Cybersecurity

The Federal Government is Moving on Memory Safety for Cybersecurity

The issue of how coding languages might support software developers’ management of memory has recently gotten attention from the National Security Council, the Cybersecurity and Infrastructure Security Agency and Congress.

Cybersecurity

Cyber Director’s Preview of National Strategy Highlights Federal Software Procurement

The national cyber director also indicated plans to rely on feedback from members of the software industry who are working on recommendations for “streamlining” sector-specific regulations.

Modernization

GAO dings OMB on performance goals for agencies’ IT management

The federal CISO’s plan for getting agencies to focus on cybersecurity measures the administration considers most urgent did not go over so well in a shifting Congress.

Policy

GAO Dings OMB on Performance Goals for Agencies’ IT Management

The federal CISO’s plan for getting agencies to focus on cybersecurity measures the administration considers most urgent did not go over so well in a shifting Congress.

Cybersecurity

CMS Subcontractor Breach Potentially Exposes Sensitive Data of 254,000 Customers

The Centers for Medicare and Medicaid said the breach involved a subcontractor that appears to have violated its obligations to the agency.

Cybersecurity

GAO Highlights Interoperability Challenges With Zero Trust

A cybersecurity specialist from the watchdog is ready to dive into related policy implications, but says work on agencies’ implementation is the more immediate concern.

Emerging Tech

NTIA Wants to Know How Best to Spend $1.5B in Grants for Secure, Open 5G 

The money will be available to suppliers of information and communications technology in an effort to move away from Chinese companies like Huawei and ZTE.

Cybersecurity

Preparations for Quantum Cyber Threat Get a Senate Boost

The bill would require an annual report to Congress from the Office of Management and Budget with the goal of identifying funding needed for agencies’ transition to post-quantum cryptography.

Cybersecurity

FERC Chairman Wants to Update Cybersecurity Requirements

Discussion of potential changes centered on a need for software transparency and independent supply-chain assessments.

Policy

Key Cyber and Tech Provisions Included—and Excluded—from the Final NDAA

This year, provisions that were ultimately left out of the massive annual Defense authorization bill—despite in some cases bipartisan agreement across both Congressional chambers—got the most attention.

Cybersecurity

TSA Considers Using Third-Party Assessors in Coming Pipeline Regulations

The agency is exercising its authority to regulate pipelines and railways after issuing a series of short-term emergency security directives.

Cybersecurity

Agencies Push Deadline to Comment on Would-Be Federal Cyber Insurance Program

Insurance companies are pushing for taxpayer assistance to provide coverage in the event of catastrophic incidents.

Cybersecurity

Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule

Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.

Cybersecurity

CISA Highlights Space, Bioeconomy as Possible New Critical Infrastructure Sectors

The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.

Cybersecurity

DHS Chief Appears to Back Status Quo Approach for Securing Critical Infrastructure

The Biden administration is looking to Congress for help with ‘filling gaps in statutory authorities’ for improving U.S. cybersecurity.

Cybersecurity

CISA Issues Vulnerability-Management Tools Dependent on Industry Action

Federal agencies are under a binding operational directive to address exploitable security vulnerabilities in their software, but the success of CISA’s effort relies on the cooperation of software vendors.

Cybersecurity

NIST Official Warns Against Device-only Approach to Securing IoT

Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.

Digital Government

What a Divided Government Could Mean for Tech Policy

Here’s what a split Congress might mean for tech, cybersecurity and governance.

Cybersecurity

CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.