Cybersecurity
Senators Cite Colonial Pipeline Hack in Calling for Cyber Response and Recovery Fund
A hearing on federal agencies’ response to the SolarWinds hack drew attention to communication issues, both with the private sector and within the government.
Cybersecurity
Energy Department Leading White House Interagency Response to Pipeline Attack
The hack highlights jurisdictional issues on pipeline cybersecurity.
Cybersecurity
US, UK Agencies Warn Russian Hackers Are Adapting Based on Government Advisories
The adversary is changing its tools to avoid detection while attacking the vulnerabilities governments issue warnings about.
Cybersecurity
Biden Administration Likely Retaining Trump Doctrine on Cybersecurity in Space
Vice President Kamala Harris is prioritizing cybersecurity as chair of the National Space Council, an official said.
Cybersecurity
Cyberspace Solarium Commissioners Concerned Over Security of Nation’s Water Supply
Having succeeded in passing a number of their recommendations through the last National Defense Authorization Act, the commissioners plan to embrace an oversight role as they push for more new laws.
Cybersecurity
FedRAMP Board Extends Deadline For Cloud Providers to Pitch Line-Jumping Business Cases
Cloud service providers hoping to secure authorizations to operate at multiple agencies simultaneously got some more time to make a business case for their prioritization by the board.
Cybersecurity
NSA to Defense Sector: Think Twice Before Connecting Operational Technology to the Internet
The agency recognized benefits such as enabling remote work but notes the inherent risks and costs of putting industrial control system components online.
Cybersecurity
Homeland Security Secretary Backs Call for Mandatory Disclosure of Ransomware Payments
DHS Secretary Alejandro Mayorkas said the department will work with a task force developed by the private sector on ways to tamp down the increase in ransomware attacks.
Cybersecurity
White House Endorses Inclusion of Cybersecurity in Water Infrastructure Bill
A recent attempt by hackers to poison the water supply in a Florida town prompted calls for more resources.
Cybersecurity
How the Federal CISO Views Zero Trust
Federal Chief Information Security Officer Chris DeRusha and other federal officials also advocated moving away from siloed cybersecurity budgeting for agencies.
Cybersecurity
Existing Agency Threat Hunters Welcome CISA’s New Authorities
For the Department of Education, proactive threat hunting means not just taking down questionable URLs but buying them up.
Cybersecurity
CISA Issues Deadline for Federal Agencies to Address Pulse Secure Vulnerabilities
The vulnerabilities led to the compromise of government agencies early last summer and, together with a newly disclosed flaw, continue to be exploited.
Cybersecurity
DOD’s Cybersecurity Accreditation Partner Working to Address Conflict of Interest Issues
Multiple members of the Accreditation Body’s board of directors also serve as consultants in the cybersecurity space, which critics say gives them an unfair advantage to cash in on the program.
Cybersecurity
White House Stands Down Coordination Effort on SolarWinds, Microsoft Exchange Hacks
The leading cybersecurity official on the National Security Council shared lessons learned as agencies reach patching goals.
Cybersecurity
Survey: Large Contractors More Concerned Than Small Contractors About DOD’s Cybersecurity Certification Program
A new survey puts numbers on conflicting narratives about the small businesses perspective and issues of competition in the new Cybersecurity Maturity Model Certification regime.
Cybersecurity
The Hack Roundup: White House Sanctions Russia over SolarWinds
Agencies involved in response also issued advisories on the hackers' tactics while Microsoft offered federal customers free trials of an auditing tool.
Cybersecurity
Pentagon Not Compromised by SolarWinds, Microsoft Exchange Hacks, Official Says
The official urged continued patching of on-premises Microsoft Exchange servers.
Cybersecurity
Agencies Have Till Midnight April 15 to Apply New Microsoft Exchange Patches
Four of the 95 vulnerabilities Microsoft released as part of its monthly “patch Tuesday” were identified by the National Security Agency.
Cybersecurity
Former DHS Secretary Details SolarWinds Hackers’ Access to His Email
Chad Wolf said the information was all unclassified but the compromise was still disturbing.
Cybersecurity