Cybersecurity

NDAA requires DOD to report on prospects for a ‘cyber academy’

Sen. Kirsten Gillibrand (D-N.Y.) says these reports could inform potential legislation to establish an academy to educate cyber workers for government modeled after military service academies.

CISA issues emergency directive to patch Log4j flaw

The Cybersecurity and Infrastructure Security Agency released an emergency directive on Friday ordering all federal agencies to take immediate action against a critical security flaw with potential long-term consequences for public and private infrastructure.

DHS scales up bug bounty program

Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.

DHS gets nearly 2,000 applications for new cyber cadre

The goal is for DHS to onboard the first 150 feds into the system next year.

How cyber gray zone conflict can shape conventional war

As gray zone conflict becomes the norm, the intelligence community may have to make some changes to adapt.

Grady talks spectrum, cyber concerns in nomination hearing

Adm. Christopher Grady told senators that Defense Department moves to free up swaths of spectrum would have consequences when it comes to operations, training, and readiness.

Cyber in the 2022 defense bill

As has been the case for the past few years, cyber governance provisions were featured in this year's must-pass defense policy bill moving through Congress, but a bipartisan breach notification measure was dropped from the bill -- to the chagrin of its supporters.

White House embeds cyber EO in FISMA reporting

Federal agencies will be reporting on zero-trust adoption and automation efforts in their annual cybersecurity reports to the Office of Management and Budget.

What’s next for CMMC

After the Defense Department revamped cybersecurity standards for contractors, the Cybersecurity Maturity Model Certification program’s accreditation body is making adjustments.

Could faster buying undermine electronic warfare prep?

Some measures that protect weapons systems against electronic vulnerabilities can be “pushed aside” during rapid acquisitions, according to David Tremper, the electronic warfare director for the Defense Department.

Senate inches closer to FedRAMP legislation

Senators expressed concerns over potential conflicts of interest, high costs and inconsistent review processes during a roundtable meeting with federal officials and IT experts overseeing the General Service Administration’s cloud security authorization program.

CISA mulls plan to safeguard federal civilian email

According to contracting documents, the Cybersecurity and Infrastructure Security Agency is looking to take a leading role in identifying and defending against threats against federal civilian executive branch email systems and networks.

Military service principal cyber advisors take root

Congress established service level principal cyber advisors in the 2020 defense policy bill. FCW sat down with the Army and Navy PCAs to get a sense of what their priorities have been in the past year.

Langevin tees up cyber legislation for 2022

Rep. Jim Langevin (D-R.I.) is looking to create a statutory framework for threat information sharing and mitigation between a small number of critical infrastructure firms and the federal government.

Federal government still in the dark on ransomware

Information on the majority of ransomware attacks targeting American companies and civilian agencies remains unreported to the Department of Homeland Security, a top cyber official told lawmakers.

FBI wants in on cyber reporting legislation

A top FBI cyber official told lawmakers on Tuesday that the bureau could face significant challenges addressing cyberattacks and ransomware incidents if it was not included in breach disclosure requirements being considered in legislation.

New cyber talent system, years in the making, goes into effect at DHS

Agency officials estimate that around 1,000 of its 1,500 cyber vacancies could fit into the new scheme.