Cybersecurity News in Review

Robert DuPree
October 13, 2021 • 5 min read

This week’s cybersecurity news in review includes coverage of new government cyber efforts regarding  TIC 3.0, endpoint detection and response, air and rail transit, and  K-12 education, as well as new and potential federal civilian and military initiatives regarding contractor cybersecurity and zero trust. There are also articles on how the head of the NSA now views ransomware as a threat to national security, legislative efforts on FISMA reform, breach and ransomware reporting and notification, possible prioritization of the sixteen critical infrastructure sectors, and an IG report faulting the lack of cybersecurity plans for an Army initiative.

New TIC 3.0 guidance has zero trust focus

Nextgov says CISA has released the final version of its Trusted Internet Connection 3.0 policy guidance for how agencies can ensure employees are securely connecting to government networks from remote locations. In light of increased use of cloud computing and mobile devices, this latest version of TIC recognizes this and attempts to center security on principles like zero trust that focus more on data protection and user authentication than perimeter defense. Read more…

Agencies pushed to speed up endpoint detection and response

FedScoop reports that an Oct. 8 memo from OMB is giving federal agencies 90 days to provide CISA personnel and contracts with access to existing endpoint detection and response (EDR) deployments or identify future state options, as part of a zero-trust  effort to hasten EDR solution adoption governmentwide. Read more…

TSA seeks to mandate stronger cybersecurity for air and rail transit

According to FedScoop, TSA will be requiring “high-risk” air and rail transit entities to take a number of steps to beef up their cybersecurity posture, and will establish separate guidance for low-risk carriers.  Read more…

New law directs CISA to find K-12 cyber risks and vulnerabilities, provide guidelines and tools to address

StateScoop reports President Biden has signed into law a bill to require CISA to research K-12 education cyber risks and vulnerabilities, and to develop guidelines and an online toolkit for school districts to use.  Read more…

Dept. of Justice to use False Claims Act to police contractor cybersecurity

Federal News Network says the Justice Department has announced it will launch a new initiative using the False Claims Act to address cybersecurity-related fraud by government contractors.  Read  more…

DOJ: Federal contractors face fines if data breaches not disclosed

Nextgov says the U.S. Department of Justice plans to use the False Claims Act to fine federal contractors and other recipients of federal funding is they do not disclose cybersecurity attacks and data breaches.  Read more…

Federal CISO looking at TMF to support zero trust efforts

Nextgov quotes federal CISO Chris De Rush on how the government might use the Technology Modernization Fund to create a new shared services program for zero-trust implementation. Read more…

OMB seeks realistic timelines on zero trust

FedScoop cites federal CISO Chris DeRusha in discussing how OMB did not require agencies to meet zero trust architecture goals in an impossibly short timeframe, opting instead to require agencies to take actions to reach a level of maturity in a few years, then new goals will be established and actions required.  Read more…

DoD zero trust program office is in the works

Federal News Network says that the Pentagon is working to stand up a zero-trust program office, with DISA providing enterprise services to enable zero-trust capabilities throughout DoD, with the military services standing up their own zero trust capabilities internally. Read more…

NSA chief expands national security threats to include ransomware

According to Breaking Defense, Gen. Paul Nakasone, the head of US Cyber Command and the National Security Agency, says ransomware attacks are now included as “national security” issues for the U.S. Read more…

FISMA reform, cyber incident and ransomware reporting bills approved by Senate committee

Nextgov report a Senate panel gave approval Oct. 6 to legislation to update the FISMA law, including making major changes to how federal agencies and contractors report cyberattacks, as well as another bill to require the private sector to report cyber incidents and ransomware payments.  Read more…

Senate panel scales back proposed breach notification requirement for agencies

FedScoop says a Senate committee scaled back from five days to three days a requirement in a new FISMA reform bill regarding how long federal agencies would have to notify Congress of cyber breaches. Read more…

New House bill seeks prioritization of critical infrastructure sectors for cyber protection

According to CyberScoop, the ranking GOP member of the House Homeland Security Committee, has introduced a new bill  directing CISA to identify which of the 16 sectors currently designated as “critical infrastructure,” if attacked would “severely debilitate national security, economic security or public safety,” and to direct CISA to prioritize its cybersecurity efforts to protect those sectors deemed most critical by this process. Read more…

IG: Army’s Project Convergence needs cybersecurity plans

An inspector general report finds that Project Convergence, part of the Army’s contribution to the Joint All Domain Command and Control (JADC2) framework, does not adequately plan for how this technology would deal with cyber attacks, FedScoop says. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.