Cybersecurity
CISA Leaning Toward Lower Threshold for Mandatory Cyber Incident Reporting
The agency has started to receive feedback from some key stakeholders for its rulemaking process on the issue.
Cybersecurity
NDAA Negotiations Will Determine Success of Several Cyber Solarium Goals
Influence from major industry threatens once again to thwart lawmakers’ attempts to realize their policymaking goals through the annual defense authorization bill.
Cybersecurity
CISA Director: Big Tech Shouldn’t Charge Extra for Event Logging
The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.
Cybersecurity
Agencies Shouldn’t 'Just Trust' Software Vendors' Security Assurances, IG Warns
NIST advisors debating the merits of OMB’s policy on software vendors’ “self-attestation” to secure development practices found common ground on a need for audits and testing.
Digital Government
Senators Applaud Intelligence Leader’s Commitment to Declassification Reform
The senators are trying to focus more resources on artificial intelligence and access-control technologies for agencies to appropriately categorize documents in the digital age.
Cybersecurity
CISA Seeks Feedback on Baseline Measures to Secure Cloud Configuration
Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next.
Digital Government
Justice Reveals Use of a Double Agent in Complaint Against Chinese Spies
The spies were charged with obstruction of justice during the prosecution of a Chinese telecommunications firm in one of three indictments the department uncovered related to China’s quest for technological superiority and global standing, officials said.
Cybersecurity
TSA Opens Registration for Public Meeting on Cybersecurity Regulations
The agency’s advisory committee typically meets behind closed doors, but they are required to hold at least one public meeting per year.
Cybersecurity
CISA to Focus on Water, Education and Health Sectors Over the Next Year
The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.
Cybersecurity
NSA Advocates Active Defense, as Industry Lawyer Advises Against Incident Reports
Speakers at a new conference hosted by cybersecurity firm Mandiant highlighted the challenge the government faces in motivating companies to report attacks on critical infrastructure.
Cybersecurity
Labor Group Highlights Conflict of Interest Issues in Cyber Workforce Legislation
The federal workers union wrote to senators opposing an amendment to the NDAA that would establish a civilian reserve at CISA.
Cybersecurity
4 Critical Infrastructure Sectors to Get New Cyber Rules, Per White House Official
The deputy national security advisor for cyber and emerging tech said it should be up to sector-specific agencies to decide who should implement appropriate cybersecurity defenses.
Cybersecurity
White House's Internet of Things Security Initiative Gets an Official Meeting Date
The meeting was announced as the administration prepared to release its long awaited national security strategy.
Cybersecurity
Why CISA Won’t Release ‘Public’ Comments on Upcoming Performance Goals
CISA officials often stress their non-regulatory role, but Congress keeps trying to give the agency regulatory responsibilities.
Cybersecurity
CISA Announces DC Event for Public Input on Incident Reporting Regulations
The effort aims to give officials a greater understanding of cyber threats and the ability to defend U.S. critical infrastructure against cascading impacts when attacks occur.
Cybersecurity
New Report Shows Significant Improvement in Consumer Cyber Hygiene
Senior administration officials and cybersecurity leaders marking Cybersecurity Awareness Month weighed in on a consumer survey examining how behaviors have changed over the last three years.
Cybersecurity
National Cybersecurity Review Begins for All Levels of Government
Answering the survey—based on the National Institute of Standards and Technology’s cybersecurity framework—is mandatory for certain grant recipients.
Cybersecurity
Senators’ Plan to Secure Open Source Software Involves Agencies Using More of It
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code.
Cybersecurity
Treasury Seeks Comment on How to Structure a Cyber Insurance Program
The Department’s Federal Insurance Office—together with the Cybersecurity and Infrastructure Security Agency—is soliciting feedback in preparation for a report to Congress.
Cybersecurity