Hackers used legit remote monitoring software to hack agency networks

Guidance from the National Security Agency and the Cybersecurity and Infrastructure Security Agency describe a phishing attack on a federal employee that used fake help desk domains to gain access to at least two federal civilian executive branch networks.

CISA, NSA and industry outline security responsibilities of software suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

CDM team helped define cyber directives

Governmentwide cyber hygiene orders are increasingly taking into account the capabilities of Continuous Diagnostics and Mitigation tools.

CISA sets voluntary cyber performance targets for critical infrastructure

A new set of documents and resources from the agency is designed to help critical infrastructure operators manage the basics of cybersecurity.

CISA seeks feedback on baseline measures to secure cloud configuration

Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next. 

CISA orders agencies to conduct weekly scans of networks and digital assets

The Cybersecurity and Infrastructure Security Agency is taking a major step towards increasing its visibility into the risks facing federal networks.

CISA launches DNS resolution shared service

The nation's cyber defense agency is launching a new shared service offering for all federal civilian agencies to bolster governmentwide cybersecurity and help thwart emerging internet traffic threats.

CISA warns critical infrastructure to prepare for mass post-quantum systems migration

Quantum computing is the latest frontier in technological innovation, and its hacking potential has regulators advising companies to begin to safeguard their networks. 

CISA's cyber info sharing program didn't always deliver, watchdog says

The Cybersecurity and Infrastructure Security Agency did not always provide more than 300 participants of a public-private cyber threat partnership with actionable information to address potential vulnerabilities, according to an oversight report.

Cyber Safety Review Board staffs up

The chair of the Cyber Safety Review Board has ambitious goals for the organization following its public review of the Log4j software vulnerability.

Former CISA chief wants a new, cross-cutting new agency to lead federal cyber

Chris Krebs wants to establish a new agency to focus on privacy, data and cyber risks facing the U.S., or to pull the Cybersecurity and Infrastructure Security Agency from under the Department of Homeland Security.

Misinformation campaigns and threats are undermining confidence in U.S. elections, official says

CISA is ramping up efforts to defend voting systems from outside intrusion, but the spread of online misinformation and threats against election officials still damage faith in the electoral process.

CISA’s first international office set to open later this month in London

CISA’s planned international attaché office will help promote the agency’s first-ever global strategy announced last year.

CISA expands Joint Cyber Defense Collaborative

The JCDC is gaining over a dozen new experts focused on enhancing the cybersecurity posture for industrial control systems and operational technology as CISA ramps up security efforts around critical infrastructure.

NSA to get binding operational directive authority under new cyber policy

A new memo signed by President Biden outlines how the May 2021 executive order on cybersecurity applies to national security systems.

Biden's CX order puts new momentum behind longtime efforts, leaders say

Officials at an ACT-IAC event explained how a recent White House executive order on customer experience is helping to unify disparate CX efforts across government.