Cybersecurity
TSA Considers Using Third-Party Assessors in Coming Pipeline Regulations
The agency is exercising its authority to regulate pipelines and railways after issuing a series of short-term emergency security directives.
Podcasts
Critical Update: Safeguarding Data From Outside Intrusion
The VA is in the process of implementing a zero-trust cybersecurity model to better secure veterans’ sensitive personal data.
Cybersecurity
CISA Seeks Information for Potential Cyber Threat Intelligence Platform
The request will help the agency develop the platform to address current challenges related to cyber threat intelligence.
Cybersecurity
Offshore Drilling Operations Vulnerable to Cyberattacks, Watchdog Warns
The Government Accountability Office made a new case for improving the cybersecurity safeguards within offshore drilling and natural gas facilities.
Cybersecurity
Agencies Push Deadline to Comment on Would-Be Federal Cyber Insurance Program
Insurance companies are pushing for taxpayer assistance to provide coverage in the event of catastrophic incidents.
Cybersecurity
Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule
Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.
Cybersecurity
Iranian Hackers Compromised a Federal Agency’s Network, CISA and FBI Say
Actors linked with the Iranian government were able to exploit an unpatched Log4Shell vulnerability—which the Cybersecurity and Infrastructure Security Agency asked agencies to address by the end of 2021—in an unnamed agency’s network.
Cybersecurity
DOD Must Enhance Cyber Incident Reporting and Sharing, Watchdog Says
The Government Accountability Office found that the Pentagon “lacks an accountable organization and consistent guidance” for documenting and sharing details about reported cyber incidents.
Cybersecurity
China’s Cyber Capabilities ‘Pose a Serious Threat’ to US, Advisory Panel Warns
The panel’s report also called for the Biden administration to consider revoking China’s status as a favored trading partner if a congressional review finds that Beijing is not complying with its commitments.
Cybersecurity
NIST Official Warns Against Device-only Approach to Securing IoT
Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.
Cybersecurity
No ‘Specific or Credible’ Cyber Threats Affected Integrity of Midterms, CISA Says
Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.
Cybersecurity
CISA Leaning Toward Lower Threshold for Mandatory Cyber Incident Reporting
The agency has started to receive feedback from some key stakeholders for its rulemaking process on the issue.
Cybersecurity
Experts Weigh in on Strengths and Vulnerabilities of Election Cybersecurity
Both voting systems and the voters themselves could be targets of malign influence.
Cybersecurity
Russia Linked to Nearly 75% of Late 2021 Ransomware Attacks, Per Analysis
The analyzed ransomware variants—from July to December 2021—amounted to millions of dollars in damages.
Cybersecurity
Public Entities in Nearly Every State Use Federally-Banned Foreign Tech, Report Says
A new report from Georgetown University’s Center for Security and Emerging Technology found that at least 1,681 state and local governments purchased equipment from five Chinese companies that were banned by the federal government between 2015 and 2021.
Cybersecurity
Lessons from China’s Cyberattack Strategy Can Help CISOs Better Manage Threats, Report Says
A new report from Booz Allen Hamilton analyzed more than a dozen Chinese-sponsored cyberattacks over the past decade.
Cybersecurity
GAO: Communication Breakdowns Hurt Otherwise Positive View of Federal Ransomware Support
State, local, tribal and territorial governments have “generally positive views” of agencies’ ransomware assistance, but cited “inconsistent communication” from the FBI as a challenge.
Cybersecurity
Senators’ Plan to Secure Open Source Software Involves Agencies Using More of It
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code.
Cybersecurity
Senate Legislation to Secure Open Source Software Relies on Transparency Initiative
Success would depend to a significant degree on whether agencies require vendors of information and communications technology to provide a software bill of materials with their products and services.
Cybersecurity
Over Half of Operating Systems at VA Medical Center in Texas are Outdated, Watchdog Finds
An audit conducted by the VA’s Office of Inspector General found unaddressed security vulnerabilities and deficient devices at the Harlingen VA Health Care Center.
Almost There!
Help us tailor content specifically for you: