CISA

The legacy of the Cyberspace Solarium Commission

The Cyberspace Solarium Commission is officially sunsetting after more than two years, dozens of recommendations and a slew of legislative changes. But since there’s more to be done, the panel is rebooting its efforts as a non-profit.

CISA, FBI issue new guidance on addressing Log4j risks

The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.

CISA issues emergency directive to patch Log4j flaw

The Cybersecurity and Infrastructure Security Agency released an emergency directive on Friday ordering all federal agencies to take immediate action against a critical security flaw with potential long-term consequences for public and private infrastructure.

DHS scales up bug bounty program

Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.

DHS gets nearly 2,000 applications for new cyber cadre

The goal is for DHS to onboard the first 150 feds into the system next year.

CISA mulls plan to safeguard federal civilian email

According to contracting documents, the Cybersecurity and Infrastructure Security Agency is looking to take a leading role in identifying and defending against threats against federal civilian executive branch email systems and networks.

Langevin tees up cyber legislation for 2022

Rep. Jim Langevin (D-R.I.) is looking to create a statutory framework for threat information sharing and mitigation between a small number of critical infrastructure firms and the federal government.

Federal government still in the dark on ransomware

Information on the majority of ransomware attacks targeting American companies and civilian agencies remains unreported to the Department of Homeland Security, a top cyber official told lawmakers.

FBI wants in on cyber reporting legislation

A top FBI cyber official told lawmakers on Tuesday that the bureau could face significant challenges addressing cyberattacks and ransomware incidents if it was not included in breach disclosure requirements being considered in legislation.

New cyber talent system, years in the making, goes into effect at DHS

Agency officials estimate that around 1,000 of its 1,500 cyber vacancies could fit into the new scheme.

CISA chief tees up cyber directives for the water and chemical sectors

CISA Director Jen Easterly said new directives for the water and chemical industries were coming soon in the wake of the passage of the $1.2 trillion Infrastructure Investment and Jobs Act, which includes cybersecurity requirements for public water systems.

OMB official reviews progress six months after the cyber EO

A federal official overseeing the implementation of the cybersecurity executive order signed in May said many agencies have met its aggressive deadlines so far.

CISA orders civilian agencies to fix known flaws in six months

The binding operational directive issued Nov. 3 requires federal agencies to remediate known exploited vulnerabilities on their networks under specific timeframes is also intended to serve as guidance for the private sector and state and local governments.

Senate Republicans seek IG probe of TSA pipeline directives

Republican leaders on the Senate Homeland Security and Governmental Affairs Committee are calling for an inspector general probe into how the Transportation Security Administration developed its first ever pipeline-specific security directives.

Federal cyber leaders assess TMF awards

National Cyber Director Chris Inglis said he co-chaired a meeting with top federal cyber leaders this week to analyze current projects with investments from the Technology Modernization Fund.

Lawmakers examine TSA's growing role in cyber

Lawmakers on the Homeland Security Committee convened cybersecurity experts and key stakeholders from the transportation industry to discuss new rules in the works for the transportation sector.

CISA seeks 24-hour timeline for cyber incident reporting

Two separate Senate bills set different deadlines for federal contractors, critical infrastructure providers and other covered companies to report cyber incidents to the federal government.