Ideas
The Cybersecurity Executive Order Is a Missed Opportunity
This executive order is designed to strengthen federal cybersecurity, not that of the private sector, including critical infrastructure providers.
Podcasts
Critical Update: Do You Know What’s In Your Software?
In the wake of several major cybersecurity incidents, the government wants to shore up its software supply chain. Two experts explain the merits of some approaches and why there’s no silver bullet.
Cybersecurity
Leveraging the TMF for the secure modernization of high value assets
Prioritizing Technology Modernization Fund dollars for systems that support high-impact programs can drive major improvements in how IT supports key government missions.
Modernization
If the Pentagon Drops JEDI, Then What?
Defense Department officials say the contract’s enterprisewide capabilities are still needed, but how to fill that need may be different given the department’s changing cloud landscape.
Cybersecurity
Pipeline Security Act Reintroduced in House
More than a dozen lawmakers have cosponsored the legislation following the Colonial Pipeline attack.
Cybersecurity
Can NTSB-style oversight work for cybersecurity?
President Joe Biden's new cybersecurity executive order calls for a safety review board to examine the attack against SolarWinds as well as other significant cybersecurity incidents moving forward.
Cybersecurity
Watchdog: 'Uncertainty' may undermine CBP's enforcement of social media policy
The Office of Inspector General at the Department of Homeland Security found divisions among senior Customs and Border Protection officials about the agency's social media posting policies.
Ideas
Zero Trust or Bust
One primary consideration should drive implementation: who gets to see what content?
Cybersecurity
CMMC board adds new training head, board members
Melanie Kyle Gingrich will take over training daily operations for the Cybersecurity Maturity Model Certification Accreditation Body as the vice president of training and development.
Cybersecurity
House lawmakers re-introduce pipeline security bill after Colonial hack
Lawmakers in previous years have tried to clarify and change which agencies are responsible for regulating the cybersecurity of oil and gas pipelines.
Cybersecurity
Lawmakers Call for Pentagon to Prioritize Cyber Investments
Rep. Jim Langevin suggested in a hearing the Defense Department has not elevated its focus on the cyber domain enough.
Cybersecurity
Army’s Cybersecurity ‘Greatly Concerns’ Wormuth After Pipeline Attack
Biden’s Army Secretary nominee told the Senate she’d fight deep troop cuts and support long-range fires and new measures against sexual crimes and extremism, if confirmed.
Cybersecurity
DISA Releases Initial Zero Trust Reference Architecture
The architecture will help the military “maintain information superiority on the digital battlefield,” according to the press release.
Cybersecurity
Progressive Lawmakers Praise Biden’s Plan for Cybersecurity Labels
Reviews are in on the administration’s long-awaited executive order following several major hacking campaigns.
Emerging Tech
Lockheed, Air Force Software Factory Helps Field New Strike Planning Aid System
The contractor built new DevSecOps pipelines for Rogue Blue software factory in Nebraska.
Cybersecurity
Cyber Response Bill Advances in Senate
The legislation includes a fund to help impacted organizations pay for remediation efforts.
Digital Government
Senate Panel Advances Measures to Reskill Feds, Ban Their TikTok Use
OPM would oversee an agency-led effort to get federal workers into new jobs.
Ideas
Biden’s Cyber Strategy Must De-weaponize Civilian Data
It's time to stop relying on knowledge-based authentication.
Cybersecurity
CISA chief says cyber order is doable but will 'stretch the system'
The executive order, which was published Wednesday night, contains deadlines for CISA, the Department of Homeland Security, the Office of Management and Budget and other agencies to begin reworking the government's cybersecurity with some timelines as short as 30 days from its signing.
Cybersecurity