Cybersecurity
Incident Reporting Legislation Moves Enforcement Power from CISA Director
The bipartisan measure introduced as an amendment to the National Defense Authorization Act makes other significant changes to legislation introduced in September.
Cybersecurity
DOD Suspends Cybersecurity Certification Program Pending Major Changes
The Pentagon outlined the changes ahead for its Cybersecurity Maturity Model Certification program with two new rulemaking processes.
Cybersecurity
U.S. Blacklists NSO Group and 3 Others for Selling Spyware, Hacking Tools
The Commerce Department says the companies—three from allied nations—acted against U.S. national security interests.
Cybersecurity
CISA Orders Agencies to Patch Hundreds of Vulnerabilities Under Attack
Remediation of more than a third of the bugs the agency identified is due within two weeks.
Cybersecurity
TSA Considers Rulemaking Process for Cybersecurity in Transportation Sector
The announcement from a White House official follows pressure from industry and GOP lawmakers questioning the administration’s use of security directives to improve the sector’s cybersecurity.
Cybersecurity
Bill to Codify FedRAMP Set for Vote in Senate Committee
If passed, agencies would have to explain their reasons for rejecting previously authorized cloud products or services.
Artificial Intelligence
Presidential Advisers Recommend Agencies Invest in Automating Software Assurance
The National Security Telecommunications Advisory Committee is about to meet with senior cybersecurity officials from the White House on the issue.
Cybersecurity
NSA, CISA Weigh in on Shared Responsibility for Cloud Security in the 5G Era
Fifth-generation networking is expected to multiply opportunities for hackers using tactics already observed in attacks like the one against IT management firm SolarWinds.
Cybersecurity
National Cyber Director Explains Appointment of Federal CISO to His Office
The move comes amid confusion about the roles and responsibilities of various federal cybersecurity leaders.
Cybersecurity
Cybersecurity Is One of Five Pillars in State’s Modernization Initiative
In addition to creating two new positions to handle international cyber and emerging tech issues, Secretary of State Antony Blinken is calling for a 50% increase in the department’s IT budget.
Digital Government
White House Names Leaders for FCC and NTIA
With the nomination of Gigi Sohn, the FCC is also now poised to have a full suite of commissioners to tackle issues under its remit, including cybersecurity.
Podcasts
Critical Update: The Federal CISO Is Prioritizing Flexibility for Agencies
In a new age of cyberattacks, Chris DeRusha says agencies must have more room to implement practices that enable constant vigilance.
Cybersecurity
Microsoft: SolarWinds Hackers Ramping Up Attacks Through Resellers
The company said supply chain attacks by Russian government hackers over the last four months exceed those they’ve been tracking by all nation-state actors over the last three years.
Cybersecurity
Justice Official Dangles Liability Protections to Encourage Private-Sector Breach Reports
Deputy Attorney General Lisa Monaco also promised to compensate whistleblowers who reveal federal contractors misrepresenting their cybersecurity posture.
Cybersecurity
National Cyber Director: Liability Should Be Part of the Equation for Public-Private Collaboration
Cyber leaders’ plan to emphasize collective defense over offense hinges on industry’s willingness to share information with government in real time.
Cybersecurity
Feds Urge Action Against BlackMatter Ransomware Based on Third-Party Tip
A joint advisory officially associates the notorious ransomware-as-a-service group with the Colonial Pipeline attack.
Cybersecurity
CISA Seeking Answers for Implementation of Endpoint Detection and Response Tools
The agency has an idea of what it wants from the capability but is soliciting industry input on key aspects of an enduring investment plan.
Cybersecurity
Treasury Analysis Identifies Cryptocurrency Exchanges Associated With Ransomware
The department is tracking a huge increase in ransomware disclosures but data suggests the events are still grossly underreported.
Cybersecurity
Health Agency CISO Looks to Increase Security in Software Transparency Requirements
Robert Wood aims to improve security while fostering faster mission execution from a DevSecOps “BatCAVE” at the Centers for Medicare and Medicaid Services.
Cybersecurity