Cybersecurity
Congress approves 2025 NDAA with important cyber provisions
Left out was language that would have helped clarify the scope and reach of a controversial surveillance power that was renewed in April.
CISA orders federal agencies to secure their cloud environments
Federal civilian agencies are compelled by the Binding Operational Directive to adopt specific cloud standards under SCuBA, a government blueprint that helps agencies assess cloud security security guidelines.
CISA issues updated draft of national cyber incident response plan
The NCIRP was first released in 2016. The updates include pathways for non-federal groups to get involved in responding to devastating cyberattacks.
Salt Typhoon attacks prompt talk of hacking back against China
In classified settings, lawmakers have often asked national security officials why American cyber forces don’t go on the attack more often, one senator said.
Agencies look to automation software to usher in next phase of post-quantum security
The Cybersecurity and Infrastructure Security Agency is working with select agencies to implement post-quantum cryptography, and will turn to vendors to further secure federal data.
Senate bill would require FCC to issue binding cyber rules for telecom firms
The measure from Sen. Ron Wyden, D-Ore. comes in the wake of Chinese-backed hackers breaching a swath of major telecommunications providers.
FY2025 NDAA targets spyware threats to U.S. diplomats, military devices
The language comes as the State department has pressed foreign governments to collectively set standards to prevent spyware abuses.
Lawmakers targeted in encrypted messaging phishing scam
Officials have been urging Americans and federal staff to pivot to encrypted messaging services amid a recent Chinese breach into telecommunications networks.
FCC proposes updates to wiretap security standards following Chinese telecom hacks
Several lawmakers have called for the agency to reform wiretap standards governed by the Communications Assistance for Law Enforcement Act, or CALEA.
At least 8 US carriers hit in Chinese telecom hacks, senior official says
The hacks carried out by the Salt Typhoon group impacted a couple dozen countries and may have been ongoing for one to two years, the official said.
Senators call for investigation of DOD’s comms following Chinese telecom breach
“DOD’s failure to secure its unclassified voice, video and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” Sens. Eric Schmitt, R-Mo., and Ron Wyden, D-Ore., wrote to the Pentagon’s inspector general.
NIST issues updated cyber guides focused on assessments and communication
Two new volumes were released by the National Institute of Standards and Technology that aim to broaden the publication’s applicability to organizations outside federal agencies.
Featured eBooks
Chinese telecom espionage began with ‘much broader’ aims, officials say
The U.S. has been investigating the Salt Typhoon hackers since late spring and early summer this year, a senior FBI official said.
US proposes rule to prevent the sale of financial data to foreign adversaries
Data brokers would have to comply under terms set by the Fair Credit Reporting Act, in an effort that aims to stop exploitation of Americans’ data overseas.
Lawmakers want to enhance HHS cyber engagement with health care orgs
The bipartisan proposal, introduced by Sen. Bill Cassidy, R-La., came out of the efforts of a working group focused on protecting medical institutions from digital attacks.
Chinese hackers used a ‘range of sophisticated methods’ to breach US telecom providers, insider says
Salt Typhoon deployed various methods to break into telecommunications firms that went far beyond a singular run-of-the-mill credential-stealing attempt, according to a person familiar.
White House convened telecom leaders as details of Chinese espionage hack unfold
Many of the breached systems were not properly equipped with tools that recorded network activity, making it harder to quickly trace the origins of the hack, a person familiar said.
FCC leaders skirt call for wiretap security reform, hope to ‘go deeper’ on telecom breach briefings
Lawmakers have called on the agency to take up a rulemaking to rethink wiretapping laws amid the hacks that have ensnared several telecom companies, but top FCC officials have not signaled any forthcoming action yet.
New TSA cyber rules leave lawmakers, industry hopeful for happy medium regulations
The agency argues its Nov. 8 proposed rulemaking will dually address the transportation industry’s regulation concerns while ensuring they’re suitably protected from hackers. Others want to wait and see.
Hackers nabbed emails between congressional staff and Library of Congress
Affected staff were notified Friday afternoon, according to an internal email. Capitol Hill communications with the Congressional Research Service frequently involve confidential legislative drafts or policies still in the brainstorming stage.
