Cybersecurity

Lawmakers grill VA tech officials over stalled progress on cybersecurity

Top cyber officials with the Department of Veterans Affairs told Congress they are opposed to a bipartisan bill seeking to strengthen the agency’s cybersecurity standards—despite its ongoing failures to meet oversight recommendations.

DOD recommends NIST align frameworks for cybersecurity risk management

An effort to update the framework for securing critical infrastructure from cyberattack is coming face to face with issues that have plagued the Commerce agency from the beginning.

New report points to cyber risks in TVA control systems

A federal utility operating in seven southeastern states failed to implement proper cybersecurity standards for a control system assisting with flood and river management, according to a recent oversight report.

Solarium successor wants the White House to lead on cyber workforce strategy

One recommendation: establish cyber excepted service authorities, like the Department of Homeland Security's newly launched cyber hiring initiative, government-wide.

Why Commerce went against Microsoft on rule to control cyber exploits

The rule aims to prevent certain countries—most notably China—from receiving U.S. exports that could advance their intrusion and surveillance technology.

Seven years in the making, DHS's new cyber talent system boasts just one hire

Officials at the Department of Homeland Security say that change management efforts will help scale the Cybersecurity Talent Management System

EPA seeks funding to improve the cybersecurity of America’s water systems

The Environmental Protection Agency aims to invest $4 billion in upgrades to the nation’s water and wastewater infrastructure with a strong focus on cybersecurity.

New DOJ guidance on enforcing hacking laws carves out safe space for security research

Nearly a decade after the death of open-access advocate Aaron Schwartz, his legacy is still playing out in cybersecurity policy.

CISA orders agencies to mitigate VMware vulnerabilities under deadline

Advanced adversaries appear to be exploiting the vulnerabilities to get around multifactor authentication.

Agencies are sharing cyber data with CISA, officials say

The Cybersecurity and Infrastructure Security Agency is rapidly expanding its visibility into federal networks under the Biden administration's cybersecurity executive order.

Why the USAF's IT chief is 'bullish' on open source

While there's no such thing as completely secure software, open source can make it stronger through the "power of the crowd," said Lauren Knausenberger, the Air Force's chief information officer.

U.S., allied cybersecurity agencies, advise reviewing contracts with tech vendors

A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.

Cyber assistance ranks high on National Guard requested services, chief says

Gen. Daniel Hokanson, chief of the National Guard Bureau, said cybersecurity assistance is "one of the most frequently requested things that we're seeing right now" thanks to nearly 4,000 cyber professionals, many of whom acquired their skills as civilians.

NIST's supply chain security guidance tells agencies to look to FedRAMP

The agency has spent years revising guidance for organizations to address vulnerabilities presented by vendors of software and other enterprise suppliers.

White House sounds alarm on threat from quantum computers

New directive orders the government to work with industry on security that can stand up to tomorrow’s quantum-powered decryption tools.

NSA chief: Cyber Command did 9 international missions last year

Gen. Paul Nakasone acknowledged proactive missions to diffuse cyber threats to U.S. elections and other critical infrastructure and stressed the importance of artificial intelligence to advance such efforts.

How the TMF helps agencies pave the way toward zero trust

The Education Department chief information security credits the Technology Modernization Fund with providing the agency crucial support and fundamental resources to create a more secure architecture.