Cybersecurity
CISA, FBI issue new guidance on addressing Log4j risks
The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.
Cybersecurity
SOC Leaders and Employees Aren’t on the Same Page
Lack of shared recognition of problems increases the pain, according to a new survey.
Cybersecurity
CMMC assessments could resume in January
The governing body responsible for implementing the Defense Department’s unified cybersecurity program for contractors expects security procedures for authorized third party assessors to start back up in early 2022. But DOD has the final say on the timeline.
Cybersecurity
Agencies Under New Deadlines to Address ‘log4j’ Flaws with Emergency Directive
The Cybersecurity and Infrastructure Security Agency order comes as a prominent firm says nation states are exploiting the vulnerabilities.
Cybersecurity
CISA issues emergency directive to patch Log4j flaw
The Cybersecurity and Infrastructure Security Agency released an emergency directive on Friday ordering all federal agencies to take immediate action against a critical security flaw with potential long-term consequences for public and private infrastructure.
Cybersecurity
NSA, CISA, Add Original Equipment Manufacturers to Audience for 5G Security Guidance
The agencies got specific about who is responsible for what in a four-part series on securing the inherently cloud-based environments.
Cybersecurity
Senate passes 2022 defense authorization bill
The Senate passed the 2022 National Defense Authorization Act, 88-11, authorizing $740 billion for Defense Department spending, and $28 billion for other national security programs.
Cybersecurity
Senators Ready to Write Clarifying Legislation to Maintain U.S. Leadership in Crypto
Stakeholders fear an overly broad application of the tax provisions beyond virtual currency exchanges.
Emerging Tech
Army Bring-Your-Own-Device Experiments Test New Security Concepts
The service is “setting the stage” to try new communications ideas in the Pacific.
Ideas
Cream Cheese is the Just the Smooth Tip of a Sharp Problem
With ransomware hackers varying their targets to include operational technology used by U.S. factories and manufacturers, is an OT executive order needed to help combat them?
Cybersecurity
Federal Cybersecurity Advisor Floats Executive Order on Cloud Service Providers
The idea sprung from a sense of moral outrage Cybersecurity and Infrastructure Security Agency Director Jen Easterly identified with.
Cybersecurity
DHS scales up bug bounty program
Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.
Ideas
Modernizing FISMA. Again.
The federal government needs to improve its information security to keep pace with the dynamic threats to federal networks and supply chains.
Cybersecurity
DHS gets nearly 2,000 applications for new cyber cadre
The goal is for DHS to onboard the first 150 feds into the system next year.
Cybersecurity
Agencies Must Fix Newly Cataloged Vulnerabilities by Christmas Eve
Officials stressed the importance of maintaining a bill of materials for software in flagging the “Log4j” vulnerability.
Cybersecurity
How cyber gray zone conflict can shape conventional war
As gray zone conflict becomes the norm, the intelligence community may have to make some changes to adapt.
Cybersecurity
U.S. Announces Work Toward Non-Binding Agreement on Surveillance Tech
Key U.S. allies supported the effort but did not sign on to a joint statement committing to the creation of a code of conduct on how to exercise export controls to curb the use of the cyber intrusion technologies by authoritarian regimes, according to a White House release.
Cybersecurity
Increased Interconnectivity Demands Stronger Federal Data Protection Protocols, Officials Say
Officials in the public and private sectors warned of the need to enact a robust cybersecurity posture at the federal level ahead of growing ransomware and hacking threats.
Ideas
What Agencies Need to Do to Combat Shadow IT Driven by Cloud Sprawl
Cloud sprawl happens when development teams spin up new cloud resources, forget about them, then move on to the next urgent task.
Digital Government