Cybersecurity News in Review

Robert DuPree
January 14, 2022 • 5 min read

This week’s cybersecurity news in review includes articles on a new advisory on Russian cyber threats, new guidance from NIST for system engineers, an update from CISA and warnings from the FTC on Log4j vulnerabilities, and a new path to stay active for the members of the Cyberspace Solarium Commission.  There is also coverage of some new reports and surveys on rise in cyber attacks, a shift in early strategies in response to hacks, and what are viewed as the top cyber threats facing the public sector, as well as some new developments on the state and local government cybersecurity front.  Finally, there are stories about a group of senators looking for information on how federal agencies are protecting transportation sector cybersecurity, and how new draft legislation to update the FISMA law may shake things up in the federal security space.

Agencies issue new warning to U.S. critical infrastructure on dealing with Russian cyber threats  

Dark Reading reports on a new joint advisory to U.S. critical infrastructure organization from CISA, the FBI and NSA on how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups. Read more…

Updated NIST cyber guidance issued for system engineers

Nextgov says NIST, following up on President Biden’s May 2021 cybersecurity executive order,  recently updated its cybersecurity guidance for system engineers. The guidance is designed to be a resource for computer engineers and other professionals in the cybersecurity programming space. Read more…

CISA gives update on Log4j situation, urges vigilance

Security Week cites CISA officials as saying then are not aware of any significant breaches resulting from Log4j vulnerabilities, but warning that further attempted exploits are likely and that bad actors may simply be waiting for an opportune moment to strike.  Read more…

FTC tells firms to address Log4j vulnerabilities or face possible repercussions

According to CyberScoop, the Federal Trade Commission issued a warning to the private sector Jan. 4 that failure to act to remedy the Log4j software vulnerability could have legal implications, including possible financial penalties. Read more…

With Cyberspace Solarium Commission expiration, members forming new organization to continue work

Government Technology reports that, while the congressionally chartered Cyberspace Solarium Commission sunsetted Dec. 21 with many of its recommendations still awaiting action and new challenges arising, its members are planning to form a nonprofit organization to continue to work on cybersecurity policy issues.  Read more…

Report: 4th quarter saw record high for cyber attacks, boosting annual increase to 50 percent

According to Dark Reading, a new study finds that attempted cyberattacks reached a record high in Q4 2021, and were 50 percent higher in all of 2021 compared to the previous year. It attributed the late surge in part to attempts to exploit the Log4j vulnerability.  Read more…

Hacked firms increasingly seeking help from lawyers even before cyber professionals

Dark Reading cites new academic research that concludes companies victimized by data breaches are now more likely to first consult outside attorneys, rather than third party technical consultants, which could be impeding their technical responses to such attacks.  Read more…

Public sector IT pros now see hacking as top cyber challenge, then insider threats, foreign interests

Federal Times reports on a new survey that finds that hacking is now rated by all public sector IT workers as the biggest threat they face, above insider threats for the first time in five years, with foreign-sponsored attacks a close third.  However, the survey found differences in the rankings between state and local employees, federal civilian workers and DoD personnel. Read more…

Biden’s federal cyber executive order may be also taking hold at state, local levels

StateScoop says a new survey of state, local and education IT officials finds that a strong majority indicate their respective organizations are likely to follow the recommended practices in President Biden’s cybersecurity executive order, even though the order is only binding on federal agencies. Read more…

ARP Act final rule may help fund state and local cybersecurity improvements

StateScoop reports that the Treasury Department’s just-issued final rule on the 2021 American Rescue Plan Act’s state and local government grants program allows recipients the increased flexibility they sought to use such money for cybersecurity upgrades and broadband construction.  Read more…

CISA hiring state coordinators to help state government cybersecurity

Nextgov says CISA is establishing a 50-state network of federal cybersecurity coordinators to assist states in boosting their cybersecurity efforts, and has already hired or is in the process of hiring coordinators in 42 states. Among other things, the coordinators will help states seek federal funding via the new infrastructure law’s State and Local Cybersecurity Grant Program. Read more…

Senators seek info on DHS, DOT cybersecurity efforts in transportation sector

FedScoop reports that a number of senators have sent a bipartisan letter looking for details on what are the respective responsibilities of and processed used by the Departments of Homeland Security and Transportation to detect, prevent and respond to cyberthreats to U.S. transportation systems. Read more…

New FISMA reform bill focus on risk-based cybersecurity and outcomes

GovInfoSecurity reports on a Jan. 11 House committee hearing, where members unveiled a bi-partisan draft bill to update the Federal Information Security Management Act (FISMA), and former top government cybersecurity officials voiced support for the effort to make FISMA more focused on outcomes than on processes and compliance. The draft legislation would promote risk-based cybersecurity, including Zero Trust, cloud migration, automation and continuous risk assessments. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.