Cybersecurity
How the Log4j Vulnerability is Forcing Change in Federal Cybersecurity Policy
Officials say agencies have demonstrated more dedication than ever in addressing a bug with astronomical reach, but organizations are at the mercy of product vendors to issue the patches they need to implement.
Ideas
AI-Powered Automation Can Be Both a Part of the Problem and Part of the Solution
There are real security concerns that should be addressed ahead of further government adoption of a truly automated future.
Ideas
Modernizing Federal Cybersecurity Must Go Beyond Nation-State Defense
Insider risk can’t be overlooked.
Cybersecurity
What Is Log4J, How Bad It Is and What’s at Stake?
Log4Shell is the latest hacker exploit rocking the internet, and it’s arguably the worst yet. The vulnerability is in an obscure piece of software used on millions of computers.
Ideas
The Implications of Publicly Disclosing Cyberattacks
Officials must weigh the benefits and risks on a case-by-case basis.
Cybersecurity
Agencies Under New Deadlines to Address ‘log4j’ Flaws with Emergency Directive
The Cybersecurity and Infrastructure Security Agency order comes as a prominent firm says nation states are exploiting the vulnerabilities.
Digital Government
U.S., Australian Law Enforcement Enter Into Partnership Against Cybercrimes
The U.S. and Australian government partnered under the CLOUD Act, which facilitates electronic communication and data sharing between nations to investigate various crimes.
Cybersecurity
NSA, CISA, Add Original Equipment Manufacturers to Audience for 5G Security Guidance
The agencies got specific about who is responsible for what in a four-part series on securing the inherently cloud-based environments.
Ideas
Cream Cheese is the Just the Smooth Tip of a Sharp Problem
With ransomware hackers varying their targets to include operational technology used by U.S. factories and manufacturers, is an OT executive order needed to help combat them?
Cybersecurity
Federal Cybersecurity Advisor Floats Executive Order on Cloud Service Providers
The idea sprung from a sense of moral outrage Cybersecurity and Infrastructure Security Agency Director Jen Easterly identified with.
Ideas
Modernizing FISMA. Again.
The federal government needs to improve its information security to keep pace with the dynamic threats to federal networks and supply chains.
Cybersecurity
Agencies Must Fix Newly Cataloged Vulnerabilities by Christmas Eve
Officials stressed the importance of maintaining a bill of materials for software in flagging the “Log4j” vulnerability.
Cybersecurity
Increased Interconnectivity Demands Stronger Federal Data Protection Protocols, Officials Say
Officials in the public and private sectors warned of the need to enact a robust cybersecurity posture at the federal level ahead of growing ransomware and hacking threats.
Ideas
What Agencies Need to Do to Combat Shadow IT Driven by Cloud Sprawl
Cloud sprawl happens when development teams spin up new cloud resources, forget about them, then move on to the next urgent task.
Digital Government
GAO: Pentagon Needs Goals to Improve CMMC Framework
The watchdog made several recommendations in an audit of the Cybersecurity Maturity Model Certification effort.
Cybersecurity
NIST Outlines Request for Information Toward a New Cybersecurity Framework
The update will include a focus on supply chains for both hardware and software.
Cybersecurity
House Passes NDAA Without Cyber Incident Reporting Legislation
The bill still includes what the House Armed Services Committee referred to as the widest empowerment of CISA since SolarWinds.
Ideas
Data Exfiltration: Public Enemy No. 1 for the Public Sector
Taking a proactive approach is a critical step in improving the way the government combats threats.
Ideas
How a Cloud-Security Scaffolding Can Protect Your Multicloud Landscape
Different cloud environments have different security needs. Here’s how to create a cloud-security scaffolding to strengthen protections while reducing manual support.
Cybersecurity
NSA, CISA List Expectations for Industry on Data Governance in 5G Environments
The document is the third in a four-part series of guidance that categorizes security responsibilities according to their relevance for the cloud service providers, mobile operators and users of emergent fifth-generation networks.
Almost There!
Help us tailor content specifically for you: