Rep. Yvette Clarke, D-N.Y., chair of the House Homeland Security Committee’s Cybersecurity Subcommittee, said today she hopes Congress will provide further funding for IT modernization and cybersecurity improvements to build on the recent $1 billion infusion into the Technology Modernization Fund (TMF), and the extra $650 million provided to the Cybersecurity and Infrastructure Security Agency (CISA) in the American Rescue Plan Act. […]

Jen Easterly, President Biden’s nominee to become the next director of the Cybersecurity and Infrastructure Security Agency (CISA), delivered a sobering assessment of the rising threats faced by Federal and private sectors networks and pledged at her June 10 confirmation hearing to strengthen the agency’s capabilities to defend and secure networks. […]

Colonial Pipeline Company’s president and CEO announced the company is in the midst of an ongoing review of last month’s ransomware attack and relayed the timeline of events that led to the company paying a ransom and its communication with law enforcement in a Congressional hearing today. […]

Last fall, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced a binding operational directive (BOD) requiring the Federal government to develop and publish vulnerability disclosure policies (VDP). CISA announced today it has chosen vendors for its VDP platform. […]

Nothing looms larger in the policy gunsights of the Biden administration than cybersecurity – both in the Federal and private sectors – and how to improve it. […]

A senior official with the Cybersecurity and Infrastructure Security Agency (CISA) said today the Federal government’s process of modernizing its IT systems to achieve better cybersecurity may be a decades-long process. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are looking into last week’s spear-phishing campaign targeting the United States Agency for International Development (USAID), and have not found any “significant impact” to Federal agencies, according to a May 28 joint statement. […]

Sens. Gary Peters, D-Mich., and Rick Scott, R-Fla., reintroduced the K-12 Cybersecurity Act May 27 in an effort to strengthen the cybersecurity of school systems. This is the second time the two introduced the Act, having previously introduced similar legislation in 2019 in the last Congress. […]

President Biden’s FY2022 budget document released today proposes a 14 percent increase from the estimated cybersecurity funding level for last year, to a total of $9.8 billion in Federal civilian cybersecurity funding. […]

The United States Agency for International Development (USAID) was the victim of a May 25 spear-phishing campaign that carried all the hallmarks of a state-sponsored attack, Microsoft said yesterday. […]

In light of the recent Colonial Pipeline ransomware attack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) released a new directive requiring all critical pipeline owners and operators to report cyberattacks, DHS announced today. […]

In a Senate Appropriations Committee review of the Department of Homeland Security’s (DHS) fiscal year (FY) 2022 budget request today, DHS Secretary Alejandro Mayorkas emphasized the importance of building resilience among the nation’s cybersecurity and the cyber workforce. […]

A group of tech trade groups is telling Congress that the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) needs a larger budget next year to start putting in place long-term security improvements to meet the rising tide of sophisticated cyberattacks against government and industry. […]

Following the recent ransomware attack on Colonial Pipeline Company, Rep. Elissa Slotkin, D-Mich., proposed a bill last week that would require the Cybersecurity and Infrastructure Security Agency (CISA) to establish a National Cyber Exercise Program to test the United States’ cyber readiness. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced on May 13 the formation of a new Space Systems Critical Infrastructure Working Group, in an effort to minimize risks to space systems by bringing together space system critical infrastructure stakeholders. […]

Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales said today the government is concerned that the nation is witnessing the prelude to broader-based cyber attacks, and he called on Congress to take action on legislation that would require reporting of cyber incidents to the Federal government. […]

Expanding and investing in the Cybersecurity and Infrastructure Security Agency’s (CISA) Pipeline Cybersecurity Initiative could address cybersecurity risks and prevent future cyberattacks on United States pipeline infrastructure, such as the recent Colonial Pipeline hack, according to Rep. John Katko, R-N.Y. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is working on a “hardened” cloud environment that it can evaluate through pilots with Federal agencies, CISA Acting Director Brandon Wales told senators on May 11. […]

As Federal agencies and organizations are looking to make the move to zero trust security architectures, the Trusted Internet Connections (TIC) program should help guide that transformation, Sean Connelly, TIC program manager for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said May 12 at MeriTalk’s CDM Central: the Age of the Cyber Defender virtual conference. […]

Continuous Diagnostics and Mitigation (CDM) program manager Kevin Cox delivered an upbeat assessment of the program’s progress in helping Federal agencies fortify their networks against cyber attacks at MeriTalk’s CDM Central: the Age of the Cyber Defenders virtual conference on May 12. […]

Federal Chief Information Security Officer Chris DeRusha explained today that the foundational elements of the Continuous Diagnostics and Mitigation (CDM) program are fundamental to moving Federal government network security to zero trust concepts and that implementation of the program only becomes more important as cyber threats increase. […]

Federal agency chief information security officers (CISOs) told a Senate panel today that the security payoffs yielded by the Continuous Diagnostics and Mitigation (CDM) program are well worth the challenges that agencies have faced in implementing the program run by the Cybersecurity and Infrastructure Security Agency (CISA). […]

The United States and the United Kingdom have issued a joint cyber advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. […]

Numerous Federal agencies are springing into action in response to the ransomware attack on Colonial Pipeline Company, a major supplier of fuel to the northeastern U.S. that temporarily shut down pipeline operations after disclosing the attack on May 7. […]

The line between cybersecurity that keeps the Federal civilian government humming toward pandemic recovery – and the mayhem threatened by mounting waves of nation-state and criminal cyber assaults on government networks – in large measure passes through the Continuous Diagnostics and Mitigation (CDM) program run by the Cybersecurity and Infrastructure Security Agency (CISA). […]

The Cybersecurity and Infrastructure Security Agency (CISA) is keeping a close eye on the progress of the Defense Department’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program to improve the security of the defense industrial base (DIB) as CISA considers possible moves in the same direction on the civilian side of the Federal government. […]

Members of a key House cybersecurity subcommittee and a panel of expert witnesses agreed at a May 5 hearing on the pressing need to disrupt ransomware-driven cyber attacks, and aired a variety of strategies to more toward that goal. […]

Ransomware is being prioritized as the first of six “sprints” planned by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on a range of cyber threats due to the gravity of the problem, and because ransomware represents today’s threat, not tomorrow’s. […]

Deterrence of nation-state cyber adversaries comes in many flavors, but the operating model suggested this week by a House Armed Services Committee member lacks neither impact nor directness. […]

As Federal agencies look to modernize their cyber defenses and move to zero trust architecture, Trusted Internet Connection (TIC) 3.0 guidance will help push them along the path, with help from a zero trust use case that is in the pipeline, the TIC program manager said on April 29. […]