Author Archive
Cybersecurity
The federal government is moving on memory safety for cybersecurity
The issue of how coding languages might support software developers’ management of memory has recently gotten attention from the National Security Council, the Cybersecurity and Infrastructure Security Agency and Congress.
Cybersecurity
Agencies face interoperability challenges with zero trust, GAO says
Because there is no single zero-trust solution, agencies must integrate new and existing solutions, a challenge for those with large investments in traditional technologies, the watchdog agency said.
Cloud & Infrastructure
NTIA wants to know how best to spend $1.5B in grants for secure, open 5G
The money will be available to suppliers of information and communications technology in an effort to move away from Chinese companies like Huawei and ZTE.
Cybersecurity
CISA highlights space, bioeconomy as possible new critical infrastructure sectors
The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.
Cybersecurity
Securing IoT requires government, industry collaboration
As government looks to adopt procurement regulations for internet-connected devices, industry stakeholders are skeptical.
Cybersecurity
CISA director: Big tech shouldn’t charge extra for event logging
The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.
Cloud & Infrastructure
CISA seeks feedback on baseline measures to secure cloud configuration
Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next.
Cybersecurity
CISA to focus on water, education and health sectors over the next year
The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.
Cybersecurity
CISA plans local events to discuss cyber incident reporting
The effort aims to give officials a greater understanding of cyber threats and the ability to defend U.S. critical infrastructure against cascading impacts when attacks occur.
Cybersecurity
Consumer cyber hygiene makes significant gains, report shows
Over the last three years, more consumers are using strong passwords, enabling multifactor authentication and blocking location-tracking services.
Cybersecurity
National cybersecurity review begins for all levels of government
The annual self-assessment asks all states and local agencies, tribal nations and territorial governments receiving DHS security grants to assess their cyber gaps and capabilities.
Cybersecurity
Guidance aims to help critical infrastructure protect against cyberattacks
A cybersecurity advisory will help critical infrastructure owners and operators simplify choices around the security of industrial control systems while allowing flexibility the companies say is needed to their operations.
Cybersecurity
Rule for vendors' secure software self-attestation in the works
Federal agencies will soon need vendors to attest that their products conform with NIST guidance on secure software development, OMB says.
Cybersecurity
New guide to secure software development passes on content but fails on communication, industry official says
The lengthy document may miss its target audience altogether, one industry observer notes.
Data & Analytics
Lax data privacy rules may expose consumer location information
With states now free to enforce their own data privacy laws, regulators have been on the lookout for mobile carriers sharing sensitive location information.
Emerging Tech
DHS commits to better intel sharing with law enforcement, points to mobile app
Whether the department has increased information sharing with government partners is unclear, but—either way—the quality is just not there, according to DHS’ Office of the Inspector General.
Cybersecurity
Locking down identity and access management post-SolarWinds
The epic intrusion campaign has turned up the brights on vendors providing authentication services, but agencies will still need to be actively engaged for effective implementation.
Cybersecurity
EPA to issue cybersecurity rule for water facilities
The EPA will extend its sanitary reviews of critical water facilities to include cybersecurity, an administration official said.
Emerging Tech
NIST selects 12 companies for implementing post-quantum cryptography
Officials leading a standardization effort—based on four winning algorithms—are relying heavily on industry for success.
Cybersecurity