A senior official with the Cybersecurity and Infrastructure Security Agency (CISA) said today the Federal government’s process of modernizing its IT systems to achieve better cybersecurity may be a decades-long process. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are looking into last week’s spear-phishing campaign targeting the United States Agency for International Development (USAID), and have not found any “significant impact” to Federal agencies, according to a May 28 joint statement. […]

Sens. Gary Peters, D-Mich., and Rick Scott, R-Fla., reintroduced the K-12 Cybersecurity Act May 27 in an effort to strengthen the cybersecurity of school systems. This is the second time the two introduced the Act, having previously introduced similar legislation in 2019 in the last Congress. […]

President Biden’s FY2022 budget document released today proposes a 14 percent increase from the estimated cybersecurity funding level for last year, to a total of $9.8 billion in Federal civilian cybersecurity funding. […]

The United States Agency for International Development (USAID) was the victim of a May 25 spear-phishing campaign that carried all the hallmarks of a state-sponsored attack, Microsoft said yesterday. […]

In light of the recent Colonial Pipeline ransomware attack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) released a new directive requiring all critical pipeline owners and operators to report cyberattacks, DHS announced today. […]

In a Senate Appropriations Committee review of the Department of Homeland Security’s (DHS) fiscal year (FY) 2022 budget request today, DHS Secretary Alejandro Mayorkas emphasized the importance of building resilience among the nation’s cybersecurity and the cyber workforce. […]

A group of tech trade groups is telling Congress that the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) needs a larger budget next year to start putting in place long-term security improvements to meet the rising tide of sophisticated cyberattacks against government and industry. […]

Following the recent ransomware attack on Colonial Pipeline Company, Rep. Elissa Slotkin, D-Mich., proposed a bill last week that would require the Cybersecurity and Infrastructure Security Agency (CISA) to establish a National Cyber Exercise Program to test the United States’ cyber readiness. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced on May 13 the formation of a new Space Systems Critical Infrastructure Working Group, in an effort to minimize risks to space systems by bringing together space system critical infrastructure stakeholders. […]

Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales said today the government is concerned that the nation is witnessing the prelude to broader-based cyber attacks, and he called on Congress to take action on legislation that would require reporting of cyber incidents to the Federal government. […]

Expanding and investing in the Cybersecurity and Infrastructure Security Agency’s (CISA) Pipeline Cybersecurity Initiative could address cybersecurity risks and prevent future cyberattacks on United States pipeline infrastructure, such as the recent Colonial Pipeline hack, according to Rep. John Katko, R-N.Y. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is working on a “hardened” cloud environment that it can evaluate through pilots with Federal agencies, CISA Acting Director Brandon Wales told senators on May 11. […]

As Federal agencies and organizations are looking to make the move to zero trust security architectures, the Trusted Internet Connections (TIC) program should help guide that transformation, Sean Connelly, TIC program manager for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said May 12 at MeriTalk’s CDM Central: the Age of the Cyber Defender virtual conference. […]

Continuous Diagnostics and Mitigation (CDM) program manager Kevin Cox delivered an upbeat assessment of the program’s progress in helping Federal agencies fortify their networks against cyber attacks at MeriTalk’s CDM Central: the Age of the Cyber Defenders virtual conference on May 12. […]

Federal Chief Information Security Officer Chris DeRusha explained today that the foundational elements of the Continuous Diagnostics and Mitigation (CDM) program are fundamental to moving Federal government network security to zero trust concepts and that implementation of the program only becomes more important as cyber threats increase. […]

Federal agency chief information security officers (CISOs) told a Senate panel today that the security payoffs yielded by the Continuous Diagnostics and Mitigation (CDM) program are well worth the challenges that agencies have faced in implementing the program run by the Cybersecurity and Infrastructure Security Agency (CISA). […]

The United States and the United Kingdom have issued a joint cyber advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. […]

Numerous Federal agencies are springing into action in response to the ransomware attack on Colonial Pipeline Company, a major supplier of fuel to the northeastern U.S. that temporarily shut down pipeline operations after disclosing the attack on May 7. […]

The line between cybersecurity that keeps the Federal civilian government humming toward pandemic recovery – and the mayhem threatened by mounting waves of nation-state and criminal cyber assaults on government networks – in large measure passes through the Continuous Diagnostics and Mitigation (CDM) program run by the Cybersecurity and Infrastructure Security Agency (CISA). […]

The Cybersecurity and Infrastructure Security Agency (CISA) is keeping a close eye on the progress of the Defense Department’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program to improve the security of the defense industrial base (DIB) as CISA considers possible moves in the same direction on the civilian side of the Federal government. […]

Members of a key House cybersecurity subcommittee and a panel of expert witnesses agreed at a May 5 hearing on the pressing need to disrupt ransomware-driven cyber attacks, and aired a variety of strategies to more toward that goal. […]

Ransomware is being prioritized as the first of six “sprints” planned by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on a range of cyber threats due to the gravity of the problem, and because ransomware represents today’s threat, not tomorrow’s. […]

Deterrence of nation-state cyber adversaries comes in many flavors, but the operating model suggested this week by a House Armed Services Committee member lacks neither impact nor directness. […]

As Federal agencies look to modernize their cyber defenses and move to zero trust architecture, Trusted Internet Connection (TIC) 3.0 guidance will help push them along the path, with help from a zero trust use case that is in the pipeline, the TIC program manager said on April 29. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released a new graphic novel on National Superhero Day, but its superhero might not possess your typical superpowers. The fictional story Bug Bytes intends to educate the public on the dangers of dis- and misinformation campaigns, with cybersecurity and journalism skills saving the day. […]

Members of the Cyberspace Solarium Commission are asking the chair and ranking member of the House Appropriations Committee to increase funding for the Cybersecurity and Infrastructure Security Agency (CISA) by at least $400 million, with some of that funding intended to make sure that CISA’s Continuous Diagnostics and Mitigation (CDM) program can quickly deploy security tools. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced that .gov top-level domains will be available at no cost for qualifying organizations beginning immediately – a move that should help on the cybersecurity front especially for smaller governmental entities.   […]

In light of recent supply chain intrusions, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) and National Institute for Standards and Technology (NIST) have released new guidance on defending supply chain software, using the NIST framework to identify and mitigate risks. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) has been busy assessing and identifying security risks for 5G wireless services, which present newfound risks unique to the technology, an NRMC official said April 22. […]