Cybersecurity
EPA Leading White House Effort to Secure the Water Sector Against Cyberattacks
This is the third in a series of 100-day sprints to shore up industrial control systems used in critical infrastructure.
Cybersecurity
Treasury Considering State and Local Grants to Implement Digital ID Systems
The effort to stimulate widespread use of digital identification is aligned with a White House order on cybersecurity and could help defend against ransomware attacks, officials said.
Cybersecurity
White House starts the clock on zero trust adoption
Agencies will have to meet specific zero trust security requirements by the end of fiscal year 2024 under a new policy memo, including updates to identity policies that will affect how federal employees access systems and applications.
Cybersecurity
NIST Releases Final Cybersecurity Assessment Guidance
The document extensively reviews best practices in security assessments for organizations.
Cybersecurity
CISA preps update to the zero trust maturity model
The Cybersecurity and Infrastructure Security Agency will update its zero trust maturity model to assist agencies in meeting goals outlined in the cybersecurity executive order released last year, an official said Tuesday.
Cybersecurity
Biden Executive Order Reinforces Agency Cyber Priorities
CIOs discuss how agency leadership and change management facilitate Biden’s cybersecurity executive order implementation.
Cybersecurity
FISMA Bill Drops in House Amid Confusion Over Federal CISO Role
Rep. John Katko is continuing a campaign to make the Cybersecurity and Infrastructure Security Agency a central Chief Information Security Office—or CISO— for federal civilian agencies.
Cybersecurity
Ransomware to overtake phishing as top cause for data compromises, report says
A new report says 2021 set a record for data breaches, but increasingly notifications to victims and authorities often lack transparency, hindering investigations.
Cybersecurity
NSA: Securing Cloud-Related PDFs Shouldn’t Mean Sacrificing Usability
The rise of editable Portable Document Files created a new avenue for attackers, but the right configuration can protect most systems without compromising functionality, NSA says.
Cybersecurity
CISA Releases Finalized IPv6 Guidance for Agencies
The network guidance document is years in the making.
Cybersecurity
Air Force secretary talks acquisitions, JADC2
Air Force Secretary Frank Kendall said he wants to focus on operational payoffs when it comes to the services programs, particularly the Air Force's contribution to Joint All Domain Command and Control called the Advanced Battle Management System.
Cybersecurity
Biden Official Endorses Effort to Move Pipeline Cybersecurity Regulation to DOE
An emergency directive from the Transportation Security Administration following the Colonial Pipeline attack faced opposition from Senate Republicans after the industry complained they weren’t sufficiently consulted beforehand.
Cybersecurity
NSA to get binding operational directive authority under new cyber policy
A new memo signed by President Biden outlines how the May 2021 executive order on cybersecurity applies to national security systems.
Cybersecurity
DISA leans on training collaboration, academic partnerships to build future workforce
The Defense Department's IT agency says "collaborative environment" at U.S. Cyber Command's Dreamport has been key for tech workforce development.
Cybersecurity
Big Tech Anxious About Commerce Plan to Secure Supply Chains from Foreign Influence
Comments an association of industry giants made on a notice of proposed rulemaking from the Commerce Department come amid multiple government efforts to reduce cybersecurity risks in globally produced information and communications technology.
Cybersecurity
Biden Official Credits Diplomacy With Russia for Arrest of Colonial Pipeline Hacker
A senior administration official disassociated the move from tensions between the U.S. and Russia amid a build-up of Russian troops near Ukraine and an unattributed cyberattack on the country’s government websites.
Ideas
3 Strategies for Securing the Supply Chain, Security’s Weakest Link
Today, no vendor or agency is safe—and just as importantly, no single organization can address all these threats independently.
Cybersecurity
Is there a path forward in Congress for mandatory cyber incident reporting?
A group of lawmakers is seeking legislation that would require private companies to report cyber incidents and ransomware attacks to the Cybersecurity and Infrastructure Security Agency, despite their efforts being derailed late last year.
Cybersecurity
FBI Officials Clarify What the Bureau Wants in Cyber Incident Reporting Bill
However the legislation is eventually passed, CISA plans to share reports with the FBI and other agencies, a Homeland Security official said.
Cybersecurity