Cyber

NSA to get binding operational directive authority under new cyber policy

A new memo signed by President Biden outlines how the May 2021 executive order on cybersecurity applies to national security systems.

Congress is losing a longtime cyber advocate

Rep. Jim Langevin, co-chair and founder of the House Cybersecurity Caucus, will not seek re-election.

Is there a path forward in Congress for mandatory cyber incident reporting?

A group of lawmakers is seeking legislation that would require private companies to report cyber incidents and ransomware attacks to the Cybersecurity and Infrastructure Security Agency, despite their efforts being derailed late last year.

Closing the CMMC training gaps

Look for trainers working on the Cybersecurity Maturity Model Certification program to realign their efforts to support recent changes to the certification process in 2022.

The legacy of the Cyberspace Solarium Commission

The Cyberspace Solarium Commission is officially sunsetting after more than two years, dozens of recommendations and a slew of legislative changes. But since there’s more to be done, the panel is rebooting its efforts as a non-profit.

CISA, FBI issue new guidance on addressing Log4j risks

The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.

CMMC assessments could resume in January

The governing body responsible for implementing the Defense Department’s unified cybersecurity program for contractors expects security procedures for authorized third party assessors to start back up in early 2022. But DOD has the final say on the timeline.

NDAA requires DOD to report on prospects for a ‘cyber academy’

Sen. Kirsten Gillibrand (D-N.Y.) says these reports could inform potential legislation to establish an academy to educate cyber workers for government modeled after military service academies.

CISA issues emergency directive to patch Log4j flaw

The Cybersecurity and Infrastructure Security Agency released an emergency directive on Friday ordering all federal agencies to take immediate action against a critical security flaw with potential long-term consequences for public and private infrastructure.

Senate passes 2022 defense authorization bill

The Senate passed the 2022 National Defense Authorization Act, 88-11, authorizing $740 billion for Defense Department spending, and $28 billion for other national security programs.

How cyber gray zone conflict can shape conventional war

As gray zone conflict becomes the norm, the intelligence community may have to make some changes to adapt.

Spectrum, cyber concerns surface in Grady's nomination hearing

Adm. Christopher Grady told senators that Defense Department moves to free up swaths of spectrum would have consequences when it comes to operations, training, and readiness.

A quick look at cyber in the 2022 defense bill

As has been the case for the past few years, cyber governance provisions were featured in this year's must-pass defense policy bill moving through Congress, but a bipartisan breach notification measure was dropped from the bill -- to the chagrin of its supporters.

What’s next for CMMC

After the Defense Department revamped cybersecurity standards for contractors, the Cybersecurity Maturity Model Certification program’s accreditation body is making adjustments.

CISA draws plans for more secure federal civilian email

The Cybersecurity and Infrastructure Security Agency wants to beef up federal civilian email security with CISA-provisioned threat hunting and incident response efforts, according to a request for information published last week.