Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, and Sen. Rob Portman, R-Ohio., ranking member of the Senate panel, have asked the federal government to provide information on its response to cyberattacks involving SolarWinds Orion and Microsoft Exchange. Portman and Peters asked DeRusha to provide information on the government’s current federal cybersecurity strategy
Read More »CISA Issues Directive on Using Cybersecurity Tools to Detect Microsoft Exchange Server Risks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental direction to help agencies use new tools for identifying vulnerabilities in their Microsoft Exchange Servers. CISA said Wednesday that the emergency directive recommends agencies to use the Microsoft Safety Scanner or Microsoft Support Emergency Response Tool (MSERT) as well as the Test-ProxyLogon.ps1 script.
Read More »Brandon Wales: CISA Invests $650M in American Rescue Plan Funds for Threat Intell
The Cybersecurity and Infrastructure Security Agency (CISA) has earmarked $650 million from its American Rescue Plan Act funding to transition its EINSTEIN threat intelligence system to various programs. The agency is additionally working to complete the Continuous Diagnostics and Mitigation (CDM) effort’s phases one and two which are slated to conclude in 2021.
Read More »Judy Baltensperger, Kevin Cox Share Plans for CISA’s Continuous Diagnostics and Mitigation Program
The Cybersecurity and Infrastructure Security Agency (CISA) plans to provide in 2021 an updated Continuous Diagnostics and Mitigation (CDM) program that could help reduce reporting requirements for agencies while helping them improve security. Judy Baltensperger said most of the pilot agencies have moved their infrastructure to the cloud and that data quality certification will likely be carried out by the summer of 2021.
Read More »OMB Chief Russell Vought Releases Memo on FISMA Reporting Requirements for FY 2021
Russell Vought, director of the Office of Management and Budget (OMB), has issued a memo detailing reporting requirements and deadlines for agencies in fiscal year 2021 in compliance with the Federal Information Security Modernization Act (FISMA) of 2014. Vought said the updated FISMA guidance directs agencies to report to OMB the status of their data security programs.
Read More »Karen Evans: DHS Consolidates Network, Security Operations Centers
Karen Evans, chief information officer at the Department of Homeland Security (DHS), said DHS is merging its security and network operations centers to keep systems operational as analysts respond and investigate a cyber incident. She said DHS is considering ways how to staff the newly formed network operations security center with federal and contract employees.
Read More »Updated CISA Federal Cybersecurity Strategy Directs Improved CDM Scores Through FY 2021
The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA. CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges.
Read More »Christopher Krebs: Agencies Shifting to Telework Should Boost Investments in Cyber Tools
GAO: DHS Should Ensure Contractors’ CDM Tools Provide Unique Hardware Identifiers
The Government Accountability Office (GAO) has recommended that the Department of Homeland Security (DHS) improve its implementation of the Continuous Diagnostics and Mitigation program by ensuring that contractors configure their cybersecurity tools to provide unique identifiers for hardware on agency networks.
Read More »Guy Cavallo Named OPM Principal Deputy CIO
Guy Cavallo, deputy chief information officer at the Small Business Administration (SBA), has been appointed principal deputy CIO at the Office of Personnel Management, effective Sept. 14th. Prior to SBA, Cavallo served as executive director of IT operations at the Transportation Security Administration (TSA).
Read More »