Cyber
Reward offered for Iranian nationals charged over multi-year cyber campaign against U.S. companies
In unsealing a 13-page indictment this week, the U.S. Department of Justice (DOJ) revealed charges against four Iranian nationals for their alleged involvement in a hacking campaign against the U.S. government and private companies. The defendants remain at large and the United States has... Read More »
DHS Cyber Safety Review Board blames corporate culture for 2023 Microsoft Exchange Online incident
Following an independent review of the Microsoft Exchange Online intrusion in summer 2023, the U.S. Department of Homeland Security (DHS) Cyber Safety Review Board (CSRB) announced that the attack had been preventable, and steps should be taken to do so in the future. Last summer, Microsoft... Read More »
DoD’s Defense Industrial Base Cybersecurity Strategy calls for strengthened structures, collaboration
With the recent release of its Defense Industrial Base (DIB) Cybersecurity (CS) Strategy, the U.S. Department of Defense (DoD) sought to lay out a means to achieve internal and industry-facing cybersecurity through 2027. The strategy is split into four goal areas: Strengthening the DoD... Read More »
CISA seeks public input on new cybersecurity incident, ransomware reporting plans
As required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) recently released a Notice of Proposed Rulemaking on new cybersecurity measures meant to bolster its real-time capabilities. “Cyber... Read More »
Sen. Barrasso raises concerns over DOE’s ability to protect AI R&D from China
With artificial intelligence (AI) the increasing focus of interest for Washington and private companies, U.S. Sen. John Barrasso (R-WY) this week wrote to U.S. Secretary of Energy Jennifer Granholm with doubts about her department’s ability to protect research from Chinese interests. “In the... Read More »
Sen. Peters presses federal agencies to increase cybersecurity for American health care
Citing cases where cyberattacks targeted health care systems in the United States, U.S. Sen. Gary Peters (D-MI) recently wrote to the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) requesting cybersecurity boosts for the... Read More »
DHS collaborates with European Union for transatlantic comparison of cyber incident reporting
Looking to better align approaches to cyber incidents on both sides of the Atlantic, the U.S. Department of Homeland Security (DHS) and the European Commission’s Directorate General for Communications, Networks, Content, and Technology (DG CONNECT) recently launched a new comparison... Read More »
DHS releases AI roadmap, new pilot projects to test AI technology for various missions
The U.S. Department of Homeland Security laid out its 2024 plans for technology this week, unveiling the launch of three pilot projects to test artificial intelligence for immigration officer training, making it easier to apply for disaster relief grants and improving investigatory efficiency.... Read More »
House advances bill to force sale of or effectively ban TikTok in major bipartisan vote
The U.S. House recently passed H.R. 7521, a significant bipartisan bill that seeks to to prevent foreign adversaries, like the Chinese Communist Party (CCP), from targeting, surveilling, and manipulating the American people through applications such as TikTok. Specifically, H.R. 7521 – the... Read More »
Senators raise concerns about proposed global pandemic accord for its weakening of IP protections
In a letter to United States National Security Advisor Jake Sullivan, a group of senators voiced concern over a proposed global accord by the World Health Organization (WHO) that seeks to aid pandemic prevention, preparedness, and response. However, the lawmakers argued that it could also weaken... Read More »
United States, U.K. take down international LockBit ransomware group
The U.S. Department of Justice (DOJ) recently announced that, together with the United Kingdom, it had successfully disrupted the LockBit ransomware group, seizing its infrastructure and developing decryption capabilities for its software. The group has reportedly targeted more than 2,000... Read More »
House Homeland Security committee, federal agencies hold classified briefing focused on TikTok
Security concerns regarding TikTok, which have passed in and out of Congress for years, surged back into focus again recently as the House Committee on Homeland Security gathered federal agencies for a classified briefing on the Chinese firm-owned app. In a meeting led by U.S. Rep. August... Read More »
International effort results in cybercrime charges, seizure of internet domains used to sell malware
The U.S. Department of Justice (DOJ), in collaboration with international law enforcement organizations, recently announced the seizure of internet domains used to sell malware and a pair of indictments lodged against individuals in Malta and Nigeria. Federal authorities in Boston seized four... Read More »
DETECT Act seeks cybersecurity guidelines for federal usage of drones
With their recent introduction of the Drone Evaluation to Eliminate Cyber Threats Act of 2024 (DETECT Act), U.S. Sens. Mark Warner (D-VA) and John Thune (R-SD) seek to direct the development of cybersecurity guidelines for the federal government’s use of drones. “Drones and unmanned systems... Read More »
DHS launches artificial intelligence expert hiring push to scrutinize use of AI
The U.S. Department of Homeland Security (DHS) intends to hire 50 artificial intelligence experts this year as part of a unique initiative meant to create a new team focused on ensuring responsible use of AI. Dubbed a hiring sprint, the effort will yield what the DHS is calling its AI Corps.... Read More »
Industrial Control Systems Cybersecurity Competition Act advances out of committee with bipartisan support
In a recent vote, the Industrial Control Systems Cybersecurity Competition Act advanced its way out of the Senate Homeland Security and Governmental Affairs Committee, leaving the Senate to consider its push to prepare federal employees for cybersecurity threats. “By ensuring our nation has a... Read More »
HHS releases voluntary healthcare performance goals for cybersecurity improvements
Eying ways to improve cybersecurity among healthcare operations nationwide, the U.S. Health and Human Services’ (HHS) Administration for Strategic Preparedness and Response (ASPR) released new voluntary performance goals and a new gateway website this week. “We have a responsibility to help... Read More »
U.S. Sens. Peters, Braun seek improvements to federal cybersecurity competition
With the recent introduction of the Industrial Control Systems Cybersecurity Competition Act, United States Sens. Gary Peters (D-MI) and Mike Braun (R-IN) sought to get ahead of cybersecurity threats with improvements to the national President’s Cup Cybersecurity Competition. “As foreign... Read More »
Republicans step up TikTok battle with demands for DHS, FBI briefing
Continuing a fight against the Chinese-owned mobile application TikTok that has stretched since the Trump administration, two House committee leaders recently wrote to the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) to demand updates on ongoing investigations.... Read More »
World Economic Forum warns of growing threats, disparities for cybersecurity
Cyber insecurity remains among the top 10 risks globally, according to the latest report from the World Economic Forum, amid growing inequity and increasing worries over cybercrime. Released ahead of the World Economic Forum Annual Meeting 2024 in Switzerland, the Global Risks Report was... Read More »
Energy sector physical and cyber security projects focus of $70M federal funding opportunity
The U.S. Department of Energy (DOE)’s Office of Cybersecurity, Energy Security and Emergency Response (CESER) last week announced up to $70 million would be made available for projects working to improve the energy sector’s security. The security improvements, addressing both physical and... Read More »
DoD opens Cybersecurity Maturity Model Certification program to feedback
The U.S. Department of Defense (DoD) this week published a proposed rule for the Cybersecurity Maturity Model Certification (CMMC) program, designed to keep defense contractors compliant with information protection requirements and the protection of sensitive data. Applicable to both contractors... Read More »
BAE Systems, U.S. Department of Commerce research non-binding preliminary agreement for new national security project
The Biden administration, through the U.S. Department of Commerce, reached a non-binding preliminary agreement with BAE Systems Electronic Systems to provide approximately $35 million in federal incentives for its new Microelectronics Center in Nashua, N.H. By the end of the project, the... Read More »
GAO warns some federal agencies fail to meet requirements for cybersecurity incident response
Over the years, federal agencies worked to improve their abilities to detect, analyze and handle cybersecurity incidents, according to the U.S. Government Accountability Office (GAO), but some have failed to meet requirements surrounding the tracking of incidents. Responses to ransomware... Read More »
Bicameral Federal Cybersecurity Workforce Expansion Act seeks to strengthen U.S. cyber system through training programs
Last week, a new bill introduced in both chambers of Congress – the Federal Cybersecurity Workforce Expansion Act – proposed improving U.S. cyber defenses and its cybersecurity workforce through two new federal training programs. “There is a crippling shortage of cybersecurity workers that... Read More »
U.S., U.K. security agencies release joint guidelines for secure AI development
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.K. National Cyber Security Centre (NCSC) recently released joint guidelines for secure AI system development. These guidelines were targeted at developers of any systems that use... Read More »
CISA releases first Roadmap for Artificial Intelligence to guide federal AI approach
Following up on President Joe Biden’s executive order on artificial intelligence last month, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released its first roadmap detailing a federal approach to developing and implementing AI... Read More »
Biden administration issues executive order for A.I. developmental guardrails
In a wide-ranging Executive Order issued this week, President Joe Biden sought to preempt threats posed by the development of artificial intelligence with new safeguards and oversight, while calling on Congress to pass data privacy legislation and enshrine such guardrails permanently. While AI... Read More »
Biden administration adds national security protections to CHIPS incentives program
Through elaboration of certain provisions, the U.S. Department of Commerce placed guardrails on the CHIPS and Science act last week, barring associated funds from expanding semiconductor manufacturing in or jointly researching with foreign countries of concern. “One of the Biden-Harris... Read More »
House Homeland Security Republicans probe DHS, DoD and FBI over reported Chinese attempts to access sensitive U.S. sites
In a letter to the heads of the Departments of Homeland Security (DHS), Defense (DoD) and the Federal Bureau of Investigation (FBI), the House chairs pressed for details of their responses to supposed Chinese attempts to breach U.S. military and other sensitive sites. The letter from House... Read More »
U.S. Sens. Tillis, Hickenlooper press Biden administration to reduce threats from artificial intelligence
Worried about the potential for artificial intelligence (AI) to disrupt cyber infrastructure and compromise critical data, U.S. Sens. Thom Tillis (R-NC) and John Hickenlooper (D-CO) recently wrote to Acting National Cyber Director (ONCD) Kemba Walden seeking information and action. Foremost,... Read More »
Russian nationals indicted over Trickbot malware, Conti ransomware schemes
Charges against Russian nationals in three federal jurisdictions were unsealed last week, revealing indictments for cybercrimes committed through Trickbot malware and Conti ransomware in recent years. “The Justice Department has taken action against individuals we allege developed and deployed... Read More »
Republican lawmakers oppose SEC cybersecurity rules
A group of Republican lawmakers sent a letter this week to Securities and Exchange Commission (SEC) Chair Gary Gensler criticizing the agency’s new cybersecurity rules for public companies. The rule, which took effect Sept. 5, requires publicly traded companies to notify the SEC of a... Read More »
DoD launches generative AI task force to guide innovation, risk assessment
Reckoning with the growing attention on and potential of artificial intelligence, the United States Department of Defense (DoD) last week created a generative AI task force to analyze, integrate and responsibly utilize large language models, and more. These efforts were gathered under the... Read More »