Department of Homeland Security secretary nominee Kristi Noem committed to senators Friday that if confirmed she would keep the department out of efforts to combat disinformation and misinformation, and pledged to make the Cybersecurity and Infrastructure Security Agency “smaller, more nimble.” The South Dakota governor’s remarks signal that the incoming Trump administration will act on…
Category: Cybersecurity and Infrastructure Security Agency (CISA)
Asia Pacific, china, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), DARPA, Global Security News, nsa, Software
Closing software-understanding gap is critical to national security, CISA says
With Chinese-sponsored hackers lingering in the IT systems of various U.S. critical infrastructure networks, potentially imminent threats to the country’s national security abound. The Cybersecurity and Infrastructure Security Agency and federal partners hope to lessen that threat by closing a so-called “software understanding gap.” In a document released Thursday with the Defense Advanced Research Projects…
CDK Global, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, MOVEit Transfer, resilience, Salt Typhoon, Volt Typhoon
Restoring U.S. cyber resilience: A blueprint for the new administration
As the incoming Trump administration prepares to take office, it confronts a critical juncture for cybersecurity. The escalating digital threats from state-sponsored adversaries like China, Iran, North Korea and Russia coincide with fractured global governance and a shifting domestic policy landscape. This moment presents a unique opportunity for the administration to establish itself as a…
AI, AI executive order, Artificial Intelligence, Bennie Thompson, Biden, Biden administration, Bob Kolasky, Center for Cybersecurity Policy and Law, Center for Democracy & Technology, Center for Democracy and Technology, Chris Inglis, CISA, cloud computing, contracting, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Emerging Tech, encryption, fraud, Global Security News, Government, House Homeland Security Committee, Joe Biden, Mark Green, National Cyber Director, National Risk Management Center, National Security Council, National Security Council (NSC), Office of the National Cyber Director, operational technology, phishing, quantum computing, supply chain, supply chain security, Trump, Trump Administration
Biden cyber executive order gets mostly plaudits, but its fate is uncertain
A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president. Chris Inglis, the former national cyber director for Joe Biden who has served under both Democrats…
Amazon Web Services (AWS), Asia Pacific, china, CISA, Congress, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Foundation for Defense of Democracies, Global Security News, Google, Government, Jack Cable, Microsoft, Policy, regulation, Salt Typhoon, secure by design, telecommunications, Treasury Department, Volt Typhoon
A CISA secure-by-design guru makes the case for the future of the initiative
One of the chief architects of the Cybersecurity and Infrastructure Security Agency campaign to get software developers to design their products with security in mind said he believes it could be one of the best tools the Trump administration has to counter China. Jack Cable, who is departing his role as senior technical adviser Thursday,…
AI, Artificial Intelligence (AI), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Global Security News, Joint Cyber Defense Collaborative (JCDC), North America, nsa
CISA’s AI cyber collaboration playbook aims to spur information-sharing
The Cybersecurity and Infrastructure Security Agency is making one last push before the change in administration for increased information sharing between the public and private sectors, releasing an artificial intelligence-focused playbook Tuesday that aims to foster “a unified approach” to handling AI-related cyber threats. The agency’s AI Cybersecurity Collaboration Playbook was developed with the FBI,…
Artificial Intelligence, Artificial Intelligence (AI), china, CISA, Commerce Department, critical infrastructure, Cybercrime, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense, Department of Defense (DOD), Dept of Commerce, DOD, Executive order, Global Security News, Government, North America, Policy, privacy, quantum computing, regulation
Second Biden cyber executive order directs agency action on fed security, AI, space
A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden…
critical infrastructure, cyber hygiene, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, vulnerabilities
CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs
The Cybersecurity and Infrastructure Security Agency has seen a surge in its Cyber Hygiene (CyHy) service enrollment from critical infrastructure organizations over a two-year period, with the communications sector representing the biggest jump. In a report released Friday, CISA said an analysis of the 7,791 critical infrastructure organizations enrolled in the agency’s vulnerability scanning service…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), exploit, Exploits, Global Security News, ivanti, malware, Mandiant, SPAWN, UNC5221, UNC5337, vulnerabilities, zero days
New zero-day exploit targets Ivanti VPN product
A year after a series of vulnerabilities impacting a pair of Ivanti VPN products prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency to federal agencies, the Utah-based software firm is again experiencing issues with one of its signature systems. The company on Wednesday disclosed two vulnerabilities — CVE-2025-0282 and CVE-2025-0283 — that…
Android, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), encrpytion, FIDO, Global Security News, Government, iPhone, Mobile Security, Multi-Factor Authentication (MFA), Salt Typhoon, signal, SIM Swapping, smartphone, Threats, Yubico
CISA pushes guide for high-value targets to secure mobile devices
The Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines Wednesday to safeguard the mobile communications of high-value government targets in the wake of the ongoing Salt Typhoon telecom breach. The guide aims to help both political and federal leadership harden their communications and avoid any data interception by the Chinese-linked espionage group.…
Asia Pacific, Cloud Security, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Microsoft 365, SCuBa
CISA delivers new directive to agencies on securing cloud environments
Federal civilian agencies have a new list of cyber-related requirements to address after the Cybersecurity and Infrastructure Security Agency on Tuesday issued guidance regarding the implementation of secure practices for cloud services. CISA’s Binding Operational Directive (BOD) 25-01 instructs agencies to identify all of its cloud instances and implement assessment tools, while also making sure…
CISA, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, grants, Harry Coker, Jen Easterly, National Cyber Director, National Cybersecurity Strategy, North America, NSM-22, Office of the National Cyber Director, Policy, secure by design, semiconductors
Playbook advises federal grant managers how to build cybersecurity into their programs
Two U.S. cyber agencies released guidance Tuesday on how federal grant managers should incorporate cybersecurity in their programs for critical infrastructure projects, as well as how potential recipients can take it into account. The Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency publication — the “Playbook for Strengthening Cybersecurity in…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Joint Cyber Defense Collaborative (JCDC), National Cyber Incident Response Plan, ODNI, ONCD
CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework
The Cybersecurity and Infrastructure Security Agency on Monday opened a month-long public comment period for its updated draft plan detailing how the public and private sectors should respond to significant cyber incidents. The revamped National Cyber Incident Response Plan — an effort from CISA, the agency’s Joint Cyber Defense Collaborative and the Office of the…
atlantic council, Ben Ray Lujan, budget, CALEA, china, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), FCC, Federal Bureau of Investigation (FBI), Federal Communications Commission, Geopolitics, Global Security News, Government, Jerry Moran, Jessica Rosenworcel, John Thune, Justin Sherman, Money, National Defense Authorization Act, NDAA, Policy, regulation, Salt Typhoon, Senate Commerce Committee, Technology, Ted Cruz, telecommunications, telecoms
Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches
The $3 billion that Congress folded into the annual defense policy bill to remove Chinese-made telecommunications technology from U.S. networks would be a huge start to defending against breaches like the Salt Typhoon espionage campaign, senators and hearing witnesses said Wednesday. Federal Communications Commission Chairwoman Jessica Rosenworcel recently told Hill leaders that the $1.9 billion…