FBI, CISA, Coast Guard Report Cyber Vulnerability in Password Management Platform

Password Management

The FBI, Coast Guard Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly reported a cyber vulnerability in a self-service password management platform made by Zoho. Cyber actors capitalizing on advanced persistent threats (APT) are likely to exploit a vulnerability found in Zoho's ManageEngine ADSelfService Plus, CISA said Thursday.

Read More »

House Committee Votes to Pass $865M Funding Boost for CISA; Rep. Jim Langevin Quoted

Jim Langevin

The House of Representatives' committee on homeland security has voted to approve an amendment that adds $865 million to the Cybersecurity and Infrastructure Security Agency's funds. Rep. Bennie Thompson, D-Miss., presented the amendment to a $3.5 trillion reconciliation bill, which would boost CISA's cybersecurity funds if passed.

Read More »

Gen. Paul Nakasone on Cybersecurity, Foreign Election Interference

Gen. Paul Nakasone

Gen. Paul Nakasone, head of U.S. Cyber Command and a 2021 Wash100 Award recipient, said cybersecurity is national security and opens up a “new strategic environment of competition." Cybercom is now preparing to ensure the security of the 2022 midterm elections and Nakasone discussed how the command works to counter cyber threats as more countries attempt to interfere with U.S. democratic processes.

Read More »

Air Force Renames 55th Communications Squadron to Reflect Cyber Mission; Lt. Col. Christopher Wong Quoted

55th Cyber Squadron

The U.S. Air Force has rebranded its 55th Communications Squadron to emphasize the military unit's role in communication infrastructure security at Offutt AF Base in Nebraska and cyber defense mission work at the service branch. USAF said Sunday the redesignation to 55th Cyber Squadron comes after the group completed a set of requirements and internal restructuring efforts.

Read More »

Sean Connelly: Agencies Can Utilize CISA Services to Meet Zero Trust Security Mandate

Sean Connelly

Sean Connelly, program manager of Trusted Internet Connections (TIC) at the Cybersecurity and Infrastructure Security Agency (CISA), said that CISA will offer services for agencies mandated to implement zero trust strategies under President Biden’s cybersecurity executive order. CISA plans to make its protective domain name system services available to other agencies in an effort to help them reach zero trust maturity status.

Read More »

Trade Groups Offer Recommendations to DOD Over CMMC Program

55th Cyber Squadron

The Information Technology Industry (ITI) Council, National Defense Industrial Association (NDIA) and the Professional Services Council (PSC) have presented six recommendations to the Department of Defense (DOD) to better support the review of potential changes to the Cybersecurity Maturity Model Certification (CMMC) program and assessment practices.

Read More »

House Bill to Establish Term Limit for CISA Director; Rep. Andrew Garbarino Quoted

Rep. Andrew Garbarino

Rep. Andrew Garbarino, R-N.Y., ranking member of the House Homeland Security Committee’s cybersecurity infrastructure protection and innovation subpanel, and six other bipartisan House lawmakers have proposed a bill that would set a five-year term limit for the director position at the Cybersecurity and Infrastructure Security Agency (CISA).

Read More »

Allan Friedman: Software Bill of Materials Should Be Part of Multifaceted Cybersecurity Agenda

Allan Friedman

Allan Friedman, who just moved to the Cybersecurity and Infrastructure Security Agency (CISA) to help scale up work on software bill of materials (SBOM), said operationalizing SBOM requires integrating the concept into existing tools, daily operations and into the cybersecurity and vulnerability ecosystem. Friedman also discussed the goals for developing agency guidelines and potential changes to federal procurement regulations. 

Read More »

GAO to Issue Report on Pandemic-Driven Tech Adoption’s Cyber Impacts; Jennifer Franks Quoted

Jennifer Franks

The Government Accountability Office (GAO) plans to issue a report in fiscal year 2022 about the impact of technology adoption that is driven by mass telework on federal agencies’ cybersecurity posture. GAO also intends to broaden its reviews in the near future to include risks to supply chains amid recent cyberattacks.

Read More »

CISA, FBI Recommend Steps to Mitigate Risk of Ransomware Attacks; Eric Goldstein Quoted

Eric Goldstein

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory outlining mitigation measures that organizations in public and private sectors can implement to reduce the risk of ransomware attacks and other cyber incidents. CISA and the bureau have observed a rise in ransomware attacks during holidays and weekends.

Read More »