Cybersecurity News in Review

Robert DuPree
December 2, 2021 • 4 min read

This week’s cybersecurity news in review includes articles on a number of new federal proposals and guidance, including a proposal for software supply chain third party audits, a requirement for banks to notify federal agencies of cyber incidents within 36 hours of discovery, NSA and CISA guidance for CSPs and mobile operating networks on attestation technology, a new mobile security checklist and a request for information on capabilities to better protect federal civilian email. There is also coverage of new reports on financial sector cyber risk, vulnerabilities among U.S. defense contractors, and K12 education cyber weaknesses. Finally, there are stories on Biden Administration efforts to deal with ransomware, CISA’s timeline for pushing new state and local cybersecurity grants to recipients, and the inclusion of cybersecurity and technology modernization funding as part of the Build Back Better legislation recently approved by the House.

Commerce may require third party audits for software supply chain

Nextgov reports on a Commerce Dept. proposal to consider requiring, when reviewing for approval imports and other transactions with U.S. entities involving information and communications technology, whether connected software applications have been evaluated for security by a reliable third party. Read more…

Banks must notify feds within 36 hours of discovering cyber incidents, starting April 1

Dark Reading says a new rule from the FDIC and other regulatory agencies will require U.S. banks to notify federal regulators within 36 hours of discovery of any cybersecurity incident, effective next April 1. Read more…

Feds give guidance on attestation technology for CSPs, mobile operating networks

New guidance from the NSA and CISA calls for cloud service providers (CSPs) and mobile operating networks to use attestation technology to avoid cascading impacts from compromised applications, according to Nextgov. Read more…

CISA guide provides mobile security checklist for public, private sectors

According to GCN, CISA has issued a Capacity Enhancement Guide to help government agencies and private-sector organizations better secure their mobile devices via the Enterprise Mobility Management (EMM) system checklist. Read more…

CISA wants to do more to protect federal civilian email

FCW reports that CISA, working through the GSA, has issued an RFI for industry feedback on a broad set of federal civilian email security measures.  Read more…

Report: Financial sector needs to do more to address cyber vulnerabilities

According to Nextgov, a new report indicates that the financial sector may not be doing enough to protect itself against cyber attacks, and that the largest financial firms may be especially at risk.  Read more…

New study highlights cyber vulnerabilities of U.S. military contractors

A new cybersecurity report finds that 43 percent of U.S. defense contractors have old or dated cybersecurity systems, 42 percent had a data breach last year, and as many as 20 percent of them could be “highly susceptible to ransomware attacks, says Nextgov. Read more…

K-12 cybersecurity still falling short

Government Technology says a new survey indicates many K-12 school systems in the U.S. still do not have the cybersecurity protocols they need to protect sensitive data. Read more…

Executive branch officials discuss federal actions on ransomware with Congress

Nextgov reports on how Biden Administration officials testified at a recent House hearing about the threat of ransomware and what the federal government is doing to help businesses as well as state and local governments defend against such attacks. Read more…

CISA already developing plans to issue new state and local cyber grants

StateScoop says the Executive Director of CISA recently told a congressional committee that the new infrastructure law’s $1 billion in cybersecurity grants to state and local governments over four years will have a big impact on the recipients cybersecurity postures, and that CISA is working with FEMA on a plan to begin distributing the grants over the coming year.  Read more…

House-passed social safety net bill also has money for technology modernization, cybersecurity

According to FCW, while the “Build Back Better” legislation that passed the House Nov. 19, was primarily devoted to expanding social safety net and environmental programs, it also contains $250 million for the Technology Modernization Fund (TMF), and rougly $500 million for cybersecurity programs at the Cybersecurity and Infrastructure Security Agency. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.