Hacking and Breaches

CISA: 'Multiple threat actors' used old exploit to access federal agency servers

At least two groups tried to exploit the vulnerability to get deeper into the agency’s networks, including a Vietnamese criminal gang.

  • By Aaron Boyd

U.S. Marshals Service hacked in ‘major incident’

This is the second time the agency has been hacked in recent years, adding to a growing number of agencies that have experienced cybersecurity incidents.

  • By Kirsten Errick

Russia-linked cyber groups used commercial security tools to target Ukraine, report states

Infamous cybercriminal organizations like Cozy Bear have been involved in a string of cyberattacks targeting Ukrainian government agencies, according to new research.

  • By Chris Riotta

Cyber Safety Review Board staffs up

The chair of the Cyber Safety Review Board has ambitious goals for the organization following its public review of the Log4j software vulnerability.

  • By Chris Riotta

Is there a path forward in Congress for mandatory cyber incident reporting?

A group of lawmakers is seeking legislation that would require private companies to report cyber incidents and ransomware attacks to the Cybersecurity and Infrastructure Security Agency, despite their efforts being derailed late last year.

  • By Chris Riotta

FTC warns of legal risks of failing on Log4j mitigation

The Federal Trade Commission issued a warning this week urging companies to take "reasonable steps" to mitigate known software vulnerabilities or face potential legal consequences, recalling the $700 million settlement Equifax paid for a major breach in 2017.

  • By Chris Riotta

DHS scales up bug bounty program

Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.

  • By Chris Riotta

White House embeds cyber EO in FISMA reporting

Federal agencies will be reporting on zero-trust adoption and automation efforts in their annual cybersecurity reports to the Office of Management and Budget.

  • By Adam Mazmanian

CISA mulls plan to safeguard federal civilian email

According to contracting documents, the Cybersecurity and Infrastructure Security Agency is looking to take a leading role in identifying and defending against threats against federal civilian executive branch email systems and networks.

  • By Chris Riotta

Military service principal cyber advisors take root

Congress established service level principal cyber advisors in the 2020 defense policy bill. FCW sat down with the Army and Navy PCAs to get a sense of what their priorities have been in the past year.

  • By Lauren C. Williams

Federal government still in the dark on ransomware

Information on the majority of ransomware attacks targeting American companies and civilian agencies remains unreported to the Department of Homeland Security, a top cyber official told lawmakers.

  • By Chris Riotta

FBI wants in on cyber reporting legislation

A top FBI cyber official told lawmakers on Tuesday that the bureau could face significant challenges addressing cyberattacks and ransomware incidents if it was not included in breach disclosure requirements being considered in legislation.

  • By Chris Riotta

CISA chief tees up cyber directives for the water and chemical sectors

CISA Director Jen Easterly said new directives for the water and chemical industries were coming soon in the wake of the passage of the $1.2 trillion Infrastructure Investment and Jobs Act, which includes cybersecurity requirements for public water systems.

  • By Chris Riotta

Funding challenges hamper cyber EO compliance, CIOs say

A group of agency CIOs shared their biggest obstacles in meeting a series of aggressive deadlines and modernization goals of the Biden administration's sweeping cybersecurity executive order.

  • By Chris Riotta
Featured eBooks

OMB official reviews progress six months after the cyber EO

A federal official overseeing the implementation of the cybersecurity executive order signed in May said many agencies have met its aggressive deadlines so far.

  • By Chris Riotta

CISA orders civilian agencies to fix known flaws in six months

The binding operational directive issued Nov. 3 requires federal agencies to remediate known exploited vulnerabilities on their networks under specific timeframes is also intended to serve as guidance for the private sector and state and local governments.

  • By Chris Riotta

Zero-trust has a branding problem

A zero-trust approach to cybersecurity is intended to increase vigilance and minimize risk, but without the necessary context, the concept could raise discomfort or even hostility among federal workers.

  • By Jim Richberg

Senate Republicans seek IG probe of TSA pipeline directives

Republican leaders on the Senate Homeland Security and Governmental Affairs Committee are calling for an inspector general probe into how the Transportation Security Administration developed its first ever pipeline-specific security directives.

  • By Chris Riotta

Lawmakers examine TSA's growing role in cyber

Lawmakers on the Homeland Security Committee convened cybersecurity experts and key stakeholders from the transportation industry to discuss new rules in the works for the transportation sector.

  • By Chris Riotta

New missions could present challenges for the DOD cyber workforce

Mieke Eoyang, the deputy assistant secretary of defense for cyber policy said one of DOD's main cyber workforce challenges is being able to set expectations around policymakers' calls to step in and defend against cyberattacks.

  • By Lauren C. Williams

CISA seeks 24-hour timeline for cyber incident reporting

Two separate Senate bills set different deadlines for federal contractors, critical infrastructure providers and other covered companies to report cyber incidents to the federal government.

  • By Adam Mazmanian