Saturday, July 31, 2021

Subscribers Only

Free

CISA Releases Analysis of 2020 Risk and Vulnerability

CISA has published the results of the 37 Risk and Vulnerability Assessments it conducted in fiscal year 2020, revealing security weaknesses that impact both government and private critical infrastructure organizations. Using the MITRE ATT&CK framework to analyze and map its findings, CISA identified six steps along an example attack pathway – initial access, command and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Senate Confirms Jen Easterly to Head Cybersecurity and Infrastructure Security Agency

The Senate has confirmed Jen Easterly as director of the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, by an officially unanimous voice vote. This follows a delay caused by President Biden not presenting her nomination until April, and Senator Rick Scott (R-FL) putting a hold on DHS appointments until the president and vice […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Offers Mobile Security Tools to Agencies

CISA’s Cybersecurity Quality Services Management Office (QSMO) is piloting three products to help agencies to improve the security of their tablets and phones, offered free of charge – at least for now – through its shared services marketplace. They include a protective DNS capability specific to mobile traffic, as well as shared services for vetting […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Federal Cybersecurity Workforce Expansion Act Would Create Training Programs

The Federal Cybersecurity Workforce Expansion Act – introduced by Senators Maggie Hassan (D-NH) and John Cornyn (R-TX) – would create two new training programs to improve the federal cybersecurity workforce. One would be an apprenticeship program based out of Homeland Security’s CISA, the other at Veterans Affairs, targeted toward veterans. The CISA apprenticeship program would […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Publishes Guide to Cybersecurity “Bad Practices”

In addition to its advocacy of “best practices”, CISA has started a list of “bad practices” for cybersecurity practitioners – especially critical infrastructure owners and operators – to avoid. The first two items on the list refer to the use of software that is unsupported or beyond its end-of-life, and the use of known/fixed/default passwords. […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Says Firewall Configuration Might Have Hampered SolarWinds Breach, EINSTEIN Needs to Look at...

The security model used by the $6 billion EINSTEIN sensor system is coming under scrutiny following its failure to detect the SolarWinds attack, and CISA is exploring ways to give the program more visibility into internal networks. Senator Ron Wyden (D-OR) has questioned why the firewalls that are part of the larger system didn’t detect […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Homeland Security Committee Pushes CISA to Improve Infrastructure Cybersecurity

At a hearing of the House Homeland Security Committee, members raised concerns about the cybersecurity of critical infrastructure companies, and pressed CISA to take a stronger approach to overseeing it. Several lawmakers were troubled by Colonial Pipeline’s decision to contact a private cybersecurity company rather than CISA. Ranking member John Katko (R-NY) wants to expand […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Mandatory Homeland Security Cybersecurity Directive

In April 2021, the Department of Energy launched a 100-day initiative to strengthen cybersecurity protections in the energy sector. Just one month later, the Transportation Security Administration, an agency under the purview of the Department of Homeland Security, issued Security Directive Pipeline 2021-1 to implement — for the first time — mandatory requirements for certain […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Acting CISA Head Calls for Support, Funding from Congress

CISA acting director Brandon Wales says that the agency needs greater support from Congress, “including in critical new areas such as dedicated cybersecurity preparedness grants for our state and local governments, and establishing a new cybersecurity recovery fund to ensure our nation can respond to catastrophic cyber incidents.” The creation of a cybersecurity recovery fund […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

TSA Preparing New Cyber Regulations for Pipeline Operators

The Transportation Security Administration is preparing new cybersecurity requirements for interstate pipelines, in the wake of the Colonial Pipeline attack and shutdown. A TSA official told Congress that the agency will require additional risk mitigation measures and specific security assessments, which will be enforced by inspectors. An earlier directive requires covered entities to report ransomware […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.