Cybersecurity
Report: Legacy Equipment Puts Telehealth Consumers’ Data At Risk
Telehealth services have expanded exponentially over the course of the pandemic due in part to the Trump administration’s decision to relax enforcement of the industry’s privacy regulations.
Cybersecurity
What Is Log4J, How Bad It Is and What’s at Stake?
Log4Shell is the latest hacker exploit rocking the internet, and it’s arguably the worst yet. The vulnerability is in an obscure piece of software used on millions of computers.
Cybersecurity
Biden Signs NDAA Relying on Voluntary Private-Sector Cybersecurity Collaboration
Major breaches over the past year were a double-edged sword in efforts to pass a crucial mandatory reporting measure that didn’t make it into the ‘must-pass’ legislation despite bipartisan support, according to key lawmakers.
Ideas
The Implications of Publicly Disclosing Cyberattacks
Officials must weigh the benefits and risks on a case-by-case basis.
Cybersecurity
Federal CISO Clarifies Support for a Standard that Could Make Passwords History
The cryptographic protocol is at the heart of a ‘zero trust’ proposal pioneered by Google that has a fan base within the federal government.
Cybersecurity
CISA, FBI issue new guidance on addressing Log4j risks
The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.
Cybersecurity
SOC Leaders and Employees Aren’t on the Same Page
Lack of shared recognition of problems increases the pain, according to a new survey.
Cybersecurity
CMMC assessments could resume in January
The governing body responsible for implementing the Defense Department’s unified cybersecurity program for contractors expects security procedures for authorized third party assessors to start back up in early 2022. But DOD has the final say on the timeline.
Cybersecurity
Agencies Under New Deadlines to Address ‘log4j’ Flaws with Emergency Directive
The Cybersecurity and Infrastructure Security Agency order comes as a prominent firm says nation states are exploiting the vulnerabilities.
Cybersecurity
CISA issues emergency directive to patch Log4j flaw
The Cybersecurity and Infrastructure Security Agency released an emergency directive on Friday ordering all federal agencies to take immediate action against a critical security flaw with potential long-term consequences for public and private infrastructure.
Cybersecurity
NSA, CISA, Add Original Equipment Manufacturers to Audience for 5G Security Guidance
The agencies got specific about who is responsible for what in a four-part series on securing the inherently cloud-based environments.
Cybersecurity
Senate passes 2022 defense authorization bill
The Senate passed the 2022 National Defense Authorization Act, 88-11, authorizing $740 billion for Defense Department spending, and $28 billion for other national security programs.
Cybersecurity
Senators Ready to Write Clarifying Legislation to Maintain U.S. Leadership in Crypto
Stakeholders fear an overly broad application of the tax provisions beyond virtual currency exchanges.
Emerging Tech
Army Bring-Your-Own-Device Experiments Test New Security Concepts
The service is “setting the stage” to try new communications ideas in the Pacific.
Ideas
Cream Cheese is the Just the Smooth Tip of a Sharp Problem
With ransomware hackers varying their targets to include operational technology used by U.S. factories and manufacturers, is an OT executive order needed to help combat them?
Cybersecurity
Federal Cybersecurity Advisor Floats Executive Order on Cloud Service Providers
The idea sprung from a sense of moral outrage Cybersecurity and Infrastructure Security Agency Director Jen Easterly identified with.
Cybersecurity
DHS scales up bug bounty program
Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.
Ideas
Modernizing FISMA. Again.
The federal government needs to improve its information security to keep pace with the dynamic threats to federal networks and supply chains.
Cybersecurity
DHS gets nearly 2,000 applications for new cyber cadre
The goal is for DHS to onboard the first 150 feds into the system next year.
Cybersecurity