Homeland Security

Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule

Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.

Iranian Hackers Compromised a Federal Agency’s Network, CISA and FBI Say

Actors linked with the Iranian government were able to exploit an unpatched Log4Shell vulnerability—which the Cybersecurity and Infrastructure Security Agency asked agencies to address by the end of 2021—in an unnamed agency’s network.

ICE Needs More Data to Monitor Foreign Students Taking US Research, Watchdog Says

The data is meant to assess the risk of foreign STEM students and scholars transferring technology from American universities to foreign entities.

CISA Highlights Space, Bioeconomy as Possible New Critical Infrastructure Sectors

The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.

DHS Chief Appears to Back Status Quo Approach for Securing Critical Infrastructure

The Biden administration is looking to Congress for help with ‘filling gaps in statutory authorities’ for improving U.S. cybersecurity.

CISA Issues Vulnerability-Management Tools Dependent on Industry Action

Federal agencies are under a binding operational directive to address exploitable security vulnerabilities in their software, but the success of CISA’s effort relies on the cooperation of software vendors.

How Federal Agencies are Using Innovative Tech to Protect Critical Infrastructure Cybersecurity

Officials from CISA and DARPA spoke about their initiatives to support cybersecurity operations across critical infrastructure networks.

No ‘Specific or Credible’ Cyber Threats Affected Integrity of Midterms, CISA Says

Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.

Former CISA Head Calls for Renewed Action to Combat Election Lies

Inaugural CISA director Chris Krebs expressed concern about the spread of election misinformation as Twitter changes up its user verification process.

CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

CISA Leaning Toward Lower Threshold for Mandatory Cyber Incident Reporting

The agency has started to receive feedback from some key stakeholders for its rulemaking process on the issue.

Election Misinformation Targeting Diverse Communities Drives Calls for Collaboration

Nonprofit groups have stated that federal officials need to do more to directly engage with their efforts on the ground. 

CISA Director: Big Tech Shouldn’t Charge Extra for Event Logging

The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.

CISA Sets Voluntary Cyber Performance Targets for Critical Infrastructure

A new set of documents and resources from the agency is designed to help critical infrastructure operators manage the basics of cybersecurity.

CISA Seeks Feedback on Baseline Measures to Secure Cloud Configuration

Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next. 

TSA Opens Registration for Public Meeting on Cybersecurity Regulations

The agency’s advisory committee typically meets behind closed doors, but they are required to hold at least one public meeting per year.