The Commerce Department’s Bureau of Industry and Security (BIS) has published a final rule in the Federal Register that restricts cybersecurity export controls in an effort to prevent foreign adversaries from accessing hacking tools.
The Cybersecurity and Infrastructure Security Agency (CISA) – along with the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering – has released a proposed five-step 5G Security Evaluation Process today for Federal agencies to receive authorization to operate (ATO).
While many cybersecurity officials strive to achieve “no risk” when it comes to cyber risk management, officials from NASA this week explained that’s just not possible and suggested that agencies instead focus on managing risks that are important to the mission.
State government IT officials said this week they are working to deploy their share of $1 billion of Federal cybersecurity grant funding approved last November by Congress as part of the $1.2 trillion bipartisan infrastructure bill.
The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats.
The Cybersecurity and Infrastructure Security Agency (CISA) said today it is “encouraged” by quick Federal agency responses to its May 18 emergency directive to patch or unplug several vulnerable VMware products from agency networks, but did not provide any hard figures on whether agencies met CISA’s May 24 deadline to take action.
Can technology innovation – coupled with the boldest kind of leadership – work together to start fixing the most intractable problems facing America? On July 21 – we’re going to find out. The countdown to MerITocracy 2022: American Innovation Forum is on.
As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies.
Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters, D-Mich., along with the committee’s Democratic staffers, released a report today taking the Federal government to task for gathering insufficient data on ransomware attacks, and the use of cryptocurrencies as payments in those attacks where a ransom has been paid.
Join MeriTalk and Merlin Cyber on June 1 at 10 a.m. for our complimentary Zeroing in on Application and Data webinar, where government and industry IT experts will put the spotlight on the data and application pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model.
The Department of Defense (DoD) has taken steps to fully implement cybersecurity requirements for controlled unclassified information (CUI), however, none of the DoD components were fully compliant on that front as of January 2022, according to a recent Government Accountability Office (GAO) report.
National Cyber Director Chris Inglis said he views the current cybersecurity threat landscape as an evolution that is increasingly impacting confidence in systems, rather than just focusing on critical functions or data.
The in-person forum – at the Marriott Marquis in Washington, D.C., from 8:00 a.m. to 6:00 p.m. – will host bipartisan leaders from Congress, the Biden administration, and America’s tech industry to examine the most pressing problems facing citizens in our democracy, and map out creative solutions from the nexus of policy and technology. Request your invitation today by emailing email@example.com.
MeriTalk research – executed in partnership with RSA Conference, underwritten by Cofense, Keeper Security, Recorded Future, Secureworks, and SentinelOne, and capturing the viewpoints of 100 Federal and 100 private-sector security experts – shows that a whopping 93 percent of respondents believe that public-private partnerships are “vital” to national cyber defense.
Federal agencies are balancing evolving security requirements while defending against persistent threats, and the increased use of cyber threat intelligence and information sharing is helping government organizations make faster, more informed decisions to combat malicious activity, according to a National Science Foundation (NSF) technology official.
Security information sharing between the Federal government and private sector has been on the rise recently – whether it’s through the Joint Cyber Defense Collaborative, or various Information Sharing and Analysis Centers across the government, to name just a few – and a National Security Agency (NSA) official said this week that increased collaboration is being driven by mission demand and a higher degree of trust between organizations.
The Government Accountability Office (GAO) flagged 13 open recommendations for improvement for the State Department as of May 2022 in an annual report on the agency, including recommendations for improving data quality and cybersecurity.
Chris DeRusha, who wears the dual hats of Federal Chief Information Security Officer (CISO) and Deputy National Cyber Director for Federal Cybersecurity in the Office of the National Cyber Director, charted some near-term policy goals on the security front during a keynote address on May 19 at MeriTalk’s Cyber Central May 2022 – Mission: Cyber Resilience in-person conference.
As President Biden’s cybersecurity executive order (EO) stretches past its first year, Federal agencies are at varied points in their progress on the EO’s orders. Federal leaders say it is important for agencies to approach the EO’s zero trust components strategically and understand their networks as they make the move to a zero trust architecture.
As the health care and education sectors have become prime targets for cyberattacks, experts from those sectors expressed their needs on May 18 for more funding and Federal collaboration to better protect the cyber posture of schools and hospitals.
The Cybersecurity and Infrastructure Security Agency (CISA) on May 17 issued a new advisory highlighting how cyber threat-actors are exploiting poor security configurations.
The National Aeronautics and Space Administration (NASA) awarded Booz Allen Hamilton a $622.5 million contract to provide Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS), NASA announced May 17.
The contract will have Booz Allen Hamilton supporting NASA’s Office of the Chief Information Officer, providing CyPrESS and related services for the office. According to the release, the CyPrESS contract is the agency’s first enterprise cybersecurity and privacy services contract.
The award is a hybrid indefinite delivery/indefinite quantity contract. The CyPrESS award will also consolidate the cybersecurity and privacy work done under previous enterprise IT contracts and various centers.
The contract has a base period that will run from May 31, 2022, until Sept. 30, 2023, with four option periods that can extend the contract through Sept. 30, 2030.
The Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive to Federal government civilian branch agencies running several VMware products to apply updates to those, or remove them from agency networks until updates can be made.
The House of Representatives passed the State and Local Government Cybersecurity Act on May 17, which would promote increased cybersecurity collaboration between the Department of Homeland Security (DHS) and state, local, tribal, and territorial governments (SLTT).
As the National Institute of Standards and Technology (NIST) works to update its influential Cybersecurity Framework – first issued in 2014 and later updated in 2018 – a NIST official said on May 17 that the agency is leaning on industry feedback as it embarks on the new update.
Federal government cybersecurity leaders told House members today that the government has made very significant progress in executing the Biden administration’s cybersecurity executive order (EO) issued a year ago, but also reminded lawmakers that funding is key to continued success in implementing crucial tenets of the order.
With $1.3 trillion of investments to infrastructure projects on tap in the Infrastructure Investment and Jobs Act, National Cyber Director Chris Inglis today emphasized the importance of making sure each of those projects are made secure from a cyber perspective.
Rapidity of incident response and personnel training are high on the priority list at the Defense Department’s U.S. Transportation Command (TRANSCOM) as it grapples with implementing cybersecurity strategies, a TRANSCOM official said on May 12.