Lawmakers debate ROI on cyber insurance

The jury is still out on how using insurance policies to pay ransoms and re-establish systems after a cyberattack affects critical infrastructure organizations’ individual and collective resilience.

Allied cybersecurity agencies advise against disabling popular tool for cyberattackers

The Microsoft program – PowerShell – has granted malicious actors in major hacks remote command and control ability over victims, but, by the same token, it can improve cybersecurity management across an enterprise.

How volunteers help states shore up cybersecurity

Programs in Michigan, Wisconsin and Ohio bring in volunteer experts to conduct assessments and incident response for government systems.

Biden strengthens cyber coordination between DHS and state, local government

The State and Local Government Cybersecurity Act improves collaboration between DHS and state and local governments by boosting the sharing of information and federal resources.

How to reframe the cybersecurity conversation for elected officials

Cybersecurity teams can use an emergency management framework to prepare elected officials to respond to and communicate about a cyber incident.

Watchdog finds cyber risks in TVA control systems

The Tennessee Valley Authority, a federal utility operating in seven southeastern states, lacked proper IT controls and cybersecurity oversight of systems assisting with flood and river management, according to a recent inspector general report.

Brush up on phishing detection to prevent ransomware

With ransomware commonly entering state and local IT networks through phishing emails, employees must learn to spot social engineering scams, a new report says.

Cyber competition builds skills, teamwork

Participating in the International Cyber League helps the IT team at the Illinois State Treasurer’s office test their skills against real-world network threats.

Authentication considerations for state and local governments

Multifactor authentication adds a layer of security to accessing accounts but agencies should know the differences between methods.

Software bill of materials is about more than compliance, expert says

As organizations look to hammer out the standards for SBOMs, they’re also looking at how to automate the vulnerability checking process.

EPA seeks funding to improve the cybersecurity of America’s water systems

The Environmental Protection Agency aims to invest $4 billion in upgrades to the nation’s water and wastewater infrastructure with a strong focus on cybersecurity.

How XDR can identify and fill the cracks in state and local government’s cybersecurity posture

By enabling security solutions to do what they’re intended to do—identify threats—extended detection response better equips security personnel to analyze these identified vulnerabilities and respond to inbound threats.

Postal Service should 'act swiftly' to scale up identity services, IG says

USPS is working with the General Services Administration on more in-person options for, according to a new whitepaper from the U.S. Postal Service's Inspector General.

Ransomware attacks on hospitals put patients at risk

The University of Vermont Medical Center in Burlington, Vt., was hit by a massive ransomware attack during the COVID-19 pandemic. A growing number of health care systems have faced cyberattacks.

New cybersecurity bill authorizes DHS to ramp up incident response efforts nationwide

The National Cybersecurity Preparedness Consortium Act gives the Department of Homeland Security a range of opportunities to bolster cybersecurity preparedness at the state and local level, including and technical assistance services.

Senators ask DHS for strategy to protect U.S. critical infrastructure from Russia

They also raised a series of questions about modern cyber and disinformation threats.