Sen. JD Vance, R-Ohio, is calling on the Cybersecurity and Infrastructure Security Agency (CISA) to provide more details on a People’s Republic of China (PRC) state-sponsored cyber actor – known as Volt Typhoon – which he says poses a national security threat. […]

UnitedHealth Group did not have basic cybersecurity requirements in place that would have protected it against the recent attack on its Change Healthcare subsidiary, according to White House Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger. […]

Cyber diplomats from around the world voiced support for the U.S. State Department’s new international cybersecurity strategy unveiled during the RSA Conference in San Francisco this week. […]

Cybercriminals were emboldened to undertake record-high levels of intrusions in 2023 largely due to a lack of repercussions in response to those efforts, and because they are seeing more success by evolving their attack methods. […]

The Department of Justice (DoJ) said today it has charged the alleged mastermind of the LockBit ransomware group – regarded by U.S. authorities as among the most prolific attackers worldwide since 2022 – with more than two dozen Federal crimes. […]

Secretary of State Antony Blinken on Monday evening unveiled the Biden administration’s new international cybersecurity strategy, which focuses on building out digital solidarity with global partners to protect against adversaries like China. […]

The Federal government’s top intelligence official sounded the alarm last week about a daunting increase in cyberattacks in the last year, with the majority targeted at U.S. entities. […]

NASA’s spacecraft development programs lack mandatory cybersecurity controls for acquisition policies and standards, placing the technology at risk of cyberattacks, the Federal government’s top watchdog said this week. […]

The Pentagon has launched a new fully operational program that allows independent “ethical hackers” to find and analyze vulnerabilities in military contractor networks with the aim of improving the cybersecurity posture of the defense industrial base (DIB). […]

The Government Accountability Office (GAO) is calling on two Federal agencies in charge of overseeing the implementation of President Biden’s 2021 cybersecurity executive order (EO) to fully complete the remaining five requirements tasked to them in the order. […]

While a total ban on ransom payments to hackers remains “the ultimate goal” for cybersecurity experts, critical infrastructure organizations need stronger cybersecurity resilience before that happens, former acting National Cyber Director Kemba Walden told lawmakers on April 16. […]

The head of the Cybersecurity and Infrastructure Security Agency (CISA) said today that the Federal government has a “powerful” ability to mandate security standards for software vendors through its procurement process. […]

A group of industry experts called on Congress this week to enforce minimum cybersecurity standards among healthcare organizations in light of the February ransomware attack on UnitedHealth subsidiary Change Healthcare. […]

As artificial intelligence technologies continue to rapidly evolve, Federal agencies are looking to upskill their AI workforce to keep pace with emerging cybersecurity threats. […]

The former policy lead for the Department of Defense (DoD) under President Barack Obama said Tuesday that while the Biden administration’s National Cybersecurity Strategy (NCS) calls for secure-by-design technology principles, the White House doesn’t actually have the authority to regulate that. […]

Federal Chief Information Security Officer (CISO) Chris DeRusha gave broad credit today to Federal agencies for making marked improvements in cybersecurity over the past few years, and cited the ability of one larger agency – which he did not name – with being able to take particularly quick action in the face of the Ivanti vulnerabilities that the government began warning about in January. […]

The Department of Homeland Security’s (DHS) Cyber Safety Review Board (CSRB) released findings late Tuesday following its independent review of the summer 2023 Microsoft Exchange Online intrusion that attributed the success of the China-based hack to “a cascade of security failures at Microsoft” and an “inadequate” security culture at the company. […]

The Defense Department, General Services Administration, and NASA have issued a final rule amending the Federal Acquisition Regulation (FAR) to add the framework for a new FAR part 40 covering information security and supply chain security. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) published its long-awaited cyber incident reporting rule today for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), requesting public input on the forthcoming regulations. […]

Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, is calling on the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to prioritize cybersecurity efforts in the healthcare sector. […]

The Department of Justice (DoJ) announced today that it has charged seven hackers associated with the People’s Republic of China (PRC) for “malicious” cyberattacks that targeted U.S. government officials, politicians, and companies. […]

Sen. Mark Warner, D-Va. – co-chair of the Senate Cybersecurity Caucus – introduced legislation that would provide financial incentives for healthcare providers to boost their cyber defense by requiring them to meet minimum cybersecurity standards in order to receive accelerated payment in the event of a cyberattack. […]

Following the discovery of a Chinese-based hacking group compromising U.S. critical infrastructure, the White House – in collaboration with the Environmental Protection Agency (EPA) – announced plans this week to form a Water Sector Cybersecurity Task Force. […]

The National Security Agency’s (NSA) Cybersecurity Collaboration Center (CCC) has been “game-changing” for the NSA in terms of gaining unique insights from partners on specific adversaries, according to Morgan Adamski, the chief of the CCC. […]

In response to the evolving threat environment, the Cybersecurity and Infrastructure Security Agency (CISA) is looking to better coordinate cybersecurity operations across the Federal government through a newly released Federal Operational Cyber Alignment Plan, or FOCAL. […]

The Federal Communications Commission (FCC) voted on March 14 to create a voluntary cybersecurity labeling program for wireless internet of things (IoT) devices including home security cameras, internet-connected appliances, fitness trackers, garage door openers, and baby monitors. […]

The Department of Defense (DoD) has issued a final rule with revisions to the eligibility criteria for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program, greatly expanding the number of DIB companies that can participate in the program. […]

The Biden-Harris administration approved a secure software development attestation form on Monday, taking a crucial step towards ensuring Federal contractors provide secure products to the Federal government. […]

The Federal government should provide economic incentives such as tax deductions or Federal grants to critical infrastructure providers and other organizations that adopt cybersecurity best practices, the National Security Telecommunications Advisory Committee (NSTAC) said in a March 7 report. […]

When FITARA was first launched in November 2015, the Department of Education received a big fat “F” on its scorecard – denoting that the agency was failing across its IT and cyber categories. […]