Cybersecurity

Is there a path forward in Congress for mandatory cyber incident reporting?

A group of lawmakers is seeking legislation that would require private companies to report cyber incidents and ransomware attacks to the Cybersecurity and Infrastructure Security Agency, despite their efforts being derailed late last year.

Closing the CMMC training gaps

Look for trainers working on the Cybersecurity Maturity Model Certification program to realign their efforts to support recent changes to the certification process in 2022.

The legacy of the Cyberspace Solarium Commission

The Cyberspace Solarium Commission is officially sunsetting after more than two years, dozens of recommendations and a slew of legislative changes. But since there’s more to be done, the panel is rebooting its efforts as a non-profit.

CISA, FBI issue new guidance on addressing Log4j risks

The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.

CMMC assessments could resume in January

The governing body responsible for implementing the Defense Department’s unified cybersecurity program for contractors expects security procedures for authorized third party assessors to start back up in early 2022. But DOD has the final say on the timeline.

NDAA requires DOD to report on prospects for a ‘cyber academy’

Sen. Kirsten Gillibrand (D-N.Y.) says these reports could inform potential legislation to establish an academy to educate cyber workers for government modeled after military service academies.

How the Army is embracing telework-friendly tech

The Army is expanding its use of bring-your-own devices through a pilot program that’s expected to initially focus on National Guard and Reserve components as it rolls out Microsoft 365.

CISA issues emergency directive to patch Log4j flaw

The Cybersecurity and Infrastructure Security Agency released an emergency directive on Friday ordering all federal agencies to take immediate action against a critical security flaw with potential long-term consequences for public and private infrastructure.

How cyber gray zone conflict can shape conventional war

As gray zone conflict becomes the norm, the intelligence community may have to make some changes to adapt.

Spectrum, cyber concerns surface in Grady's nomination hearing

Adm. Christopher Grady told senators that Defense Department moves to free up swaths of spectrum would have consequences when it comes to operations, training, and readiness.

A quick look at cyber in the 2022 defense bill

As has been the case for the past few years, cyber governance provisions were featured in this year's must-pass defense policy bill moving through Congress, but a bipartisan breach notification measure was dropped from the bill -- to the chagrin of its supporters.

What’s next for CMMC

After the Defense Department revamped cybersecurity standards for contractors, the Cybersecurity Maturity Model Certification program’s accreditation body is making adjustments.

Could faster buying undermine electronic warfare prep?

Some measures that protect weapons systems against electronic vulnerabilities can be “pushed aside” during rapid acquisitions, according to David Tremper, the electronic warfare director for the Defense Department.

The Pentagon and UMD to launch intel-focused research center

The Applied Research Laboratory for Intelligence and Security will focus on basic and applied research for the security and intelligence communities.

CISA draws plans for more secure federal civilian email

The Cybersecurity and Infrastructure Security Agency wants to beef up federal civilian email security with CISA-provisioned threat hunting and incident response efforts, according to a request for information published last week.

Checking in with the Army and Navy principal cyber advisors

Congress established service level principal cyber advisors in the 2020 defense policy bill. FCW sat down with the Army and Navy PCAs to get a sense of what their priorities have been in the past year.