Insider Threats

Microelectronics supply chain challenges and zero trust

When it comes to microelectronics supply chain, better security risk assessment as manufacturers base contend with ongoing threats.

Agency zero trust does not start from point zero

The good news is that consistent IT policy spanning previous presidential administrations has allowed the federal government to slowly put the necessary building blocks in place for the inevitable zero trust architecture journey.

Small businesses ask Congress to focus CMMC on primes and DOD

Jonathan Williams, a partner at the Washington, D.C.-based law firm PilieroMazza, told lawmakers much of small businesses concerns could be assuaged if DOD and prime contractors shoulder the burden.

Supreme Court narrows scope of hacking law, but questions remain

The Supreme Court's ruling on Thursday decided a police officer did not violate a 1980s anti-hacking law, but the court ultimately left open questions about the Computer Fraud and Abuse Act's applicability for other purposes such as cybersecurity research.

Army wants teleworkers to switch off smart IoT devices

The Army announced it would require all military, civilian, and contractors to rid their telework environments of internet of things devices, such as smart TVs and speakers.

Supply chain risk: Addressing a multitude of single points of failure

As recent attacks have demonstrated, supply chain risks extend to the software and update process as well.

DOJ's China hack indictments offer businesses key threat intel, officials say

A Justice Department official today disclosed that 1,000 Chinese researchers have been expelled from the country for hiding their affiliation with the Chinese military.

What it takes to future-proof federal IT supply chains

We have now advanced past that initial disruption brought about by the COVID-19 pandemic, and agencies and organizations should ask themselves: how can we make our supply chains better for the long term, and how do we continue to improve work-from-home security?

Civilian-side CMMC

The General Services Administration will add more supply chain and cybersecurity protection language, including DOD's CMMC requirements for vendors, to its new contracts as risks grow, according to one of the agency's top acquisition managers.

DOD releases interim cybersecurity rule

The rule is designed to ensure DOD contractors are adhering to a uniform standard for protecting controlled unclassified information is protected. But while trade groups representing government and defense contractors have lauded the framework but criticized the implementation and rulemaking process.

CMMC clears key regulatory hurdle

The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

PIV security frays under the crush of telework

Adversaries are adapting to the shifting identity authentication gaps on federal and commercial networks created by the remote work environment, according to federal security experts.

DISA to deliver web-browsing protection to 1.5M users

The Defense Information Systems Agency is moving into production for its $199 million cloud-based internet security tool, aiming to migrate 1.5 million users in the first year.

National Guard plans all-virtual cyber exercise

The National Guard is taking its annual Cyber Shield training exercise virtual due to COVID-19 with a spotlight on information operations.

CISA updates internet connection policies

Many of the changes to the core Trusted Internet Connection policies were in response to public feedback seeking new tech and additional architectural and security concepts.

Staying ahead of threats on government networks

Why securing data and managing cyber risk must now become critical elements in agency ERM frameworks.

Report: Lax cybersecurity at CIA unit led to Vault 7 leaks

An internal CIA report pins the theft of valuable hacking tools in 2016 on a workplace culture that didn't do enough to emphasize cybersecurity.