A bipartisan pair of lawmakers have sent a letter warning Defense Secretary Lloyd Austin and Treasury Secretary Janet Yellen of what they call the “problematic relationship” that China-based Quectel Wireless has with being a “civil-military fusion arm” of the Chinese government. […]

The Department of Energy’s (DoE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has announced up to $70 million in funding to support research into technologies designed to increase resilience and reduce risks to energy delivery infrastructure from a variety of hazards, including cyber threats.  […]

Kemba Walden, Principal Deputy National Cyber Director, Office of the National Cyber Director

The White House’s former National Cyber Director (NCD) Kemba Walden has been tapped to lead Paladin Capital Group’s new Global Institute, the investment firm announced today.   […]

deep fakes, AI

With the prevalence of AI technology becoming ubiquitous in daily life, the National Institute of Standards and Technology (NIST) recently released a new paper warning of hackers looking to potentially manipulate or “poison” AI data sets for malicious purposes. […]

Department of Transportation

The Department of Transportation (DoT) has released its annual financial report for fiscal year (FY) 2023 in which the agency shares its cybersecurity successes from 2023 and plans to further improve its cybersecurity posture in 2024. […]

Pentagon Military Defense DoD

The Defense Department (DoD) on Dec. 26 published its latest proposed overhaul of the agency’s Cybersecurity Maturity Model Certification (CMMC) 2.0 program that would set three levels of cybersecurity compliance for defense industrial base (DIB) contractors, and allow for contractors to perform security self-assessments at some of the lower requirement levels. […]

cybersecurity

A sampling of execs from some of the Federal government’s top IT and service vendors is showing consensus that artificial intelligence (AI) technologies will continue to be a major hot-button issue in government tech circles in 2024, with cybersecurity and workforce development also making strong showings in the new year.   […]

From implementing the National Cybersecurity Strategy to issuing broad-sweeping software security guidelines, boosting the nation’s cyber posture was top of mind for the Biden administration in 2023.  […]

The National Security Agency (NSA) published its 2023 Cybersecurity Year in Review this week to share its recent cybersecurity successes, including the agency’s work to enhance national security through artificial intelligence, strategic competition, and more. […]

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) issued a formal request for information (RFI) in the Federal Register today looking for feedback on its secure-by-design software practices. […]

supply chain risk management process automation

By Jeff Stewart, Vice President, Product, SolarWinds The exponential growth of digital government has led to unprecedented security breaches across the supply chain. To address these threats, in 2021 the Biden administration enacted Executive Order 14028 intensifying scrutiny over vendors’ software supply chain. Subsequently, in 2023 the National Cybersecurity Strategy was introduced, urging software vendors […]

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) said that it will begin a two-year strategic effort to modernize its approach to enterprise cyber threat information sharing in 2024 “to maximize value to our partners and keep pace with a changing threat environment.”  […]

Microsoft announced this week that the company has taken down websites and other online assets used by the Storm-1152 cybercrime group, which the company said is the “number one seller and creator of fraudulent Microsoft accounts.” […]

CISA

The Cybersecurity and Infrastructure Security Agency (CISA), as part of its Secure Cloud Business Applications (SCuBA) program, released a series of nine security configuration baselines for Google Workspace today, including applications like Gmail, Google Drive, and Google Meet.  […]

Health and Human Services HHS

The Department of Health and Human Services (HHS) has released a concept paper that outlines the department’s cybersecurity strategy for the healthcare sector, detailing four key actions it will take to advance cyber resiliency in the sector. […]

The U.S. Air Force laid out a list of steps it is taking to better protect and regulate access to classified data in the wake of last summer’s “Discord” breach that exposed to the public hundreds of classified military and intelligence agency documents, according to a Dec. 11 report that details the service branch’s responses to the breach. […]

IoT Connected Devices Internet of Things

Twenty of the 23 civilian Chief Financial Officers (CFO) Act of 1990 agencies have failed to meet the White House’s cyber incident logging requirements by an August 2023 deadline, and according to a Dec. 4 watchdog report, 17 of these agencies were found to be at the lowest level of maturity – tier 0 – in that category. […]

The Cybersecurity and Infrastructure Security Agency (CISA) – along with the National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) – have released a new cybersecurity advisory warning of continued Iranian-backed cybersecurity attacks aimed towards American and Israeli water and wastewater systems (WWS). […]

Cyber workforce

The Federal Cybersecurity Workforce Expansion Act has been reintroduced in the House as part of a bipartisan, bicameral effort to strengthen the nation’s cyber defenses and cybersecurity workforce by creating two new training programs within the Federal government. […]

cyber workforce

The Office of Personnel Management (OPM) has announced the launch of advertisements for its government-wide Federal Rotational Cyber Workforce Program, meaning Federal cybersecurity employees can now apply to rotational assignments at agencies outside of their own. […]

Achieve Zero Vulnerability With Proven Appliance-Based Security

While every Federal agency is now required to identify network assets and vulnerabilities and provide data to the Cybersecurity and Infrastructure Security Agency (CISA) regularly under CISA’s Binding Operational Directive (BOD), Improving Asset Visibility and Vulnerability Detection on Federal Networks, gaps persist. Bad actors continue to exploit known vulnerabilities, some of which are the consequence of highly interconnected systems and data sharing between the public and private sectors. […]

The Intelligence Advanced Research Projects Activity (IARPA) is seeking to provide novel technologies to improve the response of both law enforcement and the intelligence community (IC) in attributing the sources of malicious cyberattacks. […]

The Department of Navy on Tuesday released its inaugural Department of the Navy Cyber Strategy, which identifies seven distinct lines of effort to enhance the naval services’ cybersecurity posture and emphasizes cyber as a warfighting domain. […]

Jen Easterly, CISA at Billington Cybersecurity Summit

The Cybersecurity and Infrastructure Security Agency (CISA) said today it is aiming to responsibly use artificial intelligence (AI) technologies in its missions to protect Federal civilian agencies and critical infrastructure sectors, while also assisting government and private sector organizations in making sure that the AI-enabled software they use is secure by design. […]

DHS

Categories