Cybersecurity
Secret Service’s Zero Trust Plan Must Account for OMB Guidance, Watchdog Says
The Secret Service’s plan for adopting a zero trust architecture model across the agency’s systems has not been updated since the Office of Management and Budget released new guidance in January.
Cybersecurity
CISA Issues Vulnerability-Management Tools Dependent on Industry Action
Federal agencies are under a binding operational directive to address exploitable security vulnerabilities in their software, but the success of CISA’s effort relies on the cooperation of software vendors.
Cybersecurity
NATO Allies Double Down on Cybersecurity in Warfighting Ops
U.S. and Italian officials convened the 2022 Cyber Defence Pledge Conference, focused on supporting Ukraine and investing in new technology for all member nations.
Cybersecurity
How Federal Agencies are Using Innovative Tech to Protect Critical Infrastructure Cybersecurity
Officials from CISA and DARPA spoke about their initiatives to support cybersecurity operations across critical infrastructure networks.
Cybersecurity
NIST Official Warns Against Device-only Approach to Securing IoT
Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.
Cybersecurity
CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers
New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.
Cybersecurity
FCC Proposes to Strengthen Cybersecurity of Emergency Alert Systems
The notice of proposed rulemaking would require emergency alert system participants to disclose cyber breaches within 72 hours of discovery.
Cybersecurity
NDAA Negotiations Will Determine Success of Several Cyber Solarium Goals
Influence from major industry threatens once again to thwart lawmakers’ attempts to realize their policymaking goals through the annual defense authorization bill.
Cybersecurity
CISA Director: Big Tech Shouldn’t Charge Extra for Event Logging
The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.
Cybersecurity
Agencies Shouldn’t 'Just Trust' Software Vendors' Security Assurances, IG Warns
NIST advisors debating the merits of OMB’s policy on software vendors’ “self-attestation” to secure development practices found common ground on a need for audits and testing.
Cybersecurity
CISA Seeks Feedback on Baseline Measures to Secure Cloud Configuration
Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next.
Cybersecurity
Global Cyber Workforce Needs 3.4 Million Professionals to Fill Gaps, Study Finds
The survey also found that government cyber workers reported the least confidence in their ability to mitigate security threats over the next couple years “based on their current staff and tools.”
Cybersecurity
Can Service Meshes Help Bring Legacy Government Applications into Zero Trust?
The Biden administration’s imperative to move to zero trust could prove challenging for agencies with still-functional legacy systems.
Cybersecurity
NSA Advocates Active Defense, as Industry Lawyer Advises Against Incident Reports
Speakers at a new conference hosted by cybersecurity firm Mandiant highlighted the challenge the government faces in motivating companies to report attacks on critical infrastructure.
Cybersecurity
Labor Group Highlights Conflict of Interest Issues in Cyber Workforce Legislation
The federal workers union wrote to senators opposing an amendment to the NDAA that would establish a civilian reserve at CISA.
Cybersecurity
Commercial Availability, Consequences Best Approach for Post-Quantum Transition
Ann Cox, the lead at the Department of Homeland Security’s research office, emphasized community engagement and technological needs for a successful quantum-resilient future.
Cybersecurity
4 Critical Infrastructure Sectors to Get New Cyber Rules, Per White House Official
The deputy national security advisor for cyber and emerging tech said it should be up to sector-specific agencies to decide who should implement appropriate cybersecurity defenses.
Cybersecurity
Lessons from China’s Cyberattack Strategy Can Help CISOs Better Manage Threats, Report Says
A new report from Booz Allen Hamilton analyzed more than a dozen Chinese-sponsored cyberattacks over the past decade.
Cybersecurity
White House's Internet of Things Security Initiative Gets an Official Meeting Date
The meeting was announced as the administration prepared to release its long awaited national security strategy.
Cybersecurity
Why CISA Won’t Release ‘Public’ Comments on Upcoming Performance Goals
CISA officials often stress their non-regulatory role, but Congress keeps trying to give the agency regulatory responsibilities.
Almost There!
Help us tailor content specifically for you: