Department of Homeland Security officials in charge of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) have pushed the program to evolve from a compliance-focused initiative to a real-time threat detection and response platform. First launched in 2013, the program is now tracking approximately 6.5 million devices, which includes operational technology…
Category: Cybersecurity and Infrastructure Security Agency (CISA)
CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity harmonization, Cybersecurity Information Sharing Act, Global Security News, Government, House Homeland Security Committee, House Intelligence Committee, Policy, rand paul, regulation, Sean Plankey, Senate Homeland Security and Governmental Affairs Committee, Senate Intelligence Committee
Congress should re-up 2015 information-sharing law, top Hill staffer says
Congress needs to reauthorize an expiring law that provides legal protections to companies for sharing cyber threat information with the federal government and each other, the staff director for Democrats on the Senate Homeland Security and Governmental Affairs Committee said Wednesday. The 2015 Cybersecurity and Infrastructure Security Act is due to lapse at the end…
Action1, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Rapid7, Threats, vulnerabilities, zero days
Microsoft patches 57 vulnerabilities, including 6 zero-days
Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale. The software defects…
Armis, budget, CISA, Congress, cyber workforce, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity workforce, Department of Government Efficency, Department of Homeland Security (DHS), Emerging Tech, Global Security News, Government, government shutdown, Joe Biden, National Security Council, National Security Council (NSC), Policy, Trump Administration, Workforce
Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm
A potential government shutdown looms by the end of this week if Congress doesn’t pass legislation to keep funding the federal government, a development that could worsen problems cyber personnel and agencies are experiencing under the second Trump administration, experts say. Many cyber feds would likely be exempt from furloughs during a government shutdown, common…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Election Security, Global Security News, Government, Karen Evans, Sean Cairncross, Sean Plankey, Senate Homeland Security and Governmental Affairs Committee, Trump Administration, Workforce
Sean Plankey picked by Trump to be CISA director
President Donald Trump nominated Sean Plankey to head the Cybersecurity and Infrastructure Security Committee on Tuesday, the last major piece to fall into place for cybersecurity leadership in his administration. Plankey served in the first Trump administration, holding a few posts with cyber responsibilities. He was the principal deputy assistant secretary for the Energy Department’s…
Bennie Thompson, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, House Homeland Security Committee, Jake Williams, Russia, Threats
DHS says CISA won’t stop looking at Russian cyber threats
The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and…
Bennie Thompson, CISA, cyber workforce, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity workforce, Department of Government Efficency, Department of Homeland Security (DHS), Global Security News, grants, House Homeland Security Committee, Mark Green, PIVOTT Act, Policy, Trump Administration, Workforce
Cyber workforce legislation vote gives rise to partisan rift on House Homeland Security Committee
A partisan divide opened Wednesday over a bill to bolster the cyber workforce, legislation that earned unanimous support in the House Homeland Security Committee last year but that Democrats are now wary of under President Donald Trump. Under the legislation, students at technical schools and community colleges would receive scholarships in return for two years…
Alexei Bulazel, Asia Pacific, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Energy, Department of Energy (DOE), Eric Goldstein, Federal IT, Global Security News, Government, Jeff Greene, Karen Evans, National Cyber Director, National Security Council, National Security Council (NSC), NSC, office of management and budget, OMB, Sean Cairncross, Workforce
Karen Evans steps into a leading federal cyber position: executive assistant director for cybersecurity at CISA
Federal IT and cyber government veteran Karen Evans is the new executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. It’s one of the most prominent cyber jobs in the federal government, previously held by Jeff Greene and Eric Goldstein. A description of the post on the CISA website says that the…
Bennie Thompson, CISA, Computer Fraud and Abuse Act (CFAA), crowdstrike, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), fraud, Global Security News, House Homeland Security Committee, House Intelligence Committee, information sharing, information sharing and analysis centers (ISACs), Internet Security Alliance, Kemba Walden, Mark Green, Mark Warner, Policy, privacy, rand paul, Senate Homeland Security and Governmental Affairs Committee, Senate Intelligence Committee, SolarWinds
A major cybersecurity law is expiring soon — and advocates are prepping to push Congress for renewal
A push is gearing up to renew an expiring 10-year-old cybersecurity law that was viewed at its initial passage as the most significant cybersecurity legislation Congress had ever passed, and that advocates say now fosters several important threat-sharing initiatives. The 2015 Cybersecurity Information Sharing Act provides safeguards for companies that voluntarily share threat intelligence data…
AI, AI Cybersecurity, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Emerging Tech, Global Security News, Government, Joint Cyber Defense Collaborative (JCDC)
CISA’s AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution
As autonomous agents increasingly enter organizations, nation-state actors are turning to these AI-powered technologies to undermine our national security and critical infrastructures. As a result, today’s security teams need to be able to fight AI with AI, and understand the technology’s implications from both a defensive and offensive perspective. Similarly, our national defenses have to…
Cyber Safety Review Board, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, Policy, Salt Typhoon
Purging cyber review board was ‘a great idea,’ DHS deputy secretary nominee says
Expelling all members of an independent federal cybersecurity advisory panel as it was investigating Salt Typhoon was necessary due to previous leadership and the board “going in the wrong direction,” President Donald Trump’s nominee for deputy secretary of the Department of Homeland Security said Tuesday. Troy Edgar, who is serving as a senior adviser to…
china, CISA, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, disinformation, Election Security, Elon Musk, Global Security News, Government, misinformation, Social Security Administration, Trump Administration, Twitter, Workforce
No, that’s not the acting head of the Social Security Administration. That’s a former CISA employee.
A longtime former employee of the Cybersecurity and Infrastructure Security Agency, an agency in the midst of curtailing its anti-misinformation and disinformation work under President Donald Trump, has found himself being misidentified online as a key figure in another Trump administration battle. On social media and in some news outlets, Ross Foard, a former CISA…
china, cisco, Cisco IOS XE, Cisco Talos, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Salt Typhoon, telecommunications, Threat Intelligence, Threats
Salt Typhoon gained initial access to telecoms through Cisco devices
Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report. Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), disinformation, Election Security, Global Security News, Government
CISA election, disinformation officials placed on administrative leave, sources say
The Cybersecurity and Infrastructure Security Agency placed several members of its election security group on administrative leave last week, multiple sources familiar with the situation told CyberScoop. According to one source, the moves happened Thursday and Friday of last week and were targeted at employees focused on CISA’s mis-, dis- and malinformation teams. The moves…
Amazon Web Services (AWS), cloud computing, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, open source, Research, S3 bucket, SSL, VPN gateway, watchTowr Labs
Here’s all the ways an abandoned cloud instance can cause security issues
There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare. Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on…
Bennie Thompson, Brandon Wales, china, CISA, Cyber Safety Review Board, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), Global Security News, Government, House Homeland Security Committee, Jake Williams, JD Work, Kemba Walden, Kevin Beaumont, Mark Green, National Cyber Director, Paladin, Policy, Salt Typhoon, SentinelOne, telecommunications, Trump Administration
Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker
The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration’s decision to purge a cyber incident investigation board of its membership. But the move had some supporters, including the chairman of that same committee. Acting Department of Homeland Security Secretary Benjamine Huffman issued a…
Biden, Biden administration, Chris Krebs, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), disinformation, Disinformation Governance Board, Donald Trump, Global Security News, Government, Joe Biden, Josh Hawley, Kristi Noem, rand paul, Ron Johnson, Sen. Ron Johnson, Senate Homeland Security and Governmental Affairs Committee, supreme court, Trump, Trump Administration, U.S. Supreme Court
Noem: No anti-disinformation, misinformation action under her as DHS secretary
Department of Homeland Security secretary nominee Kristi Noem committed to senators Friday that if confirmed she would keep the department out of efforts to combat disinformation and misinformation, and pledged to make the Cybersecurity and Infrastructure Security Agency “smaller, more nimble.” The South Dakota governor’s remarks signal that the incoming Trump administration will act on…
Asia Pacific, china, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), DARPA, Global Security News, nsa, Software
Closing software-understanding gap is critical to national security, CISA says
With Chinese-sponsored hackers lingering in the IT systems of various U.S. critical infrastructure networks, potentially imminent threats to the country’s national security abound. The Cybersecurity and Infrastructure Security Agency and federal partners hope to lessen that threat by closing a so-called “software understanding gap.” In a document released Thursday with the Defense Advanced Research Projects…
CDK Global, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, MOVEit Transfer, resilience, Salt Typhoon, Volt Typhoon
Restoring U.S. cyber resilience: A blueprint for the new administration
As the incoming Trump administration prepares to take office, it confronts a critical juncture for cybersecurity. The escalating digital threats from state-sponsored adversaries like China, Iran, North Korea and Russia coincide with fractured global governance and a shifting domestic policy landscape. This moment presents a unique opportunity for the administration to establish itself as a…
AI, AI executive order, Artificial Intelligence, Bennie Thompson, Biden, Biden administration, Bob Kolasky, Center for Cybersecurity Policy and Law, Center for Democracy & Technology, Center for Democracy and Technology, Chris Inglis, CISA, cloud computing, contracting, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Emerging Tech, encryption, fraud, Global Security News, Government, House Homeland Security Committee, Joe Biden, Mark Green, National Cyber Director, National Risk Management Center, National Security Council, National Security Council (NSC), Office of the National Cyber Director, operational technology, phishing, quantum computing, supply chain, supply chain security, Trump, Trump Administration
Biden cyber executive order gets mostly plaudits, but its fate is uncertain
A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president. Chris Inglis, the former national cyber director for Joe Biden who has served under both Democrats…
Amazon Web Services (AWS), Asia Pacific, china, CISA, Congress, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Foundation for Defense of Democracies, Global Security News, Google, Government, Jack Cable, Microsoft, Policy, regulation, Salt Typhoon, secure by design, telecommunications, Treasury Department, Volt Typhoon
A CISA secure-by-design guru makes the case for the future of the initiative
One of the chief architects of the Cybersecurity and Infrastructure Security Agency campaign to get software developers to design their products with security in mind said he believes it could be one of the best tools the Trump administration has to counter China. Jack Cable, who is departing his role as senior technical adviser Thursday,…
AI, Artificial Intelligence (AI), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Global Security News, Joint Cyber Defense Collaborative (JCDC), North America, nsa
CISA’s AI cyber collaboration playbook aims to spur information-sharing
The Cybersecurity and Infrastructure Security Agency is making one last push before the change in administration for increased information sharing between the public and private sectors, releasing an artificial intelligence-focused playbook Tuesday that aims to foster “a unified approach” to handling AI-related cyber threats. The agency’s AI Cybersecurity Collaboration Playbook was developed with the FBI,…
Artificial Intelligence, Artificial Intelligence (AI), china, CISA, Commerce Department, critical infrastructure, Cybercrime, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense, Department of Defense (DOD), Dept of Commerce, DOD, Executive order, Global Security News, Government, North America, Policy, privacy, quantum computing, regulation
Second Biden cyber executive order directs agency action on fed security, AI, space
A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden…
critical infrastructure, cyber hygiene, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, vulnerabilities
CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs
The Cybersecurity and Infrastructure Security Agency has seen a surge in its Cyber Hygiene (CyHy) service enrollment from critical infrastructure organizations over a two-year period, with the communications sector representing the biggest jump. In a report released Friday, CISA said an analysis of the 7,791 critical infrastructure organizations enrolled in the agency’s vulnerability scanning service…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), exploit, Exploits, Global Security News, ivanti, malware, Mandiant, SPAWN, UNC5221, UNC5337, vulnerabilities, zero days
New zero-day exploit targets Ivanti VPN product
A year after a series of vulnerabilities impacting a pair of Ivanti VPN products prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency to federal agencies, the Utah-based software firm is again experiencing issues with one of its signature systems. The company on Wednesday disclosed two vulnerabilities — CVE-2025-0282 and CVE-2025-0283 — that…
Android, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), encrpytion, FIDO, Global Security News, Government, iPhone, Mobile Security, Multi-Factor Authentication (MFA), Salt Typhoon, signal, SIM Swapping, smartphone, Threats, Yubico
CISA pushes guide for high-value targets to secure mobile devices
The Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines Wednesday to safeguard the mobile communications of high-value government targets in the wake of the ongoing Salt Typhoon telecom breach. The guide aims to help both political and federal leadership harden their communications and avoid any data interception by the Chinese-linked espionage group.…
Asia Pacific, Cloud Security, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Microsoft 365, SCuBa
CISA delivers new directive to agencies on securing cloud environments
Federal civilian agencies have a new list of cyber-related requirements to address after the Cybersecurity and Infrastructure Security Agency on Tuesday issued guidance regarding the implementation of secure practices for cloud services. CISA’s Binding Operational Directive (BOD) 25-01 instructs agencies to identify all of its cloud instances and implement assessment tools, while also making sure…
CISA, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, grants, Harry Coker, Jen Easterly, National Cyber Director, National Cybersecurity Strategy, North America, NSM-22, Office of the National Cyber Director, Policy, secure by design, semiconductors
Playbook advises federal grant managers how to build cybersecurity into their programs
Two U.S. cyber agencies released guidance Tuesday on how federal grant managers should incorporate cybersecurity in their programs for critical infrastructure projects, as well as how potential recipients can take it into account. The Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency publication — the “Playbook for Strengthening Cybersecurity in…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Joint Cyber Defense Collaborative (JCDC), National Cyber Incident Response Plan, ODNI, ONCD
CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework
The Cybersecurity and Infrastructure Security Agency on Monday opened a month-long public comment period for its updated draft plan detailing how the public and private sectors should respond to significant cyber incidents. The revamped National Cyber Incident Response Plan — an effort from CISA, the agency’s Joint Cyber Defense Collaborative and the Office of the…
atlantic council, Ben Ray Lujan, budget, CALEA, china, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), FCC, Federal Bureau of Investigation (FBI), Federal Communications Commission, Geopolitics, Global Security News, Government, Jerry Moran, Jessica Rosenworcel, John Thune, Justin Sherman, Money, National Defense Authorization Act, NDAA, Policy, regulation, Salt Typhoon, Senate Commerce Committee, Technology, Ted Cruz, telecommunications, telecoms
Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches
The $3 billion that Congress folded into the annual defense policy bill to remove Chinese-made telecommunications technology from U.S. networks would be a huge start to defending against breaches like the Salt Typhoon espionage campaign, senators and hearing witnesses said Wednesday. Federal Communications Commission Chairwoman Jessica Rosenworcel recently told Hill leaders that the $1.9 billion…