Cybersecurity
Lessons from China’s Cyberattack Strategy Can Help CISOs Better Manage Threats, Report Says
A new report from Booz Allen Hamilton analyzed more than a dozen Chinese-sponsored cyberattacks over the past decade.
Cybersecurity
GAO: Communication Breakdowns Hurt Otherwise Positive View of Federal Ransomware Support
State, local, tribal and territorial governments have “generally positive views” of agencies’ ransomware assistance, but cited “inconsistent communication” from the FBI as a challenge.
Cybersecurity
Senators’ Plan to Secure Open Source Software Involves Agencies Using More of It
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code.
Cybersecurity
Senate Legislation to Secure Open Source Software Relies on Transparency Initiative
Success would depend to a significant degree on whether agencies require vendors of information and communications technology to provide a software bill of materials with their products and services.
Cybersecurity
Over Half of Operating Systems at VA Medical Center in Texas are Outdated, Watchdog Finds
An audit conducted by the VA’s Office of Inspector General found unaddressed security vulnerabilities and deficient devices at the Harlingen VA Health Care Center.
Cybersecurity
CISA, NSA Guidance Tries to Reduce Alternatives for Securing Industrial Control Systems
Policymakers in Congress and the administration are grappling with how to set a performance bar for companies' mitigation of cyber threats against critical infrastructure they own, while allowing flexibility the companies say is needed to run their operations.
Cybersecurity
DOD’s Digital Threats Are Increasingly Interconnecting, Watchdog Warns
GAO identified six areas that require more oversight, as Defense warfighting operations and national security increasingly hinge on data security.
Cybersecurity
Whole-of-Government Effort Targets Iranian Hackers
An unsealed indictment from the Department of Justice accompanied sanctions and an advisory with international allies warning against government-linked Iranian hackers.
Digital Government
US Trails China in Key Tech Areas, New Report Warns
Ex-Google, DOD leaders paint dire picture unless U.S. organizes to win technology races.
Cybersecurity
A Cyber Workforce Strategy is Coming From the White House, Along with an Implementation Body to Make Sure it Works
The Office of the National Cyber Director has a workforce plan in development that looks to address public sector and private sector gaps in the cybersecurity profession.
Cybersecurity
U.S. Sanctions Iran—Under New Treasury Rules—for Attack on Albania
The new rules elaborate on what kinds of cyber activities warrant sanctions designation.
Cybersecurity
How Simple Claims of Election Interference Can be Enough to Prompt Real-World Threats
Federal officials remain on guard against foreign meddling in U.S. elections, as CISA and other agencies work to strengthen partnerships and intelligence sharing efforts with state and local election administrators.
Cybersecurity
High-Tech Financial Crimes Warrant Coordinated Digital Identity Efforts, FinCEN Warns
Leaders at the Financial Crimes Enforcement Network noted that stronger authentication measures are critical and spurred by emerging technologies.
Modernization
DHS Report Offers Electromagnetic Pulse Protection Measures for Critical Infrastructure
The report uses approaches for safeguarding the National Public Warning System as a blueprint for defending other vital systems and services from electromagnetic pulses.
Cybersecurity
White House Attributes Attack on Albania’s Critical Infrastructure to Iran
A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.
Cybersecurity
Army Updates Cyber Training After Some Graduates Weren’t Ready for Their Jobs
New classes and updated curriculum reflect evolving threats and lessons from the Ukraine war.
Cybersecurity
Treasury Reissues Rules to Enforce Cyber Sanctions on Foreign Adversaries
The rules could apply to any new executive order related to the national security emergency President Obama declared in 2015, in advance of a cybersecurity agreement with China.
Cybersecurity
NTSB Only Federal Agency Lacking a CISA-Mandated Vulnerability Disclosure Policy
CISA’s 2020 directive required that federal agencies under its authority develop policies allowing researchers to report bugs and flaws in public-facing systems.
Cybersecurity
New Guide to Secure Software Development Passes on Content but Fails on Communication, Industry Official Says
The lengthy document may miss its target audience altogether, one industry observer notes.
Cybersecurity