Insider Threats

Unmonitored networks put US nuclear arsenal at risk, GAO finds

A Government Accountability Office report found that the Energy Department cannot effectively monitor potential insider threats to U.S. nuclear security because department staff “have not identified the total number of DOE’s stand-alone classified networks.”

  • By Edward Graham

Jury: Former DHS watchdog official stole software, employees’ personal info

The verdict is in for the last holdout in a scandalous scheme to defraud the government.

  • By Mariam Baksh

White House embeds cyber EO in FISMA reporting

Federal agencies will be reporting on zero-trust adoption and automation efforts in their annual cybersecurity reports to the Office of Management and Budget.

  • By Adam Mazmanian

Zero-trust has a branding problem

A zero-trust approach to cybersecurity is intended to increase vigilance and minimize risk, but without the necessary context, the concept could raise discomfort or even hostility among federal workers.

  • By Jim Richberg

Zero trust, EMS top Air Force cyber priorities

Lt. Gen. Timothy Haugh, the commander of the 16th Air Force, said implementing zero trust principles was "foundational" to improve data use and mitigate vulnerabilities from the defense industry supply chain.

  • By Lauren C. Williams

Microelectronics supply chain challenges and zero trust

When it comes to microelectronics supply chain, better security risk assessment as manufacturers base contend with ongoing threats.

  • By Lauren C. Williams

Agency zero trust does not start from point zero

The good news is that consistent IT policy spanning previous presidential administrations has allowed the federal government to slowly put the necessary building blocks in place for the inevitable zero trust architecture journey.

  • By Joe Stuntz and Russ Ficken

Small businesses ask Congress to focus CMMC on primes and DOD

Jonathan Williams, a partner at the Washington, D.C.-based law firm PilieroMazza, told lawmakers much of small businesses concerns could be assuaged if DOD and prime contractors shoulder the burden.

  • By Lauren C. Williams

Supreme Court narrows scope of hacking law, but questions remain

The Supreme Court's ruling on Thursday decided a police officer did not violate a 1980s anti-hacking law, but the court ultimately left open questions about the Computer Fraud and Abuse Act's applicability for other purposes such as cybersecurity research.

  • By Justin Katz

Army wants teleworkers to switch off smart IoT devices

The Army announced it would require all military, civilian, and contractors to rid their telework environments of internet of things devices, such as smart TVs and speakers.

  • By Lauren C. Williams

Supply chain risk: Addressing a multitude of single points of failure

As recent attacks have demonstrated, supply chain risks extend to the software and update process as well.

  • By John Loucaides

DOJ's China hack indictments offer businesses key threat intel, officials say

A Justice Department official today disclosed that 1,000 Chinese researchers have been expelled from the country for hiding their affiliation with the Chinese military.

  • By Justin Katz

What it takes to future-proof federal IT supply chains

We have now advanced past that initial disruption brought about by the COVID-19 pandemic, and agencies and organizations should ask themselves: how can we make our supply chains better for the long term, and how do we continue to improve work-from-home security?

  • By Tommy Gardner

Civilian-side CMMC

The General Services Administration will add more supply chain and cybersecurity protection language, including DOD's CMMC requirements for vendors, to its new contracts as risks grow, according to one of the agency's top acquisition managers.

  • By Mark Rockwell
Featured eBooks

DOD releases interim cybersecurity rule

The rule is designed to ensure DOD contractors are adhering to a uniform standard for protecting controlled unclassified information is protected. But while trade groups representing government and defense contractors have lauded the framework but criticized the implementation and rulemaking process.

  • By Lauren C. Williams

CMMC clears key regulatory hurdle

The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • By Lauren C. Williams

PIV security frays under the crush of telework

Adversaries are adapting to the shifting identity authentication gaps on federal and commercial networks created by the remote work environment, according to federal security experts.

  • By Mark Rockwell

DISA to deliver web-browsing protection to 1.5M users

The Defense Information Systems Agency is moving into production for its $199 million cloud-based internet security tool, aiming to migrate 1.5 million users in the first year.

  • By Lauren C. Williams

National Guard plans all-virtual cyber exercise

The National Guard is taking its annual Cyber Shield training exercise virtual due to COVID-19 with a spotlight on information operations.

  • By Lauren C. Williams

CISA updates internet connection policies

Many of the changes to the core Trusted Internet Connection policies were in response to public feedback seeking new tech and additional architectural and security concepts.

  • By Derek B. Johnson

Staying ahead of threats on government networks

Why securing data and managing cyber risk must now become critical elements in agency ERM frameworks.

  • By Dan Chenok