The Cybersecurity and Infrastructure Security Agency is seeking comments on a new endeavor that collects information to provide tailored technical assistance to the government and critical infrastructure sector.

A notice published Thursday in the Federal Register states that CISA’s ReadySetCyber initiative is meant to facilitate voluntary and online-based collection of data from critical infrastructure organizations and state, local, tribal and territorial governments to inform the development of cybersecurity recommendations and services.

Through the program, CISA aims to advance the adoption of its cybersecurity performance goals to reduce cyber threat risks, enable more targeted engagement with sectors and effectively allocate capacity-constrained services to specific stakeholders.

The agency expects to submit an information collection request for ReadySetCyber to the Office of Management and Budget for review and approval.

Interested parties have until Oct. 10 to submit feedback on the new initiative.

The Federal Communications Commission is soliciting public feedback on its plan to give smart device manufacturers the option to qualify for a U.S Cyber Mark on their products.

The agency on Thursday released a factsheet on the voluntary cybersecurity labeling program, three weeks after it issued a notice of proposed rulemaking.

The program would cover Internet of Things devices which, if approved, will bear the Cyber Mark declaring their safety and security for data privacy.

FCC is inviting recommendations on how to develop and qualify compliance with security standards that apply to different devices. The agency is also welcome to suggestions to ensure that the labels will not be exploited for unauthorized purposes.

“[N]ew devices—from smart televisions and thermostats to home security cameras, baby monitors, and fitness trackers…provide huge benefits because they can make our lives easier and more efficient. But this increased interconnection brings more than just convenience; it brings increased security risk,” FCC Chair Jessica Rosenworcel said in a statement. “That is why the Commission is proposing to put in place the first-ever voluntary cybersecurity labeling program for connected smart devices.”

The Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review Board will conduct a study on private and public sector approaches to protecting cloud-based identity management and authentication.

The review marks the third such audit initiated by CSRB to address attacks on cloud computing environments, the Department of Homeland Security said Friday.

The board will investigate the malicious targeting of Microsoft Exchange Online in July 2023, which affected accounts owned by U.S. government agencies. After the review, CSRB is expected to make recommendations to improve cyber defense practices of government, industry and cloud service providers.

“Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure,” DHS Secretary Alejandro Mayorkas commented. “Actionable recommendations from the CSRB will help all organizations better secure their data and further cyber resilience,” the previous Wash100 award winner added.

CISA Director Jen Easterly, another Wash100 inductee, echoed Mayorkas’ remarks. “The Board’s findings and recommendations from this assessment will advance cybersecurity practices across cloud environments and ensure that we can collectively maintain trust in these critical systems,” she said.

Earlier this month, the board released a report and corresponding actions needed in response to the hacking of federal and business accounts by ransomware group Lapsus$, which occurred between 2021 and 2022.

Ignatius “Buck” Liberto, director of cybersecurity risk management and compliance at the office of the chief information officer at the Department of Energy, discussed how DOE has shifted from a perimeter security approach to zero trust to better protect sensitive data and critical facilities from cyberthreats, according to an article published Saturday in Forbes.

“At some point we got very wise, we the federal government, and said stop,” Buck said in a podcast.

“We need to make this a ‘deny all allow by exception’, and that certainly helped out a lot as we moved forward. And that’s really part of the zero trust architecture at an enterprise level and not at an enclave or lower level and enterprise level,” he added.

Buck said adopting zero trust will require DOE to advance innovation, partner with vendors and launch an education program that could help meet security goals.

He highlighted the need for a training awareness program and importance of adopting emerging technologies to help DOE improve its incident response capabilities.

“Network engineers and security defenders doing their job checking the logs looking for the anomalies is machine learning is automation helping absolutely when you look at the progression of just intrusion protection systems and next generation firewalls,” Buck noted.

“From a technology standpoint, we’re certainly helping so we’re looking for those anomalies that will then trigger alerts that will help the defenders,” he added.