Cybersecurity

Government employees and defense contractors still have got bad passwords, report says

According to new research, a majority of government employees with exposed passwords were found to have reused them across multiple accounts. 

NSA offers new tips on zero trust and identity

Weaknesses in identity and access controls are allowing cyber attacks to happen, NSA officials say. A new tip sheet is meant to help national security systems mature their controls.

New bills look to help small water systems tap cybersecurity help

New legislation looks to set aside $10 million to help subsidize fees for small utilities to join the Water Information Sharing and Analysis Center.

Lawmaker and staffer health data exposed in insurance breach

The attack on local insurance company DC Health Link threatens to expose personal information of House lawmakers and Hill staffers.

TSA issues cybersecurity amendment for aviation industry

The Transportation Security Administration has released a series of new performance-based cybersecurity measures for the aviation industry just days after the White House released its national cybersecurity strategy.

CISA still has work to do to fix agency weaknesses revealed by SolarWinds, watchdog says

A new report from the Department of Homeland Security’s inspector general details recommendations for CISA’s network visibility and threat detection tech, workforce and more.

EPA: States must evaluate cybersecurity of public water systems

The Environmental Protection Agency said it was expanding its capacity for helping states assess the cybersecurity of operational technology used in public water systems.

Tech trade group leery of new regulations proposed in Biden's cyber strategy

The new national cybersecurity strategy calls for software providers to be held accountable for vulnerabilities in their products – a fundamental shift in approach that sparked concerns among some technology associations and firms.

National cyber strategy faces major implementation challenges, experts say

A depleted workforce, lack of funding and challenges with information sharing across the public and private sectors may severely hamper the federal government’s implementation of a new sweeping cybersecurity strategy, experts told FCW. 

New White House cyber strategy looks to redistribute risks, responsibilities

The ranging strategy document includes plans for the collective defense of federal civilian executive branch agencies and a push for legislation to require software vendors to assume liability for the security of their products.

CISA advisory details red team attack on critical infrastructure organization

The report comes as the director of the nation’s cyber defense agency calls on Congress to establish “higher standards of care for software in specific critical infrastructure entities.”

U.S. Marshals Service hacked in ‘major incident’

This is the second time the agency has been hacked in recent years, adding to a growing number of agencies that have experienced cybersecurity incidents.

White House to officially ban TikTok from government devices within 30 days

New guidance from the Office of Management and Budget finalizes a congressional push to ban the popular Chinese social networking app from all government devices amid privacy and security concerns.

Census Bureau data susceptible to ‘reconstruction attacks’ exposing individual data, report claims

A team of computer scientists demonstrated how cybercriminals can leverage commercial laptops to reverse engineer the Bureau’s statistics, leaving Americans exposed to risks like identity theft and discrimination. 

House bill would put grid operators on a short clock for breach reporting

A cyber incident reporting bill making its way through Congress would task critical energy infrastructure owners and operators with reporting cyber incidents to the Department of Energy within 24-hours of their discovery.

Cyberattacks on Energy's National Labs draw lawmaker scrutiny

The attacks, allegedly conducted by Russian-based adversaries, occurred during August and September 2022, potentially exposing sensitive U.S. scientific research.

U.S. cyberspace ambassador lays out technology’s role in geopolitical contests

Nathaniel Fick said tools like cloud computing and public-private partnerships will continue to prove essential to diplomacy, as they already have in Ukraine.