Cybersecurity
Watchdog dings IRS for vendor security lapses
Outdated antivirus software and missing security logs created risks for a key IRS communications platform, according to an inspector general report.
Cybersecurity
CISA, NSA Guidance Tries to Reduce Alternatives for Securing Industrial Control Systems
Policymakers in Congress and the administration are grappling with how to set a performance bar for companies' mitigation of cyber threats against critical infrastructure they own, while allowing flexibility the companies say is needed to run their operations.
Digital Government
VA ‘Moving Toward Full Compliance’ With Geospatial Data Law, Watchdog Finds
The VA’s Office of Inspector General found said the agency is noncompliant with three of the law’s requirements but is currently in the process of addressing its deficiencies.
Cybersecurity
Nuclear Weapon Development and Manufacturing Needs More Cybersecurity, Watchdog Says
The National Nuclear Security Administration, its contractors and subcontractors need to take cyber steps, according to a new report.
Cybersecurity
DOD’s Digital Threats Are Increasingly Interconnecting, Watchdog Warns
GAO identified six areas that require more oversight, as Defense warfighting operations and national security increasingly hinge on data security.
Cybersecurity
Industry Objections Spur Changes to Cybersecurity Provisions in Defense Bill
Key members of the House and Senate are altering proposals for identifying systemically important critical infrastructure and securing the software supply chain.
Cybersecurity
Federal Cyber Mandates for Water Infrastructure Are Too Costly to Implement, Experts Say
A House hearing saw expert testimony emphasizing the need for steady funding to cybersecurity programs in water utility providers—especially in rural regions.
Cybersecurity
FCC Adds China-linked Telecom Providers to List of National Security Threats
The departments of Defense and Justice want the agency to take a more comprehensive approach to preventing foreign adversaries from accessing Americans’ communications and data.
Cybersecurity
Combating Foreign Malign Influence Requires Enhanced Information Sharing
Experts advised the intelligence community to have “more holistic conversations” with the public about the threat landscape.
Cybersecurity
CISA Plans to Measure the Effect of Coming Standards on Industry’s Cybersecurity
But big companies want to avoid agencies’ use of related performance goals in new regulation.
Modernization
Federal IT Modernization Fund’s Financial Needs Draw Lawmaker Scrutiny
Federal CIO Clare Martorana said that the government should be operating on the “most modern technology available.”
Cybersecurity
White House Announces $1B in Cyber Funding for State and Local Governments
The four-year grant program, included in last year’s infrastructure law, will help states and local communities “strengthen their cyber resilience.”
Cybersecurity
Defense, Justice Call for FCC Rulemaking to Secure Internet Routing, Opposing NTIA
The departments cited comments from the Cybersecurity and Infrastructure Security Agency and said a regulatory approach would have a greater impact “industry-wide” than dealing with entities case-by-case.
Cybersecurity
Whole-of-Government Effort Targets Iranian Hackers
An unsealed indictment from the Department of Justice accompanied sanctions and an advisory with international allies warning against government-linked Iranian hackers.
Cybersecurity
Biden adds cyber, data, supply chain risks to CFIUS reviews
The Committee on Foreign Investment in the United States will be required to consider five new sets of national security concerns – including cybersecurity – when reviewing foreign investments in the U.S. as part of a new executive order.
Cybersecurity
Social Media’s National Security Implications Draw Lawmaker Scrutiny
Senate Homeland Security Committee members grilled social media executives about their content moderation practices and ties to foreign adversaries.
Cybersecurity
Industry cautions on software security regs in the defense bill
Trade groups want Congress to remove a provision in the House-passed defense policy bill mandating software bills of materials in some federal acquisition.
Breaking News
Cybersecurity
OMB: New Acquisition Rule Coming for Vendors to Vouch for Their Software Security
Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.
Cybersecurity
Whistleblower Explains How Twitter Easily Skirted FTC’s Data Security Enforcement
The former public official—and legendary hacker’s—decision to expose what he described as a disastrous security environment at the company has prompted an unlikely alliance in Congress.
Cybersecurity