Federal Chief Information Security Officer (CISO) Chris DeRusha explained today how the National Cybersecurity Strategy (NCS) and implementation plan released by the Office of the National Cyber Director (ONCD) earlier this year lines up nicely with the goals of improving Federal government cybersecurity, but also warned that the prevalence of legacy IT systems still being used by many Federal agencies continues to stand in the way of security improvements. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has led a handful of identity security initiatives over the past year, and, according to a CISA official, is closing in on finalized guidance on recommended cybersecurity configuration baselines for select cloud products – like Microsoft 365 and Google Workspace. […]

The Internal Revenue Service (IRS) failed to review nearly 75 percent of IT security weaknesses within a timely manner in recent years due to staffing shortfalls, among other reasons, the Treasury Inspector General for Tax Administration (TIGTA) found in a recent report. […]

The Federal Communications Commission (FCC) is seeking public comment on a proposal to create a voluntary cybersecurity labeling program that would provide consumers with clear information about the security of their smart devices. […]

The head of the Cybersecurity and Infrastructure Security Agency (CISA) said this week that the United States needs to take a page out of Ukraine’s cyber playbook and build more resiliency into its critical infrastructure now. […]

The Office of the National Cyber Director (ONCD) announced a request for information (RFI) today seeking public comment on open-source software security and memory safe programming languages. […]

The Biden-Harris administration is launching a two-year competition that will leverage AI to protect the United States’ most important software – such as code that helps run the internet and critical infrastructure – senior White House officials announced at the opening of the Black Hat USA Conference in Las Vegas today. […]

The National Institute of Standards and Technology (NIST) is asking for public feedback on the draft version of a major update to its voluntary Cybersecurity Framework, which has become something close to a de facto baseline standard for security efforts in government and the private sector since it was launched in 2014 as a guide for critical infrastructure sectors. […]

“Ensuring cybersecurity” remains at the top of the Internal Revenue Service’s (IRS) list of priorities issued annually by the Government Accountability Office (GAO) for the fifth year in a row. […]

Cybersecurity technology provider CrowdStrike said in a report issued today that its Falcon OverWatch managed threat hunting unit saw a 40 percent year-over-year jump in “observed interaction intrusion volumes” for the year ended June 30. […]

A new report from tech security provider BlackBerry finds a 40 percent in cyberattacks targeting government agencies and public services organizations during the three months ended in May 2023.   […]

The Cybersecurity and Infrastructure Security Agency (CISA) today debuted its cyber plan for the next three years, noting that the agency’s planning document builds on the White House’s National Cybersecurity Strategy released earlier this year. […]

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the FBI, and international cybersecurity agencies issued a joint cybersecurity advisory on August 3 warning organizations of common vulnerabilities and exposures (CVEs) that were frequently exploited by malicious actors in 2022. […]

After two weeks of combing through nearly 1,000 amendments, the Senate late on Thursday night finally passed its version of the behemoth fiscal year 2024 National Defense Authorization Act (NDAA) – and it’s packed with Federal tech and cybersecurity provisions. […]

A bipartisan bill to establish an Office of Policy Development and Cybersecurity at the National Telecommunications and Information Administration (NTIA) passed the House on a voice vote this week. […]

U.S. Immigration and Customs Enforcement (ICE) has failed to consistently implement effective controls to restrict access to its network and information technology (IT) systems, according to a Department of Homeland Security (DHS) inspector general (IG) report from last week. […]

In an effort to act on the initiatives assigned to it in the Biden-Harris administration’s National Cybersecurity Strategy Implementation Plan (NCSIP), the Department of Justice (DoJ) announced today that it is “supercharging” its cybercrime division by merging it with the National Cryptocurrency Enforcement Team (NCET). […]

The Office of the National Cyber Director (ONCD) released its request for information (RFI) on cybersecurity regulatory harmonization and regulatory reciprocity today, seeking input from stakeholders to understand existing challenges with regulatory overlap and inconsistency. […]

Microsoft cloud service customers will now have access to expanded cloud logging capabilities at no additional cost, thanks to a new collaborative partnership announced today between the tech company and the Cybersecurity and Infrastructure Security Agency (CISA). […]

The White House today announced the launch of a new “U.S. Cyber Trust Mark” program, which will label cyber-secure smart devices and help Americans more easily choose devices that are less vulnerable to cyberattacks. […]

Rep. August Pfluger, R-Texas, introduced legislation this week that would establish a Digital Economy and Cybersecurity Board of Advisers at the National Telecommunications and Information Administration (NTIA). The bill comes as lawmakers are working to reauthorize the NTIA – a Commerce Department component – for the first time since 1992. […]

The General Services Administration’s (GSA) Federal Acquisition Service (FAS) has failed to address prohibited telecom items offered on its Multiple Award Schedule (MAS) contracts, “putting customers at risk of unauthorized surveillance of foreign adversaries,” the agency’s watchdog said in a new report published on Monday. […]

Transportation Security Administration (TSA) Administrator David Pekoske published the third edition of the agency’s Administrator’s Intent document last week, which outlines the agency’s planned actions through 2025 to achieve the vision and key technology and cyber objectives from TSA’s eight-year strategy released in 2018. […]

The White House released the 2023 National Cybersecurity Strategy almost 20 years to the month that the George W. Bush administration released its National Strategy to Secure Cyberspace in 2003. MeriTalk sat down with Simon Szykman, senior vice president for client growth at Maximus and a contributor to the 2003 strategy, to discuss the similarities and differences between the strategies and assess the work that still needs to be done to strengthen our nation’s cybersecurity. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is looking to add a “select number” of critical infrastructure (CI) partnerships with industry to its CyberSentry program, CISA Associate Director for Threat Hunting Jermaine Roebuck wrote in a June 29 blog post. […]

Tech giant International Business Machines (IBM) has called on the government to establish a shared service center of excellence to develop protections against supply chain disruptions, according to a recent report it released in collaboration with experts from government, business, academia, and the nonprofit sectors. […]

Sharks are no longer the only threat to undersea cables. According to cybersecurity researchers, the Russia-Ukraine war, the United States’ rising tensions with China, and insatiable data demands are driving up the risks for communication cables within the oceans. […]

The Cybersecurity and Infrastructure Security Agency (CISA) plans to release a training program to help Federal agencies better understand and operationalize cyber supply chain risk management (C-SCRM), CISA’s C-SCRM Project Management Office Lead said today. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released the first series of final security guidance resources under its Secure Cloud Business Applications (SCuBA) project today. […]