Cybersecurity
IRS needs better documentation for its cyber threat hunts, watchdog says
A new report noted that a lack of “established policies and procedures” could prevent the tax agency from meeting federal requirements.
Cybersecurity
Cracks in ICE’s access controls increase agency cyber risk, watchdog finds
This isn’t the first DHS agency to come under fire for its access control deficiencies.
Cybersecurity
'Evolving' CISA program helped agencies quickly respond to recent cyber incidents
CISA’s Continuous Diagnostics and Mitigation program uses close collaboration with federal agencies to identify and respond to cyber threats, including last month’s MOVEit breach.
Cybersecurity
FTC, HHS warn of potential privacy and security risks embedded in online health sites
The agencies noted hospitals and telehealth providers could be exposing sensitive patient health information through online tracking tools like Meta Pixel and Google Analytics.
Cybersecurity
Justice to merge 2 offices in step with cyber implementation plan
The agency has been granted new and important roles under the Biden administration’s plan to safeguard U.S. digital networks.
Cybersecurity
US power grid faces escalating cyber threats, infrastructure experts warn
The power grid is experiencing heightened threats from foreign adversaries and domestic extremist groups that can pose devastating consequences for the nation’s supply of electricity, experts told a House subcommittee on Tuesday.
Cybersecurity
White House seeks public insight to harmonize ‘inconsistent’ cyber regulations
The Biden administration wants to use public feedback to shape baseline cybersecurity regulations that function across industries and sectors.
Cybersecurity
White House announces new program to designate cyber-secure IoT devices
The Biden administration announced its Cyber Trust Mark labeling program to ensure commercial smart home devices have sufficient cybersecurity tech in place.
Cybersecurity
Experts warn of financial challenges and gaps in cyber implementation plan
From a crucial lack of federal funding to longstanding issues with the cyber workforce, experts told Nextgov/FCW that the new cybersecurity implementation plan features major “financial potholes.”
Cybersecurity
Bipartisan FISMA update looks to tweak cyber incident reporting rules for agencies
The legislation proposes new requirements for disclosing cyberattacks, assigns guidance for A.I.-enabled cyber, codifies the Federal CISO role and more.
Cybersecurity
New White House cyber plan leaves digital identity action items out
Officials noted that identity action items could still be included in later iterations of the national cybersecurity strategy implementation plan.
Cybersecurity
New White House cyber implementation plan looks to ramp up resilience
The plan, released Thursday morning, includes more than 65 “high-impact initiatives” that federal agencies will be tasked with executing to achieve the objectives outlined in the national cybersecurity strategy.
Cybersecurity
State Department email accounts hit in China-linked cyberattack
A China-based cybercriminal known as Storm-0558 gained access to unclassified U.S. government email accounts using forged authentication tokens according to a report released by Microsoft.
Cybersecurity
Trade groups press White House for national cyber director nomination
A coalition of industry stakeholders is urging the Biden administration to nominate a national cyber director by the end of the month in a new letter sent to the White House Wednesday.
Cybersecurity
Cloud poses special cyber risks for critical infrastructure, report warns
Federal agencies and organizations that oversee critical infrastructure sectors and fail to adapt to the cloud paradigm risk major cybersecurity threats to their systems and networks, according to recent findings.
Cybersecurity
NDAA amendment calls for DOD, DHS to assess cyber threats to border security
Rep. Vicente Gonzalez, D-Texas, said his proposal “sets a plan to prevent cyber incidents by reducing the risk of future cyber vulnerabilities” in key border technologies.
Cybersecurity
New court ruling may hinder federal information sharing efforts, experts warn
Security experts warned that a federal ruling barring the Cybersecurity and Infrastructure Security Agency and others from contacting social media sites about key issues may have implications that go far beyond First Amendment-protected speech.
Cybersecurity
Resource constraints led to EPA’s failure to address critical vulnerabilities in air and radiation data
The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch its systems under federally required timeframes.
Cybersecurity
Third-party contractor software exploited in attack on HHS data
An official with the Department of Health and Human Services said attackers gained access to data by exploiting a major vulnerability found in the popular MOVEit file transfer service.
Cybersecurity