Cyber Threats

Energy Updates Assessment Tool for Administration’s 100-Day Cybersecurity Sprint

The update comes as lawmakers jostle for jurisdiction over cybersecurity across multiple critical infrastructure sectors with a slew of bills advancing in both chambers of Congress.

DOD’s Supply Chain Security Should be Strategic Priority, Congressional Task Force Says

The Defense Critical Supply Chain Task Force released six legislative proposals calling for less dependence on adversaries like China and improved supply chain visibility.

CBP Cybersecurity Failures Left Travelers' Personal Info at Risk, IG Says

A new internal watchdog report finds Customs and Border Protection failed to conduct required cybersecurity activities for its Mobile Passport Control applications.

Senators Promote Cybersecurity Measures in Core Bipartisan Infrastructure Framework

Congressional leaders of the Cyberspace Solarium Commission stressed a need to focus specifically on water treatment systems.

CISA Considering Open-Source Registrar Platform For .Gov Domain

The agency is looking for support services to help manage the .gov registry as it takes control of the top-level domain from GSA.

The State of Data Security in the Federal Government

Most agencies don’t have a solid grasp of what data they have or where it is located.

Bill Would Require Federal Agencies and Contractors to Report Cyber Intrusions Within 24 Hours

The bill leaves it up to an interagency rulemaking process to determine whether entities would be required to report incidents they’re aware of but not directly involved in.

Zero Trust-Like Approach Needed for Microelectronics Industry, Former DOD Official Says

Onshoring doesn’t mean vulnerabilities associated with chips will be instantly mitigated, the official said.

TSA’s New Cybersecurity Rules for Pipelines to Be Kept on Need-to-Know Basis 

The details of a second set of security regulations will not be released publicly. 

News Media Accidentally Boosted Russian Disinformation Tweets

Mainstream and hyperpartisan news media significantly amplified Internet Research Agency messaging and contributed to that follower growth by unknowingly embedding its tweets in their content.

VA Needs a Security Check For Its Social Security Number Reduction Tool

The app was recently migrated into a VA-managed cloud environment and needs a new authority to operate and some upgrades.

NIST Outlines Security Measures for Software Use and Testing Under Executive Order

Eyes now turn to the Office of Management and Budget to issue requirements for federal agencies and contractors based on NIST’s work.

Changing How App Stores Operate Could Have National Security Implications

As Congress considers how to increase competition for app stores run by Apple, Google and others, it also needs to consider potential cybersecurity threats.

Agencies Unveil Plans to Fight Ransomware—Including Paying for Tips

The State Department’s Rewards for Justice program is offering a reward of up to $10 million for information about attackers targeting U.S. critical infrastructure.

CISA Orders Agencies to Patch Microsoft ‘PrintNightmare’ Vulnerability

The flaw—which Microsoft said affects all versions of Windows—could allow an adversary to execute code on their victim’s system remotely.  

Cybersecurity Funding Faces Political Clash During Appropriations Markup

Republican lawmakers continue to withhold support for the Cybersecurity and Infrastructure Security Agency until their immigration concerns are addressed.