Tag Archives: SolarWinds

U.S. Cyber Command Requests $93.4M From Congress in Additional Funding; Gen. Paul Nakasone Quoted

Gen. Paul Nakasone

U.S. Cyber Command has requested an additional $62 million in funding to reinforce the Department of Defense’s (DOD) information technology (IT) networks as part of its unfunded priorities that were not included in Cyber Command’s fiscal 2022 budget request. The cybersecurity request topped a list of four unfunded priorities totaling $93.4 million. 

Read More »

NIST to Develop Software Best Practices Based on Stakeholder Input, Existing Framework; Kevin Stine Quoted

Kevin Stine

The National Institute of Standards and Technology (NIST) will use an existing document and input from stakeholders to develop best practices in response to an executive order on cybersecurity. Executive Order 14028 tasks NIST to inform how the Office of Management and Budget (OMB) would look to guide federal software procurements.

Read More »

Brandon Wales: CISA to Pilot ‘Threat Hardened Cloud Environment’

Brandon Wales

Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said CISA plans to test secure cloud instances using some of the $650 million in funds the agency received through the American Rescue Plan in response to the SolarWinds hack. He also cited plans to establish the Joint Cyber Planning Office and continue recruitment efforts.

Read More »

U.S. Spy Agencies Review Software Supplier Ties to Russia Following SolarWinds Hack

John Demers

John Demers, assistant attorney general for national security at the Department of Justice, said the FBI and other intelligence agencies launched a review of vulnerabilities originating from software suppliers that have ties with Russia to determine if there is "back-end software design and coding" that makes intrusions into U.S. companies possible.

Read More »

Bob Kolasky: CISA Gains Insight Into 2020’s SolarWinds Cyber Attack

Bob Kolasky

Bob Kolasky, assistant director of the Cybersecurity and Infrastructure Security Agency's (CISA) National Risk Management Center (NRMC), said his team has studied the software risks associated with last year's SolarWinds hack. SolarWinds was a Russian malware attack that affected Orion software in multiple federal agencies. Kolasky said NRMC assessed SolarWinds-related software risks over a span of four months.

Read More »

CISA, NIST Post Document on Securing Software Supply Chain

3D Printing

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks, a document containing information on software supply chain risks and providing guidance on the application of frameworks from NIST for cyber supply chain risk management and secure software development.

Read More »

FBI, DHS Provide Information on Russian Intell Agency’s Cyber Exploitation Techniques

NSA-CISA-FBI-UK NCSC

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory to provide information on cyber tools and techniques used by Russian Foreign Intelligence Service actors to compromise government networks, information technology companies and think tanks. FBI also observed that SVR actors have transitioned from using malware to homing in on cloud-based platforms. 

Read More »

Anne Neuberger Offers Update on Government’s Response to Recent Cyber Incidents

Anne Neuberger

Anne Neuberger, deputy national security adviser for Cyber and Emerging Technology and a 2021 Wash100 Award winner, said that due to an increase in patching efforts, the Biden administration is “standing down” the two unified coordination groups that were established in response to cyber breaches involving SolarWinds and Microsoft Exchange.

Read More »

DHS Seeks Comments on Cyber Vulnerability Information Collection Effort

NIST Cybersecurity

The Department of Homeland Security (DHS) is looking for input on its plans to collect cyber risk information and recommendations from agencies, companies and individuals in the wake of the SolarWinds attack. In addition, the form is intended to help researchers develop concepts for identifying such vulnerabilities, according to DHS. Comments on the information collection request are due on May 18th.

Read More »

House Lawmakers Ask Agencies to Provide More Details on SolarWinds Hack

NSA-CISA-FBI-UK NCSC

A group of bipartisan House lawmakers sent letters to heads of federal agencies requesting more information related to the SolarWinds cyberattack. Lawmakers also want to know how agencies evaluate vendors for cybersecurity risks and whether they have a specific plan in place to reduce the risks of future supply chain attacks.

Read More »