to alert critical infrastructure operators to potential security risks, including data exfiltration and cybersecurity risks, posed by unmanned aircraft systems manufactured in China.

Cybersecurity

CISA needs better collaboration with the EPA and water sector, watchdog says

CISA had “inconsistent collaboration” with relevant stakeholders due to a lack of formal mechanisms, according to the Department of Homeland Security Office of Inspector General.

Cybersecurity

State's cyber bureau has ‘raised the U.S. profile on cyber globally,’ watchdog says

The Government Accountability Office said the creation of the Bureau of Cyberspace and Digital Policy in 2022 has “helped to better position State to achieve its cyber diplomacy goals.”

Cybersecurity

White House looks to eliminate college degree requirements for cyber jobs with federal contractors

National Cyber Director Harry Coker also said Thursday that the federal government will be conducting a series of hiring sprints this year to fill seats.

Cybersecurity

EU signs on to IoT safety label plan

A U.S.-led effort to offer cyber-safe labels for connected devices is gaining momentum internationally.

Cybersecurity

Agencies’ FISMA implementation is still ‘mostly ineffective,’ watchdog says

The Government Accountability Office found that less than half of surveyed federal agencies had compliant security programs and called for improved performance metrics.

Cybersecurity

Think tank report envisions a cyber ‘good place’ for AI and how to get there

Amid the ongoing rise of artificial intelligence technologies and their integration into digital networks, the Aspen Institute compiled a new list of cybersecurity recommendations for government and industry.

Cybersecurity

Watchdog finds ‘sufficient’ cyber threat sharing at agencies, but barriers remain

The Intelligence Community Inspector General’s biennial update on cybersecurity information sharing noted that progress has been made over the past two years, but some agencies reported running up against roadblocks.

Cybersecurity

Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM

U.S. Cyber Command has been “an incredible partner” to the Space Force but does not currently have any personnel from the military branch within its ranks, a top official said.

Artificial Intelligence

How hackers can 'poison' AI

A new paper from NIST offers a standard taxonomy of cyber attacks dedicated to contaminating the data AI models use to learn.

Cybersecurity

FDA and CISA need to update cyber agreement for medical devices, watchdog says

The Government Accountability Office said medical devices are not commonly hacked but still called them “a source of cybersecurity concern warranting significant attention.”

Cybersecurity

Pentagon issues proposed CMMC rule

The long-anticipated draft rule, which will be officially published on Dec. 26, outlines proposed updates to DOD’s cybersecurity requirements for defense contractors and subcontractors who handle sensitive military data.

Cybersecurity

NIST releases 2 draft guides to prepare for post-quantum migration

The guidelines aim to help organizations incorporate quantum-resistant algorithms into their existing security infrastructures.

Cybersecurity

NDAA provision looks to close cybersecurity gaps in nuclear weapons systems

The requirement included in the fiscal year 2024 defense policy bill follows a 2022 GAO report that found the National Nuclear Security Administration did not fully implement “foundational cybersecurity risk practices.”

Cybersecurity

NIST issues guidance on a mathematical approach to data privacy

The draft document provides a system for adopting a differential privacy framework, and the agency is currently seeking feedback to ensure quality.