Cybersecurity News in Review

Robert DuPree
July 15, 2021 • 3 min read

This week’s cybersecurity news in review includes reports on the Kaseya ransomware attacks, possible U.S. retaliation against Russia for recent ransomware attacks, critiques on the VA and SBA’s cybersecurity efforts, and NIST’s new definition of “critical software” and other guidance to help agencies comply with President Biden’s recent cybersecurity executive order.  There is also coverage of some new insurance industry efforts to deal with the impacts of ransomware attacks, an interview with a key DISA cyber official on the ongoing challenges posed by telework, possible cost increases for CMMC assessments and a new CISA effort for government mobile device security.

Kaseya ransomware attack locks up data for more than 1,000 customers

Dark Reading says a ransomware attack has affected over 1,000 companies using Kaseya’s Virtual System Administrator, with the REvil ransomware-as-as-a-service group demanding they pay a total of $70 million to regain access to their encrypted data. Read more…

White House: Russia could face retaliation for ransomware attacks

Following a recent telephone conversation between President Biden and Russian President Putin, Nextgov says a senior White House official indicated there may be unspecified overt and covert actions taken in response to that country’s failure to stop ransomware attacks coming from Russian ransomware groups. Read more…

GAO: VA has made progress on cyber, but important issues remain

Nextgov reports a GAO official has told Congress that, while the Veterans Affairs Department has implemented 70 out of 74 information security recommendations previously made by the GAO, the agency still needs to address weaknesses in access controls and configuration management. Read more…

SBA audit finds cybersecurity issues during pandemic

Nextgov says a new inspector general audit of the Small Business Administration found that the administrative burdens of pandemic-related programs and operations last year had a negative impact on the agency’s cybersecurity posture, and the report made ten recommendations for improvement which SBA officials accepted and plan to implement. Read more…

Will NIST definition of “critical software” push vendors away from gov’t business?

Breaking Defense says some cybersecurity experts are concerned that the new NIST definition of “critical software,” required to be developed by President Biden’s recent cybersecurity executive order, could be unduly burdensome and deter come contractors from doing business with federal agencies. Read more…

NIST provides guidance to help agencies follow Biden cyber executive order

GCN describes new agency guidance from NIST, issued in response to President Biden’s May 12 cybersecurity executive order, including defining what is “critical software” for the purposes of supply chain cybersecurity. Read more…

Ransomware leads insurance industry to develop new strategies

CyberScoop provides an overview of two new initiatives from insurers in response to the growing challenges of ransomware. Read more…

How DISA is dealing with the challenges of continued telework

Federal News Network interviews a key DISA cyber official on the challenges of user access and identity management in an era of continued mass telework. Read more…

CMMC costs could rise if requirements change

According to FedScoop, DoD is considering adding new requirements to its Cybersecurity Maturity Model Certification (CMMC) initiative which could require more experienced and expensive assessors and thus increase the cost of assessments to contractors. Read more…

CISA issues pilots for mobile device security

Federal News Network says CISA is piloting three new security capabilities for government-furnished mobile devices. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.