Biden adds cyber, data, supply chain risks to CFIUS reviews

The Committee on Foreign Investment in the United States will be required to consider five new sets of national security concerns – including cybersecurity – when reviewing foreign investments in the U.S. as part of a new executive order.

Industry cautions on software security regs in the defense bill

Trade groups want Congress to remove a provision in the House-passed defense policy bill mandating software bills of materials in some federal acquisition.

OMB: New acquisition rule coming for vendors to vouch for their software security

Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.

Cyber criminals increasingly relying on ransomware-as-a-service, report says

A new report reveals threat actors are using the same ransomware as in previous years – but relying on new malware-free intrusion methods and ransomware-as-a-service offerings to evade popular mitigation techniques.

Maritime cybersecurity is front and center in Coast Guard reauthorization bill

A new Coast Guard reauthorization bill would provide some of the first cybersecurity protections and data management requirements for the U.S. Marine Transportation System in federal law.

Sharing secrets has been ‘effective’ against Russia, but the tactic has limits, CIA chief says

It’s just one of the new areas for a spy agency grappling with tech-driven changes.

CISA seeks public input on cybersecurity incident reporting rules

The nation’s cyber defense agency will embark on a cross-country listening tour to better understand what key stakeholders are hoping to see in new mandatory cyber incident reporting requirements featured in the recently-passed Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Commerce revises export rules to boost U.S. standards development on critical tech

The original rule—which banned certain entities from receiving U.S. exports—endangered U.S. participation in international standards bodies where such entities are present, opponents said.

How NSA plans to shield high-impact systems against quantum threats

The National Security Agency started the clock on a long-planned transition to quantum-resistant algorithms in key national security systems.

Iranian hacker group posed as journalists to hunt dissidents

Group spent weeks trying to fool specific targets with intricate appeals—including U.S campaign staff.

White House attributes attack on Albania’s critical infrastructure to Iran 

A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.

CISA teases strategy to protect critical infrastructure

The Cybersecurity and Infrastructure Security Agency will soon release a sweeping plan to bolster cybersecurity protections for the nation's critical infrastructure industries.

Election officials have been largely successful in deterring cyber threats, CISA official says

The head of CISA’s National Risk Management Center pointed to public-private partnerships and enhanced resource sharing activities as key to defending against outside threats to voting systems.

National Cyber Director’s office elevates key personnel

Nick Leiserson helped develop legislation that created the cyber director’s office. A year after its establishment, he’s moving to a position where he can use it to shape policy.

CFPB warns firms on poor cyber hygiene

The agency says that bad password and data management and other practices can expose companies to legal consequences.

Housing agency didn't complete cyber orders from DHS, report says

The agency said that some of its websites failed to comply with binding operational directives from the Department of Homeland Security.

NSA, CISA and ODNI release new software supply chain guidelines for developers

An interagency, public-private working group “strongly encouraged” software developers to begin implementing a suite of best practices aimed at further securing the software development lifecycle.