Ideas
Cream Cheese is the Just the Smooth Tip of a Sharp Problem
With ransomware hackers varying their targets to include operational technology used by U.S. factories and manufacturers, is an OT executive order needed to help combat them?
Cybersecurity
Federal Cybersecurity Advisor Floats Executive Order on Cloud Service Providers
The idea sprung from a sense of moral outrage Cybersecurity and Infrastructure Security Agency Director Jen Easterly identified with.
Cybersecurity
DHS scales up bug bounty program
Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.
Ideas
Modernizing FISMA. Again.
The federal government needs to improve its information security to keep pace with the dynamic threats to federal networks and supply chains.
Cybersecurity
DHS gets nearly 2,000 applications for new cyber cadre
The goal is for DHS to onboard the first 150 feds into the system next year.
Cybersecurity
Agencies Must Fix Newly Cataloged Vulnerabilities by Christmas Eve
Officials stressed the importance of maintaining a bill of materials for software in flagging the “Log4j” vulnerability.
Cybersecurity
How cyber gray zone conflict can shape conventional war
As gray zone conflict becomes the norm, the intelligence community may have to make some changes to adapt.
Cybersecurity
U.S. Announces Work Toward Non-Binding Agreement on Surveillance Tech
Key U.S. allies supported the effort but did not sign on to a joint statement committing to the creation of a code of conduct on how to exercise export controls to curb the use of the cyber intrusion technologies by authoritarian regimes, according to a White House release.
Cybersecurity
Increased Interconnectivity Demands Stronger Federal Data Protection Protocols, Officials Say
Officials in the public and private sectors warned of the need to enact a robust cybersecurity posture at the federal level ahead of growing ransomware and hacking threats.
Ideas
What Agencies Need to Do to Combat Shadow IT Driven by Cloud Sprawl
Cloud sprawl happens when development teams spin up new cloud resources, forget about them, then move on to the next urgent task.
Digital Government
GAO: Pentagon Needs Goals to Improve CMMC Framework
The watchdog made several recommendations in an audit of the Cybersecurity Maturity Model Certification effort.
Cybersecurity
NIST Outlines Request for Information Toward a New Cybersecurity Framework
The update will include a focus on supply chains for both hardware and software.
Cybersecurity
Cyber in the 2022 defense bill
As has been the case for the past few years, cyber governance provisions were featured in this year's must-pass defense policy bill moving through Congress, but a bipartisan breach notification measure was dropped from the bill -- to the chagrin of its supporters.
Cybersecurity
House Passes NDAA Without Cyber Incident Reporting Legislation
The bill still includes what the House Armed Services Committee referred to as the widest empowerment of CISA since SolarWinds.
Ideas
Data Exfiltration: Public Enemy No. 1 for the Public Sector
Taking a proactive approach is a critical step in improving the way the government combats threats.
Cybersecurity
OMB Guidance Heralds Automation of FISMA Reporting
The new Federal Information Security Modernization Act guidance also prioritizes security testing and doubles down on CISA’s Continuous Diagnostics and Mitigation program.
Cybersecurity
White House embeds cyber EO in FISMA reporting
Federal agencies will be reporting on zero-trust adoption and automation efforts in their annual cybersecurity reports to the Office of Management and Budget.
Ideas
How a Cloud-Security Scaffolding Can Protect Your Multicloud Landscape
Different cloud environments have different security needs. Here’s how to create a cloud-security scaffolding to strengthen protections while reducing manual support.
Cybersecurity
