Tuesday, January 25, 2022

Subscribers Only

Free

DHS Announces 2022 Bug Bounty Program

Following a year in which DHS Secretary Alejandro Mayorkas says “the amount of ransomware attacks really exploded,” the Department of Homeland Security has announced a new bug bounty program, offering rewards for vulnerabilities found in its external-facing systems. The “Hack DHS” program will occur in three phases across the next fiscal year: 1) virtual assessments […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Warns Critical Infrastructure Owners and Operators to Prepare for and Take Steps to...

On December 15, 2021, the U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (“CISA”) announced the publication of a warning for “critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyber attacks” before the upcoming holiday season.  CISA’s warning emphasizes that “[s]ophisticated threat actors […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Homeland Secretary and Top Cybersecurity Officials Meet with Silicon Valley Leaders to Stress Cybersecurity...

Federal cybersecurity officials met on December 6 with more than a dozen representatives of leading technology and cybersecurity companies to address how they can...

TSA Rail Cybersecurity Directives Show Increasing Government Regulation of Critical Infrastructure and the Private...

TSA has issued two Security Directives aimed at passenger and freight railroad cybersecurity, continuing the government’s move to an increasingly regulatory approach to private sector cybersecurity. Security Directive 1582-21-01, “Enhancing Public Transportation and Passenger Railroad Cybersecurity” applies to each owner/operator of a passenger railroad carrier or rail transit system while Security Directive 1580-21-01, “Enhancing Rail […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

TSA Imposes New Cybersecurity Requirements for Rail and Air Sectors

On December 2, 2021, the Transportation Security Administration (“TSA”) announced the issuance of Security Directive 1580-21-01, Enhancing Rail Cybersecurity, and Security Directive 1582-21-01, Enhancing Public Transportation and Passenger Railroad Cybersecurity (the “December Security Directives”), and “additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

TSA Announces New Security Directives for Rail Sector

TSA has issued two security directives requiring higher-risk freight railroads, passenger rail, and rail transit to implement measures to strengthen cybersecurity within the sector. Key among the requirements in the security directives is a requirement to report cybersecurity incidents to CISA within 24 hours. The directives also require these rail transportation owners and operators to […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Preparing Guidance for Zero Trust, Cloud Security

CISA is working on guidance documents to ease the transition to a zero trust cybersecurity environment: in the last three months, CISA and OMB have released drafts of their zero trust strategy, cloud security technical reference architecture, and zero trust maturity model. John Simms – deputy branch chief of the agency’s Cybersecurity Assurance Branch – […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DHS Launches Cyber Talent Management System After 7 Years of Development

In 2014, Congress authorized DHS to build a new management system for cybersecurity personnel that would be exempt from many of the General Schedule’s traditional competitive hiring, classification, and compensation practices. That system went live a few weeks ago, and DHS is now accepting applications for what’s known as the “cybersecurity service.” It is starting […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DHS Adds Cybersecurity Guidelines for Rail Industry, Adjusts Pipeline Rules to Align

As promised by Secretary of Homeland Security Alejandro Mayorkas in October, TSA has issued new cybersecurity rules for the freight and passenger rail industries....

CISA Adds 5 Bugs to Mandatory Patch List

CISA has identified security defects in software made by Qualcomm, Mikrotik, Zoho, and Apache, which are actively being exploited. It has added these five items to its Known Exploited Vulnerabilities Catalog, and set deadlines for federal agencies to apply patches; three of them must be fixed by December 15, and the other two by June […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.