Author Archive
Cybersecurity
Rule for vendors' secure software self-attestation in the works
Federal agencies will soon need vendors to attest that their products conform with NIST guidance on secure software development, OMB says.
Cybersecurity
New guide to secure software development passes on content but fails on communication, industry official says
The lengthy document may miss its target audience altogether, one industry observer notes.
Data & Analytics
Lax data privacy rules may expose consumer location information
With states now free to enforce their own data privacy laws, regulators have been on the lookout for mobile carriers sharing sensitive location information.
Emerging Tech
DHS commits to better intel sharing with law enforcement, points to mobile app
Whether the department has increased information sharing with government partners is unclear, but—either way—the quality is just not there, according to DHS’ Office of the Inspector General.
Cybersecurity
Locking down identity and access management post-SolarWinds
The epic intrusion campaign has turned up the brights on vendors providing authentication services, but agencies will still need to be actively engaged for effective implementation.
Cybersecurity
EPA to issue cybersecurity rule for water facilities
The EPA will extend its sanitary reviews of critical water facilities to include cybersecurity, an administration official said.
Emerging Tech
NIST selects 12 companies for implementing post-quantum cryptography
Officials leading a standardization effort—based on four winning algorithms—are relying heavily on industry for success.
Cybersecurity
Diabetes patients flood FDA with comments on cybersecurity for medical devices
Commenters want the Food and Drug Administration to clarify that cybersecurity guidance intended to prevent unauthorized access to data and devices should not apply to patients.
Cybersecurity
North Korea behind ransomware attacks on public health sector, advisory says
Because the state-sponsored cyber actors likely assume health care organization will pay ransoms, attacks will continue, federal cybersecurity agencies say.
Cybersecurity
Lawmaker says 'crypto driver's license' could deter use of digital currency in ransomware
Proposed legislation calls on federal agencies to harmonize national digital identity infrastructure by leveraging biometric databases states have been building to participate in REAL ID, a standard for accepting state-issued identification.
Cybersecurity
Lawmakers debate ROI on cyber insurance
The jury is still out on how using insurance policies to pay ransoms and re-establish systems after a cyberattack affects critical infrastructure organizations’ individual and collective resilience.
Cybersecurity
Allied cybersecurity agencies advise against disabling popular tool for cyberattackers
The Microsoft program – PowerShell – has granted malicious actors in major hacks remote command and control ability over victims, but, by the same token, it can improve cybersecurity management across an enterprise.
Cybersecurity
GAO calls for deeper analysis of federal cyber insurance option
The scope of coverage, financial implications to taxpayers and potentially counterproductive incentives must be considered while examining the need for a federal cyber insurance program, the government watchdog said.
Cloud & Infrastructure
Report details 5G security assessment process
With a uniform and flexible approach, agencies can evaluate, understand and address security and resilience gaps with their 5G assessment policies.
Cybersecurity
New DOJ guidance on key hacking law creates carve out for security researchers
Nearly a decade after the death of open-access advocate Aaron Schwartz, his legacy is still playing out in cybersecurity policy.
Cybersecurity
The plan to secure open source software
The open source community outlined key initiatives that can immediately address goals for hardening the software supply chain.
Cybersecurity
Managed service contracts deserve extra cyber scrutiny, intel agencies advise
A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.
Cloud & Infrastructure
NIST is building a 5G network to model cybersecurity for operators
NIST's draft publication is designed to clarify how cloud security capabilities can help protect a 5G network.
Cybersecurity
CISA points to water sector in seeking $80 million more for FEMA grants
CISA and FEMA are currently rolling out the first of $1 billion in Rescue Act funding to help target-rich, resource-poor state and local entities improve their cybersecurity.
Cybersecurity