John Sherman, the Department of Defense’s chief information officer and a 2023 Wash100 winner, said his organization will soon evaluate military and internal zero trust strategies to ensure compliance with 2027 targets. He told attendees at the Billington Cybersecurity Summit on Thursday that the various DOD components and service branches are expected to submit plans […]
A group of senators has introduced the Small Business Cyber Resiliency Act, which seeks the creation of a government unit to protect small businesses from cyber threats. The bill will establish the Central Small Business Cybersecurity Unit within the Small Business Administration. The unit will create a public repository of cybersecurity resources for small businesses; […]
The Cybersecurity and Infrastructure Security Agency has added extended internet-of-things solutions provider NetRise to the Continuous Diagnostics and Mitigation Program‘s Approved Product List. NetRise’s automated platform provides XIoT users enhanced visibility and protects organizations from firmware-based attacks and threats through continuous risk monitoring and identification. The platform also generates a software bill of materials, performs […]
The Cybersecurity and Infrastructure Security Agency is working to integrate access management capabilities into its Continuous Diagnostics and Mitigation program to further strengthen the cyber defenses of federal agencies. CDM is currently focused on mitigating vulnerabilities and cyber incidents in federal systems, including the recent exploitation of a structured query language injection vulnerability in Progress […]
Carahsoft Technology has signed an agreement to serve as a public sector distributor of Semperis’ identity threat detection and response platform. The solution’s contracts will be made available through Carahsoft’s resellers and the National Association of State Procurement Officials’ ValuePoint, National Cooperative Purchasing Alliance and OMNIA Partners. The partnership with Carahsoft dovetails with the expansion […]
The Department of Justice announced on Tuesday that Verizon Business Network Services has agreed to a $4.1 million settlement to resolve False Claims Act allegations of failure to fully satisfy cybersecurity controls on government contracts. The claims stemmed from lapses in three cybersecurity controls required in internet connection and other external network contracts that the unit […]
Not-for-profit organization Mitre has released an extension for its open-source Caldera platform to enable automated exercises replicating threats to operational technology, which are hardware and software that detect or change industrial equipment and processes through monitoring and control. Caldera is an adversary emulation platform built on Mitre Att&ck and is aimed at supporting cybersecurity personnel […]
Six K-12 software providers have committed to developing products with enhanced security. PowerSchool, Classlink, Clever, GG4L, Instructure and D2L voluntarily signed a pledge for K-12 education technology software manufacturers in line with the Cybersecurity and Infrastructure Security Agency’s secure-by-design whitepaper. By signing the pledge, the companies agree to take ownership of customer security outcomes, embrace […]
The National Institute of Standards and Technology is seeking organizations interested in supporting a National Cybersecurity Center of Excellence project that aims to accelerate the adoption of digital identities, including digital driver’s licenses. NIST intends to partner with experts from industry, government and academia through an NCCoE cooperative research and development agreement, under which selected […]
The United States and its allies have released a joint report on a new malware campaign targeting Android devices used by the Ukrainian military. According to the report, a Russian military hacking team called Sandworm deployed the Infamous Chisel malware, allowing threat actors to access mobile devices to scrape multiple files containing credentials and key […]
