Emerging Tech

GAO: Agencies Need to Conduct Cyber Risk Assessments of IoT, OT Devices in Critical Infrastructure Sectors

A Government Accountability Office report found that the agencies responsible for managing infrastructure in the healthcare and public health, energy and transportation sectors need to better assess their cyber risk mitigation strategies.

Digital Government

TSA Wants to Automate ID Verification at Checkpoint Security

The agency is testing using facial recognition to verify passengers’ information with the information on record.


CISA Seeks Information for Potential Cyber Threat Intelligence Platform

The request will help the agency develop the platform to address current challenges related to cyber threat intelligence.


Latest Guidance Outlines Customer Responsibilities for Software Security

The guide provides recommendations throughout the product lifecycle, from procurement to deployment.


Agencies Push Deadline to Comment on Would-Be Federal Cyber Insurance Program

Insurance companies are pushing for taxpayer assistance to provide coverage in the event of catastrophic incidents.


Secret Service’s Zero Trust Plan Must Account for OMB Guidance, Watchdog Says

The Secret Service’s plan for adopting a zero trust architecture model across the agency’s systems has not been updated since the Office of Management and Budget released new guidance in January.


Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule

Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.


Iranian Hackers Compromised a Federal Agency’s Network, CISA and FBI Say

Actors linked with the Iranian government were able to exploit an unpatched Log4Shell vulnerability—which the Cybersecurity and Infrastructure Security Agency asked agencies to address by the end of 2021—in an unnamed agency’s network.

Digital Government

ICE Needs More Data to Monitor Foreign Students Taking US Research, Watchdog Says

The data is meant to assess the risk of foreign STEM students and scholars transferring technology from American universities to foreign entities.


CISA Highlights Space, Bioeconomy as Possible New Critical Infrastructure Sectors

The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.


DHS Chief Appears to Back Status Quo Approach for Securing Critical Infrastructure

The Biden administration is looking to Congress for help with ‘filling gaps in statutory authorities’ for improving U.S. cybersecurity.


CISA Issues Vulnerability-Management Tools Dependent on Industry Action

Federal agencies are under a binding operational directive to address exploitable security vulnerabilities in their software, but the success of CISA’s effort relies on the cooperation of software vendors.


How Federal Agencies are Using Innovative Tech to Protect Critical Infrastructure Cybersecurity

Officials from CISA and DARPA spoke about their initiatives to support cybersecurity operations across critical infrastructure networks.


No ‘Specific or Credible’ Cyber Threats Affected Integrity of Midterms, CISA Says

Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.


Former CISA Head Calls for Renewed Action to Combat Election Lies

Inaugural CISA director Chris Krebs expressed concern about the spread of election misinformation as Twitter changes up its user verification process.


CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.


CISA Leaning Toward Lower Threshold for Mandatory Cyber Incident Reporting

The agency has started to receive feedback from some key stakeholders for its rulemaking process on the issue.


Election Misinformation Targeting Diverse Communities Drives Calls for Collaboration

Nonprofit groups have stated that federal officials need to do more to directly engage with their efforts on the ground. 


CISA Director: Big Tech Shouldn’t Charge Extra for Event Logging

The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.