CISA

Top cyber lawmaker previews 2022 legislation goals

Rep. Jim Langevin (D-R.I.) is looking to create a statutory framework for threat information sharing and mitigation between a small number of critical infrastructure firms and the federal government.

Federal government is still in the dark on ransomware

Information on the majority of ransomware attacks targeting American companies and civilian agencies remains unreported to the Department of Homeland Security, a top cyber official told lawmakers.

FBI wants input on cyber reporting legislation

A top FBI cyber official told lawmakers on Tuesday that the bureau could face significant challenges addressing cyberattacks and ransomware incidents if it was not included in breach disclosure requirements being considered in legislation.

CISA seeks 24-hour cyber incident reporting timeline

Two separate Senate bills set different deadlines for federal contractors, critical infrastructure providers and other covered companies to report cyber incidents to the federal government.

CISA's new talent management system could boost cyber recruitment

Despite increasing competition among the public and private sectors in hiring top cyber talent, CISA Director Jen Easterly said she has high hopes for a new personnel management system which reduces friction in hiring and offers new career paths.

DHS adds cyber requirements for transportation industry

The Transportation Security Agency and the Coast Guard are getting increased authority over industry cybersecurity.

CISA chief: Cyber incident reporting can't become a burden

Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, stressed the importance of cyber incident reporting but said mandates should be careful of potentially overburdening companies -- and CISA -- with "reporting noise."

Chris Inglis outlines blueprint for federal cyber priorities

The newly installed National Cyber Director offered his take on the roles and responsibilities of his office, the Cybersecurity and Infrastructure Security Agency, the National Security Council and agency IT and security operations in responding to federal cyber incidents.

Fostering a diverse cybersecurity workforce

Experts at an Aspen Institute event explained some roadblocks to cultivating a diverse cybersecurity workforce and offered potential solutions, including putting less reliance on formal certification.

White House hits the gas on zero trust

Newly released strategy and technical guidance documents covering zero trust and cloud security are open for comment as part of a federal push to improve federal government cybersecurity.

CISA debuts vulnerability disclosure platform

Federal civilian agencies can tap a bug reporting system fielded as a shared service by the Cybersecurity and Infrastructure Security Agency to gather information on potential website and software vulnerabilities.

DHS workforce sprint brings in nearly 300 cyber employees

Cybersecurity vacancies totaled about 2,000 at the start of the hiring sprint in May.

CISA predicts cyber EO will drive progress on zero trust

Most agencies are just getting started creating plans around zero trust, but tight deadlines featured in President Joe Biden's cybersecurity executive order and a wave of new guidance, may speed up implementation across the entire government.

Hassan, Cornyn float bill to create new federal cybersecurity training programs

One part of the bill would create a pilot program to train vets to work in cybersecurity.

Biden's cyber nominees face Senate in wake of cyberattacks

Jen Easterly, selected to head the Cybersecurity and Infrastructure Security Agency and Chris Inglis, the former National Security Agency deputy director picked to fill the new national cyber director role, faced lawmakers concerned about the spike in ransomware attacks.

DHS to issue new pipeline security regulations after Colonial attack

A Department of Homeland Security spokesperson said the new guidance for pipeline security will be issued in the coming days.

CISA chief: cyber order will 'stretch the system'

The executive order, which was published Wednesday night, contains deadlines for CISA, the Department of Homeland Security, the Office of Management and Budget and other agencies to begin reworking the government's cybersecurity with some timelines as short as 30 days from its signing.