Cybersecurity
CISA: No Federal Agencies Compromised Through Microsoft Exchange Servers
Investigations remain ongoing, Cybersecurity and Infrastructure Security Agency leaders said at a hearing on modernizing the federal government’s approach to cybersecurity.
Cybersecurity
White House Is Developing a Plan to Secure Industrial Control Systems
An upcoming executive order in response to the hacking campaign that involved SolarWinds will include standards to improve software transparency.
Cybersecurity
NIST Planning Workshop to Comply with Law on Federal IoT Procurement
Comments on draft documents required under the IoT Cybersecurity Improvement Act raise concerns of both fragmentation and a lack of flexibility.
Cybersecurity
CISA Orders Immediate Action on Vulnerabilities in Microsoft Exchange Servers
All agencies must report their status to CISA by noon on March 5.
Cybersecurity
CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise
"Identity is everything now," a technical strategist told NIST advisers in a briefing on the hacking campaign.
Policy
Lawmaker to Reintroduce Net Neutrality Legislation Within Weeks
Supporters say giving the Federal Communications Commission greater authority over internet service providers is more important in the wake of the pandemic.
Cybersecurity
NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks
Operating under the default position that an organization has been compromised is a pain that’s worth it, the agency said.
Cybersecurity
Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement
A key lawmaker highlighted a profit motive for “basic” cybersecurity as problematic following an exchange with Microsoft President Brad Smith.
Cybersecurity
The Hack Roundup: State Department Cyber Office Clears Committee Amid Push for International Norms
Here are the news and updates you might have missed.
Cybersecurity
Report: Mobile Phishing to Steal Government Credentials Increased 67% in 2020
State and local governments are more exposed than federal agencies in the new teleworking age, but threats have increased across the board.
Cybersecurity
Hacking Campaign Fuels Calls for Information Sharing Mandate
Senators weigh potential protections from liability for incident reports amid concerns about cyber hygiene.
Cybersecurity
CISA, DHS Bolster State and Local Cybersecurity Programs
CISA added another vendor to an intrusion detection plan and DHS increased the required cybersecurity spend for certain FEMA grants.
Cybersecurity
SolarWinds CEO Recommends Liability Protections for Sharing Information about Incidents
The new CEO had a couple of other asks for Congress too.
Cybersecurity
CISA Chief Says the Agency’s Global Initiative Is to Support the State Department
International cybersecurity work of both the State and Homeland Security departments will rely on support from Congress.
Cybersecurity
FCC Approves Proposal to Increase Eligibility Under Supply Chain Order
The agency’s acting chief has reached out to interagency partners and wants to create a team dedicated to network security issues.
Cybersecurity
White House Plans Executive Action in Response to Hack Involving SolarWinds
The official leading the effort said changes are necessary to allow information sharing within the federal government.
Cybersecurity
NIST Issues ‘Foundational Profile’ for Secure GPS Use
An executive order instructed the Commerce Department to produce profiles—plural—that sector-specific agencies could use to develop contractual language on the issue.
Cybersecurity
CISA, FBI Share Recommendations After Water Treatment Hack
The agencies say updating to the latest operating system is important, even if it wasn’t a factor in this particular incident.
Cybersecurity
The Hack Roundup: White House Says Neuberger Leading Federal Response
Here are the news and updates you may have missed.
Cybersecurity