The Cybersecurity and Infrastructure Security Agency has released an updated emergency directive outlining measures to address a new vulnerability in Ivanti’s Connect Secure and Policy Secure platforms.

Ivanti disclosed that cyberthreat actors are using a new vulnerability affecting its devices to gain access to restricted resources without authentication, CISA said Friday.

CISA’s Supplemental Direction V2 provides new security measures to address the system weakness, including a requirement for federal civilian agencies running the affected software versions to apply appropriate security updates.

According to the directive, agencies must continue threat hunting on any systems connected to the affected Ivanti devices, monitor potentially exposed authentication and identity management services, isolate the systems from any enterprise resources and audit privilege-level access accounts.

The updated directive supersedes a previously released executive directive warning against Ivanti device vulnerabilities that enable malicious threat actors to exfiltrate data and establish persistent system access.

The Department of Defense’s Chief Information Officer has released new guidance for sharing standards, best practices and training to international partners looking to develop their cybersecurity programs; cyber workforce; command, control and communications capabilities; and information enterprise.

The Standards Guide for Foreign Partners provides a compilation of readily available and unclassified resources to support efforts to build and operate trusted networks and ensure the security and availability of information systems used by international and U.S. stakeholders.

The document lists the cybersecurity policies, standards and procedures of agency partners, including the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, the National Security Agency and the National Telecommunications and Information Administration.

“Our partnerships allow us to learn and benefit from each other, maintain a shared defense information advantage, and mutually advance warfighting superiority to achieve strategic outcomes. This guide reaches across the many technical areas of the DoD CIO organization. The guide will enable a coordinated, consistent, and effective approach to support our global engagements in direct backing of the National Defense Strategy,” the guide reads.

Sens. Mark Warner, D-Va., and John Thune, R-S.D., have introduced new legislation that seeks to enhance the cybersecurity of unmanned systems used by the federal government.

The Office of Sen. Warner said Wednesday that the Drone Evaluation to Eliminate Cyber Threats Act of 2024 calls for the development by the National Institute of Standards and Technology of guidelines governing the cybersecurity of civilian drones, and the pilot testing and implementation of those guidelines by the Office of Management and Budget.

The DETECT Act also calls on the OMB to provide federal agencies with guidance on reporting security vulnerabilities in the drones they use. The proposed legislation mandates contractors that provide federal agencies with drones or drone-related services to report vulnerabilities that they might discover. Contractor reporting would be governed by regulations to be issued by the Federal Acquisition Regulatory Council.

According to Sen. Warner, ensuring the safety and security of drones is critical because of the transformative quality of the capabilities they offer.

“This legislation will establish sensible cybersecurity guidelines for drones used by the federal government to ensure that sensitive information is protected while we continue to invest in this new technology,” Warner added.

For his part, Sen. Thune said, “This common-sense legislation would require the federal government to follow stringent cybersecurity guidelines and protocols for drones and unmanned systems.”