Hacking and Breaches

CISA mulls plan to safeguard federal civilian email

According to contracting documents, the Cybersecurity and Infrastructure Security Agency is looking to take a leading role in identifying and defending against threats against federal civilian executive branch email systems and networks.

Military service principal cyber advisors take root

Congress established service level principal cyber advisors in the 2020 defense policy bill. FCW sat down with the Army and Navy PCAs to get a sense of what their priorities have been in the past year.

Federal government still in the dark on ransomware

Information on the majority of ransomware attacks targeting American companies and civilian agencies remains unreported to the Department of Homeland Security, a top cyber official told lawmakers.

FBI wants in on cyber reporting legislation

A top FBI cyber official told lawmakers on Tuesday that the bureau could face significant challenges addressing cyberattacks and ransomware incidents if it was not included in breach disclosure requirements being considered in legislation.

CISA chief tees up cyber directives for the water and chemical sectors

CISA Director Jen Easterly said new directives for the water and chemical industries were coming soon in the wake of the passage of the $1.2 trillion Infrastructure Investment and Jobs Act, which includes cybersecurity requirements for public water systems.

Funding challenges hamper cyber EO compliance, CIOs say

A group of agency CIOs shared their biggest obstacles in meeting a series of aggressive deadlines and modernization goals of the Biden administration's sweeping cybersecurity executive order.

OMB official reviews progress six months after the cyber EO

A federal official overseeing the implementation of the cybersecurity executive order signed in May said many agencies have met its aggressive deadlines so far.

CISA orders civilian agencies to fix known flaws in six months

The binding operational directive issued Nov. 3 requires federal agencies to remediate known exploited vulnerabilities on their networks under specific timeframes is also intended to serve as guidance for the private sector and state and local governments.

Zero-trust has a branding problem

A zero-trust approach to cybersecurity is intended to increase vigilance and minimize risk, but without the necessary context, the concept could raise discomfort or even hostility among federal workers.

Senate Republicans seek IG probe of TSA pipeline directives

Republican leaders on the Senate Homeland Security and Governmental Affairs Committee are calling for an inspector general probe into how the Transportation Security Administration developed its first ever pipeline-specific security directives.

Lawmakers examine TSA's growing role in cyber

Lawmakers on the Homeland Security Committee convened cybersecurity experts and key stakeholders from the transportation industry to discuss new rules in the works for the transportation sector.

New missions could present challenges for the DOD cyber workforce

Mieke Eoyang, the deputy assistant secretary of defense for cyber policy said one of DOD's main cyber workforce challenges is being able to set expectations around policymakers' calls to step in and defend against cyberattacks.

CISA seeks 24-hour timeline for cyber incident reporting

Two separate Senate bills set different deadlines for federal contractors, critical infrastructure providers and other covered companies to report cyber incidents to the federal government.

The CISO reporting structure is broken

The commitment to managing cyber risk is a primary concern, but is often consolidated with IT priorities. This creates a conflict – does IT or security come out on top?

Clarke stresses cooperation as momentum builds on Capitol Hill behind breach disclosure legislation

Rep. Yvette Clarke (D-NY), chair of the Cybersecurity, Infrastructure Protection and Innovation subcommittee, said building trust with critical infrastructure entities was fundamental to expanding information sharing between the public and private sectors.

White House looks to step up endpoint monitoring

The Biden administration is requiring agencies to provide visibility into their endpoint detection and response efforts as part of the cybersecurity executive order.

IT spend expected to trend up, acting DOD CIO says

Rising IT and cyber budgets may lay ahead as the Defense Department moves forward with implementing zero trust architecture and begins relying more on artificial intelligence.