Cybersecurity
Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule
Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.
Cybersecurity
Iranian Hackers Compromised a Federal Agency’s Network, CISA and FBI Say
Actors linked with the Iranian government were able to exploit an unpatched Log4Shell vulnerability—which the Cybersecurity and Infrastructure Security Agency asked agencies to address by the end of 2021—in an unnamed agency’s network.
Cybersecurity
DOD Must Enhance Cyber Incident Reporting and Sharing, Watchdog Says
The Government Accountability Office found that the Pentagon “lacks an accountable organization and consistent guidance” for documenting and sharing details about reported cyber incidents.
Cybersecurity
China’s Cyber Capabilities ‘Pose a Serious Threat’ to US, Advisory Panel Warns
The panel’s report also called for the Biden administration to consider revoking China’s status as a favored trading partner if a congressional review finds that Beijing is not complying with its commitments.
Cybersecurity
NIST Official Warns Against Device-only Approach to Securing IoT
Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.
Cybersecurity
No ‘Specific or Credible’ Cyber Threats Affected Integrity of Midterms, CISA Says
Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.
Cybersecurity
CISA Leaning Toward Lower Threshold for Mandatory Cyber Incident Reporting
The agency has started to receive feedback from some key stakeholders for its rulemaking process on the issue.
Cybersecurity
Experts Weigh in on Strengths and Vulnerabilities of Election Cybersecurity
Both voting systems and the voters themselves could be targets of malign influence.
Cybersecurity
Russia Linked to Nearly 75% of Late 2021 Ransomware Attacks, Per Analysis
The analyzed ransomware variants—from July to December 2021—amounted to millions of dollars in damages.
Cybersecurity
Public Entities in Nearly Every State Use Federally-Banned Foreign Tech, Report Says
A new report from Georgetown University’s Center for Security and Emerging Technology found that at least 1,681 state and local governments purchased equipment from five Chinese companies that were banned by the federal government between 2015 and 2021.
Cybersecurity
Lessons from China’s Cyberattack Strategy Can Help CISOs Better Manage Threats, Report Says
A new report from Booz Allen Hamilton analyzed more than a dozen Chinese-sponsored cyberattacks over the past decade.
Cybersecurity
GAO: Communication Breakdowns Hurt Otherwise Positive View of Federal Ransomware Support
State, local, tribal and territorial governments have “generally positive views” of agencies’ ransomware assistance, but cited “inconsistent communication” from the FBI as a challenge.
Cybersecurity
Senators’ Plan to Secure Open Source Software Involves Agencies Using More of It
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code.
Cybersecurity
Senate Legislation to Secure Open Source Software Relies on Transparency Initiative
Success would depend to a significant degree on whether agencies require vendors of information and communications technology to provide a software bill of materials with their products and services.
Cybersecurity
Over Half of Operating Systems at VA Medical Center in Texas are Outdated, Watchdog Finds
An audit conducted by the VA’s Office of Inspector General found unaddressed security vulnerabilities and deficient devices at the Harlingen VA Health Care Center.
Cybersecurity
CISA, NSA Guidance Tries to Reduce Alternatives for Securing Industrial Control Systems
Policymakers in Congress and the administration are grappling with how to set a performance bar for companies' mitigation of cyber threats against critical infrastructure they own, while allowing flexibility the companies say is needed to run their operations.
Cybersecurity
DOD’s Digital Threats Are Increasingly Interconnecting, Watchdog Warns
GAO identified six areas that require more oversight, as Defense warfighting operations and national security increasingly hinge on data security.
Cybersecurity
Whole-of-Government Effort Targets Iranian Hackers
An unsealed indictment from the Department of Justice accompanied sanctions and an advisory with international allies warning against government-linked Iranian hackers.
Digital Government
US Trails China in Key Tech Areas, New Report Warns
Ex-Google, DOD leaders paint dire picture unless U.S. organizes to win technology races.
Cybersecurity
A Cyber Workforce Strategy is Coming From the White House, Along with an Implementation Body to Make Sure it Works
The Office of the National Cyber Director has a workforce plan in development that looks to address public sector and private sector gaps in the cybersecurity profession.
Almost There!
Help us tailor content specifically for you: