It’s hard enough sometimes just keeping up with the challenges of cybersecurity in the big headline-news cases – think SolarWinds in recent months or the Office of Personnel Management (OPM) intrusion several years back. But the more you talk with experts in cybersecurity, the more it becomes clear that exploitable gaps in the network armor are nearly limitless, and that plugging those gaps requires innovative security in the spaces that remain off the radar for many. […]
The National Institute of Standards and Technology (NIST) published a new guide, NISTIR 8170, to provide Federal agencies with different approaches to leveraging the Cybersecurity Framework to address common cyber problems. […]
The Department of Homeland Security (DHS) has released separate draft requests for proposal (RFPs) – one for its legacy voice system and one for its data network – under the General Services Administration’s Enterprise Infrastructure Solutions (EIS) contract program, an industry source told MeriTalk. […]
The Congressional Budget Office (CBO) found that the Cybersecurity Vulnerability Identification and Notification Act of 2020 (H.R. 5680) could slightly lower the deficit, but not by a significant amount. The bill, introduced by Rep. Jim Langevin, D-R.I. on Jan. 27, would authorize the Cybersecurity and Infrastructure Security Agency (CISA) to issue administrative subpoenas in rare […]
Sens. Margaret Wood Hassan, D-N.H., Chuck Schumer, D-N.Y., and Gary Peters, D-Mich., signed a letter requesting the Department of Homeland Security (DHS) provide full funding to two key Information Sharing and Analysis Centers (ISAC). […]
The Cybersecurity and Infrastructure Security Agency (CISA) announced the kick-off of its annual Infrastructure and Security and Resilience Month running through the end of November. […]
The Government Accountability Office (GAO) identified in a new report several cybersecurity risks to the U.S. electric grid and called upon the Department of Energy (DoE) to develop an improved Federal strategy to protect against cyber threats to the grid. […]
In defending the integrity of election security for 2018, U.S. Cyber Command used 2016 as a framework to thoroughly understand adversaries in the cyber domain. […]
Federal Chief Information Security Officer (CISO) Grant Schneider said today that the Office of Management and Budget (OMB) is continually working towards developing standards and accountability for supply chain security and cybersecurity. […]
The Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) released a list of 55 “national critical functions” today, signaling a shift from protecting specific critical infrastructure sectors to protecting specific activities that are crucial to the country. […]
President Trump on Tuesday issued an Executive Order that puts into place a range of policy actions to increase awareness of the danger that electromagnetic pulse (EMP) episodes pose to electric grids and technology networks, and the critical infrastructure assets that depend on them – and to at least soften the potentially disastrous impact of naturally occurring or man-made EMPs. […]
Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security, provided an update to Congress today about how CISA is working to secure election infrastructure ahead of the 2020 Presidential election. […]
Senators and witnesses alike took turns criticizing Chinese tech and trade policy, and China-based network equipment maker Huawei, at a hearing on Thursday over the firm’s alleged potential to create security harms if its equipment was included in U.S. 5G wireless networks. […]
Senators during an Energy and Natural Resources Senate Committee hearing Thursday called for more urgency regarding cyberattacks on the energy grid. […]
Participants described how their participation in Jack Voltaic 2.0, a joint exercise between the City of Houston and the Army Cyber Institute held in July 2018, opened their eyes to the threats of a combined cyber and physical attack on critical infrastructure. […]
Members of the House and Senate are giving the bipartisan Securing Energy Infrastructure Act another go in the current Congress, after passing the bill in the Senate in December 2018 but failing to get the bill through the House before the 115th Congress ended. […]
The Senate on Wednesday passed the Securing Energy Infrastructure Act, which would appropriate $10 million to create a pilot program to look at nondigital control systems and how to protect them against cyber attacks. […]
A presidential advisory council found that existing national plans, response resources, and coordination strategies would be outmatched by a catastrophic power outage. […]
The Office of the Director of National Intelligence, alongside the Justice Department, Federal Bureau of Investigation, and Department of Homeland Security, released a joint statement today that expresses their concern over election interference and calls identification and prevention of interference a “top priority for the Federal government.” […]
With critical infrastructure emerging as a major concern for the U.S. government, cybersecurity efforts must account for critical infrastructure’s interdependent and connected nature, and make sure to address the linkages between industries, said experts from the private and public sector at a Wednesday event hosted by the Atlantic Council. […]
Christopher Krebs, Department of Homeland Security under secretary for the National Protection and Programs Directorate (NPPD), said Thursday that NPPD is focusing on the cybersecurity fight of both today and tomorrow, through the various coordinating centers that fall under NPPD’s purview. […]
Following the long-awaited passage of the Cybersecurity and Infrastructure Security Agency (CISA) Act in the Senate, the head of the organization set to be elevated as the nation’s official cybersecurity agency expressed his satisfaction at how congressional approval of a simple name change will reinforce the authority of the Federal government’s lead organization in cyberspace. […]
Department of Homeland Security Secretary Kirstjen Nielsen said today that DHS’ National Cybersecurity and Communications Integration Center (NCCIC) will provide a resource center on Election Day that will actively respond to threats of cyber intrusion when voters go to the polls on November 6. […]
The Department of Energy’s new office of Cybersecurity, Energy Security, and Emergency Response (CESER) has already begun work to provide support to the nation’s energy grid and critical infrastructure cybersecurity, and the head of the new office appeared in front of the House Energy and Commerce Committee Thursday to discuss the role of CESER within DoE. […]
The Department of Homeland Security Science and Technology Directorate (DHS S&T) today announced awards to five research organizations as part of a new program aimed at identifying network and internet disruptions that could “significantly impact critical infrastructure systems” and “other essential systems on which society is dependent.” […]
Christopher Krebs, Under Secretary for the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD), described how DHS’ National Risk Management Center (NRMC) is pinpointing the critical functions in American infrastructure and setting actionable tasks during an interview with Government Matters. […]
Matthew Travis, deputy undersecretary of the Department of Homeland Security’s National Programs and Protection Directorate (NPPD), said today that DHS’s recently-established National Risk Management Center (NRMC) represents the agency’s plan to play “the long game” in defending U.S. critical infrastructure sectors from attacks. […]
Thomas Fanning, chief executive officer of Atlanta-based electric utility holding company Southern Co. and a key player in developing private-sector cybersecurity policy, said today at a Senate subcommittee hearing that he has begun to have interactions with senior Federal government military leaders about capabilities to “hack back” at cyber attackers, but emphasized he believes that those types of retaliatory capabilities need to remain in the hands of the military rather than become a corporate function. […]