Turning hackers’ behavior against them

By identifying psychological biases of hackers, a new program aims to develop proactive network defenses that go beyond tech-based solutions and rely on analysis of attackers’ behavior to thwart them.

State mandates K-12 cyber education

North Dakota is the first state in the nation to require cybersecurity education be integrated into K-12 classrooms.

CISA gives ransomware victims a heads-up

The Pre-Ransomware Notification Initiative takes advantage of the time between initial penetration and data theft or encryption to notify victims so they can identify and eliminate hackers from their system.

Senators request cyber safety analysis of Chinese-owned DJI drones

Lawmakers raised concerns that sensitive data could leak to adversaries through foreign-owned consumer technology. 

Florida city water cyber incident allegedly caused by employee error

Al Braithwaite, the former city manager of Oldsmar, Florida, said the 2021 episode was not caused by outside hackers but was instead a “non-event” sparked by user error.

What is the National Cybersecurity Strategy? A cybersecurity expert explains what it is and what the Biden administration has changed

The National Cybersecurity Strategy outlines a need for improved cyber hygiene through cyber insurance, data sharing and fostering technology research.

CISA: Election security still under threat at cyber and physical level

Threats enacted by state-sponsored actors during the 2022 election have highlighted the need for “continued vigilance” in upcoming elections, said CISA Election Security Advisor Kim Wyman.

State cyber workforce challenges reaching ‘crisis levels’

By marketing themselves better and adapting to remote work, states can attract and retain more cybersecurity workers, a new report suggests.

Remember user experience in the zero trust journey

Education, user-friendly technologies and leadership buy in can help bring employees onboard.

ChatGPT could make phishing more sophisticated

The latest version’s greater “steerability” allows users to vary the style and tone of generated text to make scams even harder to detect.

NSA offers new tips on zero trust and identity

New zero trust guidance for government agencies highlights best practices for maturing identity and access controls.

CISA launches pilot to spot ransomware vulnerabilities

By uncovering vulnerabilities associated with known exploits, CISA can warn critical infrastructure organizations so they can mitigate issues before a ransomware incident occurs.

Password mismanagement still at the heart of security issues

While many government employees reuse credentials that have been compromised and put online, one expert warned MFA is not the “silver bullet” solution.

Report: Increased remote work for many governments also raises cyber risks

Roughly one-third of government employees believe “their actions don’t matter when it comes to security,” according to a new survey.

New bills look to help small water systems tap cybersecurity assistance

New legislation looks to set aside $10 million to help subsidize fees for small utilities to join the Water Information Sharing and Analysis Center.

Acting national cyber director offers new details on upcoming cyber workforce strategy

The forthcoming plan is meant to accompany an overarching cyber strategy released last week that industry groups and cybersecurity experts said would be challenging to implement given the nation’s cyber workforce woes. 

NIST renews cyber center partnership, launches small business focus

The agency renewed its partnerships that support the National Cybersecurity Center of Excellence and launched the NIST Small Business Cybersecurity Community of Interest.