Author Archive

Mariam Baksh

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
Cybersecurity

The plan to secure open source software

The open source community outlined key initiatives that can immediately address goals for hardening the software supply chain.

Cybersecurity

Managed service contracts deserve extra cyber scrutiny, intel agencies advise

A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.

Cloud & Infrastructure

NIST is building a 5G network to model cybersecurity for operators

NIST's draft publication is designed to clarify how cloud security capabilities can help protect a 5G network.

Cybersecurity

CISA points to water sector in seeking $80 million more for FEMA grants

CISA and FEMA are currently rolling out the first of $1 billion in Rescue Act funding to help target-rich, resource-poor state and local entities improve their cybersecurity.

Cybersecurity

Malware enables less skilled adversaries to attack industrial control systems

The sophisticated malware features a modular design that would make it more accessible to less skilled adversaries targeting operational technology in power plants and water treatment facilities, specialists say.

Emerging Tech

The push toward climate-friendly grid security and resilience

The Department of Energy is funding research to make a greener energy grid less vulnerable to cyberattack.

Cloud & Infrastructure

CISA seeks comments on securing cloud business applications

A new program aims to develop consistent, effective, modern and manageable security configurations that will help secure information assets stored within cloud environments.

Cybersecurity

CISA details cyber incident reporting for infrastructure operators

CISA wants critical infrastructure partners to report information on repeated attempts to gain unauthorized access to systems, malicious code and ransomware.

Cybersecurity

Hackers build tool to penetrate industrial control systems, feds warn

Enabling full system access to operational technologies, the tool is intuitive enough for less sophisticated threat actors to target power plants and water treatment facilities.

Cybersecurity

Google survey suggests government workers dissatisfied with legacy software, concerned over cyberattacks

A Google survey of federal, state or local government employees revealed a heavy reliance on Microsoft products and expectations of cyberattacks.

Cybersecurity

White House warns of potential Russian cyberattack based on new intel

Distressed by the continued lack of cybersecurity basics implemented in critical infrastructure sectors, the White House issued “a call to action.”

Cybersecurity

Financial regulator says use of crypto helps—not hurts—ransomware investigations

While cryptocurrency is preferred by ransomware perpetrators because of its perceived anonymity, it has significant visibility and investigative benefits over opaque banking, a FinCEN official told a Senate committee.

Cybersecurity

CISA warns of ransomware gang, issues indicators of compromise

Processes spurred by the Ragnar Locker Ransomware have affected at least 52 critical infrastructure organizations since January, but will terminate if it encounters systems in certain Russian and near-Russian locations.

Cybersecurity

Insurance policies may tighten amid U.S.-Russia tensions, cyber pros warn

What a recent court decision means for insurers’ attempts to avoid payouts associated with “acts of war” and breaches where nation-state actors may have played a role.

Cybersecurity

Layered defenses, segmented networks key in shoring up infrastructure, NSA says

A new report from the NSA details why layered defenses are especially important in environments incorporating industrial control systems, which have been targeted in Russian state-sponsored operations.

Cybersecurity

NIST refreshing voluntary Cybersecurity Framework amid push for mandates

The agency is soliciting comments to update a core document that lets entities pick and choose which technical standards they want to apply to their systems based on their own risk assessment.

Cybersecurity

FBI: Ransomware attackers have code to halt critical infrastructure

Monitoring remote access technology will be especially important for limiting the reach of malicious actors, allied cybersecurity agencies said in a report on trends they’ve observed over the last year in a booming ransomware industry.

Cybersecurity

NIST suggests agencies accept the word of software producers per executive order

The standards agency said an attestation from vendors themselves would be sufficient when screening for cybersecurity, unless an agency's risk calculus suggests otherwise.

Cybersecurity

EPA leading White House effort to secure the water sector against cyberattacks

This is the third in a series of 100-day sprints to shore up industrial control systems used in critical infrastructure.

Cybersecurity

Treasury considering state and local grants to implement digital ID systems

The effort to stimulate widespread use of digital identification is aligned with a White House order on cybersecurity and could help defend against ransomware attacks, officials said.