The Government Accountability Office has published a new report outlining actions to enhance the security of information systems at the Department of Defense, Cybersecurity and Infrastructure Security Agency, National Institutes of Health and Office of Management and Budget. According to GAO, almost 150 recommendations issued to federal agencies since 2010 have gone unaddressed. The watchdog […]
House lawmakers have asked the Department of Energy to provide documents related to the cyberattacks directed at three national laboratories for investigation. The cyber incidents, which took place between August and September 2022, targeted the Brookhaven National Laboratory, the Argonne National Laboratory and the Lawrence Livermore National Laboratory, all of which conduct research aimed at […]
The Defense Advanced Research Projects Agency has selected Intel and the University of California, San Diego, to join the Hardening Development Toolchains Against Emergent Execution Engines program. During the four-year HARDEN program, Intel and UC San Diego will investigate how the company’s Cryptographic Capability Computing system could improve security for legacy and future systems. C3 […]
The National Renewable Energy Laboratory has issued a report highlighting the importance of cybersecurity for electric aviation. The report, titled “Addressing Electric Aviation Infrastructure Cybersecurity Implementation,” evaluates cyber needs around the electrification of aviation infrastructure and how stakeholders could implement a cybersecurity approach to support the aviation sector. It also identifies common approaches to secure […]
Cloud-based IT solutions provider Qualys has introduced its new vulnerability and patch management platform. Qualys GovCloud can perform various cybersecurity functions, including asset inventory, vulnerability risk and remediation management, file integrity monitoring, container security and compliance management. The solution can serve as the foundation for federal agencies’ cybersecurity programs. The Federal Risk and Authorization Management […]
Joanne Woytek, director of NASA’s Solutions for Enterprise-Wide Procurement contract vehicle, said that workforce and resource shortages could delay the collection of vendor self-attestations to the security of software used by federal agencies. Speaking at a recent conference, she said that NASA SEWP and several other organizations lack the proper staff to implement the policy, […]
Lawrence Livermore National Laboratory has developed the Skywing open source software designed to support scientists, mathematicians and computer scientists in creating collaborative autonomy-focused applications aimed at protecting critical infrastructure from cyberattacks. Collaborative autonomy applications enable networked devices to detect unauthorized system commands and actions and allow the isolation of compromised devices or control centers to […]
New guidance from the National Security Agency and the Cybersecurity and Infrastructure Security Agency aims to help organizations prevent cyberthreats from remote monitoring and management software. The guidance identifies malicious domains tied to RMM-enabled threats and encourages enterprises to audit their tools. It also encourages RMM software users to review logs and take other steps […]
Alejandro Mayorkas, the secretary of the U.S. Department of Homeland Security, and Thierry Breton, the European Union’s commissioner for internal market, have issued a joint statement on cooperative cyber resilience efforts. They announced plans to establish “dedicated workstreams” for cybersecurity of hardware and software; cybersecurity of critical infrastructure and incident reporting requirements; and information sharing, […]
The Cybersecurity and Infrastructure Security Agency has announced the Joint Cyber Defense Collaborative’s planning agenda for 2023, which is focused on systemic risk, collective cyber response and high-risk communities. JCDC’s planning efforts aim to secure open source software used in industrial control systems, strengthen collaboration with key partners to increase the resilience of critical infrastructure […]
