Cyber Threats

Preparations for Quantum Cyber Threat Get a Senate Boost

The bill would require an annual report to Congress from the Office of Management and Budget with the goal of identifying funding needed for agencies’ transition to post-quantum cryptography.

TSA Considers Using Third-Party Assessors in Coming Pipeline Regulations

The agency is exercising its authority to regulate pipelines and railways after issuing a series of short-term emergency security directives.

Critical Update: Safeguarding Data From Outside Intrusion

The VA is in the process of implementing a zero-trust cybersecurity model to better secure veterans’ sensitive personal data.

CISA Seeks Information for Potential Cyber Threat Intelligence Platform

The request will help the agency develop the platform to address current challenges related to cyber threat intelligence.

Offshore Drilling Operations Vulnerable to Cyberattacks, Watchdog Warns

The Government Accountability Office made a new case for improving the cybersecurity safeguards within offshore drilling and natural gas facilities. 

Agencies Push Deadline to Comment on Would-Be Federal Cyber Insurance Program

Insurance companies are pushing for taxpayer assistance to provide coverage in the event of catastrophic incidents.

Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule

Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.

Iranian Hackers Compromised a Federal Agency’s Network, CISA and FBI Say

Actors linked with the Iranian government were able to exploit an unpatched Log4Shell vulnerability—which the Cybersecurity and Infrastructure Security Agency asked agencies to address by the end of 2021—in an unnamed agency’s network.

DOD Must Enhance Cyber Incident Reporting and Sharing, Watchdog Says

The Government Accountability Office found that the Pentagon “lacks an accountable organization and consistent guidance” for documenting and sharing details about reported cyber incidents.

China’s Cyber Capabilities ‘Pose a Serious Threat’ to US, Advisory Panel Warns

The panel’s report also called for the Biden administration to consider revoking China’s status as a favored trading partner if a congressional review finds that Beijing is not complying with its commitments.

NIST Official Warns Against Device-only Approach to Securing IoT

Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.

No ‘Specific or Credible’ Cyber Threats Affected Integrity of Midterms, CISA Says

Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.

CISA Leaning Toward Lower Threshold for Mandatory Cyber Incident Reporting

The agency has started to receive feedback from some key stakeholders for its rulemaking process on the issue.

Experts Weigh in on Strengths and Vulnerabilities of Election Cybersecurity

Both voting systems and the voters themselves could be targets of malign influence.

Russia Linked to Nearly 75% of Late 2021 Ransomware Attacks, Per Analysis

The analyzed ransomware variants—from July to December 2021—amounted to millions of dollars in damages.