Cybersecurity

IG dings State Department's information security program in annual report

The State Department Office of the Inspector General says it found weaknesses in eight of nine domains in an audit of the department's information security program.

Warner calls TikTok an 'enormous threat'

The chairman of the Senate Intelligence Committee said the U.S. regulators have a "huge mountain to climb" when it comes to reducing risks from the massively popular, China-owned social media app.

TSA administrator says new cyber requirements in the works for aviation industry

The administrator of the Transportation Security Administration said the White House is following a similar approach to how it crafted cyber requirements for the oil and gas pipeline industry following the 2021 Colonial Pipeline attack in crafting guidelines for the aviation sector.

Iranian hackers compromised a federal agency’s network, CISA and FBI say

Actors linked with the Iranian government were able to exploit an unpatched Log4Shell vulnerability—which the Cybersecurity and Infrastructure Security Agency asked agencies to address by the end of 2021—in an unnamed agency’s network.

Deadline looms for plan to restart economy in case of major cyberattack

Lawmakers have been urging the Biden administration to develop a strategy first mandated in the Fiscal 2021 NDAA.

Breaches of personal data at DOD have doubled since 2015

A recent oversight report detailed that the Defense Department experienced nearly 1,900 breaches of personally identifiable information in 2021 and may need a better system for informing affected individuals.

No ‘specific or credible’ cyber threats affected integrity of midterms, CISA says

Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.

CISA, NSA and industry outline security responsibilities of software suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

Former CISA chief warns of ‘very chaotic environment’ ahead of midterms

Chris Krebs said those hoping to undermine confidence in U.S. elections may have their best shot yet during this week’s midterm vote.

Almost half of phishing attacks target gov employees, research says

Traditionally aimed at stealing credentials, phishing attacks are growing increasingly sophisticated.

NIST on tap to improve cybersecurity of water systems

The National Institute of Standards and Technology (NIST) hopes a new project will create a set of best practices to help the nation’s complex water and wastewater systems bolster their cybersecurity posture.

Energy official urges CISA to develop storehouse for software bills of materials

A senior cybersecurity advisor for the Department of Energy said a central repository of widely used Software Bills of Material would significantly reduce the burden on federal agencies.

CDM team helped define cyber directives

Governmentwide cyber hygiene orders are increasingly taking into account the capabilities of Continuous Diagnostics and Mitigation tools.

CISA promises bespoke cyber advice for agencies

A new engagement arm of the Cybersecurity and Infrastructure Security Agency is designed to help agencies navigate the crush of cybersecurity requirements.

CISA director 'very concerned' about election influence from foreign adversaries

Jen Easterly, director of the nation's cyber defense agency, said foreign adversaries could potentially weaponize disinformation and misinformation to incite violence and undermine the public's confidence in the upcoming elections.

Public entities in nearly every state use federally-banned foreign tech, report says

A new report from Georgetown University’s Center for Security and Emerging Technology found that at least 1,681 state and local governments purchased equipment from five Chinese companies that were banned by the federal government between 2015 and 2021.

CISA sets voluntary cyber performance targets for critical infrastructure

A new set of documents and resources from the agency is designed to help critical infrastructure operators manage the basics of cybersecurity.