CISA

A Federal advisory committee this week approved a set of recommendations to help the Cybersecurity and Infrastructure Security Agency (CISA) protect critical infrastructure, even as the panel criticized some of the government’s current efforts to do so as unfocused and lacking clear national goals.

[…]

cybersecurity

The Office of Management and Budget (OMB) today issued marching orders to Federal agencies to take action to comply with National Institute of Standards and Technology (NIST) guidance for the use of secure supply chain software, as ordered by President Biden’s cybersecurity executive order issued in May 2021.

[…]

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has issued its strategic plan for 2023 to 2025, setting forth four main goals of cyber defense, risk reduction and resilience, operational collaboration, and agency unification.

[…]

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) published a new request for information (RFI) today looking for feedback on how to best implement cyber incident reporting requirements for critical infrastructure owners and operators.

[…]

Ann Dunkin

Having a strong “collective defense” – whether that’s a public-private partnership or an international alliance – is critical to defending against cyber adversaries and keeping all entities safe, according to Ann Dunkin, chief information officer (CIO) at the Department of Energy.

[…]

Ukrainian government officials

Russia’s war on Ukraine has not singularly been a terrestrial battle. The war has also involved large-scale cyber operations – the first of its kind. However, Russia has been unable to achieve any prominent advantage in its cyber warfare efforts after its first attack. Ukrainian digital officials attribute this to their ‘secret ingredient’ – the Ukrainian IT Army.

[…]

US tech

Work by the Biden administration’s Office of the National Cyber Director (ONCD) on a national cybersecurity strategy is “well underway,” said the Government Accountability Office (GAO) in a report issued this week that features a timeline of the ONCD’s activities since mid-2021.

[…]

cybersecurity
DoD Pentagon Military

While the Department of Defense’s (DoD) new Cybersecurity Maturity Model Certification (CMMC) program seeks to significantly improve the way its contractors store and protect sensitive data, it cannot direct industry on what actions they need to take to be CMMC compliant, said the DoD CMMC lead.

[…]

Jen Easterly

The top Federal intelligence community and cybersecurity agencies this week issued a new software supply chain developers guide, and said they “strongly encourage” government agencies and software providers alike to follow the guidelines in order to improve security of the software supply chain.

[…]

While the term “cybersecurity is a team sport” has long been used to reiterate the importance of collaboration within and between agencies on matters of network protection, a senior California state official is pointing to how Federal, state, and academic entities in California are putting this mantra into action.

[…]

FBI

The U.S. Department of State (DoS) on August 29 imposed administrative debarment under the International Traffic and Arms Regulations (ITAR) upon three former U.S. private sector cybersecurity employees, according to a Federal Register notice.

[…]

DHS

The Department of Homeland Security (DHS) appears to be nothing solid progress against a list of ten recommendations from the agency’s inspector general (IG) to make improvements to internal cybersecurity policies and employee training practices, according to an August 22 IGr eport that covers audit results reaching as far back as fiscal year 2019.

[…]

Cybersecurity
cybersecurity

The Department of Homeland Security (DHS) is looking use self-assessments to evaluate the cybersecurity posture of agency contractors, rather than conduct third-party assessments like the Department of Defense (DoD) is doing with its Cybersecurity Maturity Model Certification (CMMC) program.

[…]

CISA

The National Security Telecommunications Advisory Committee (NSTAC) voted on August 23 to approve a report recommending that the Cybersecurity and Infrastructure Security Agency (CISA) issue an order requiring all Federal civilian agencies to catalog all of their operational technology (OT) devices and systems as one of many steps to improve OT cybersecurity in government and the private sector.

[…]

Because adversaries like China and Russia increasingly have their hands in the information communication technology arena – whether directly or through subsidiaries – one of the keys to improving cybersecurity in an expanding threat landscape involves strong risk management, in addition to prevention, Federal experts said this week.

[…]

cybersecurity

Kurt DelBene, chief information officer (CIO) at the Department of Veterans Affairs (VA), said today that his agency is not spending enough on cybersecurity, and would benefit from being able to pay higher salaries in order to recruit and retain cyber experts.

[…]

cybersecurity

The Government Accountability Office (GAO) said in new report issued today that it has delivered another 18 recommendations to the Defense Department (DoD) to improve operations across a range of agency functions, and also provided an update showing some DoD progress on outstanding cybersecurity-related recommendations.

[…]

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has made only limited progress in improving the overall quality of cyber threat data information it shares with third parties, and needs to do more to provide context for that shared information, the Department of Homeland Security (DHS) Office of Inspector General (IG) said in an oversight report.

[…]

The Department of Energy (DoE) announced $45 million of investments that aim to create, accelerate, and test next-generation technology to protect the electric grid from cyberattacks and ensure the seamless offering of clean and cheap energy to Americans.

[…]

password IAM ICAM easy pwd admin priviliges identity access management authentication credential

The need to move away from the use of passwords as a primary mode of authentication and security remains one of the most important steps that government and private sector organizations can take to improve security and move toward zero trust security, according to Kenny Harrison, Division Chief of the Telecommunications Office at the U.S. Census Bureau.

[…]

Office of Personnel Management (OPM) Chief Information Officer Guy Cavallo said today that his agency’s work with the General Services Administration’s (GSA) login.gov technology for authentication and identity proofing is paying off in OPM’s continuing efforts to make enterprise-wide technology improvements.

[…]

Categories