Cybersecurity News in Review

Robert DuPree
May 13, 2022 • 4 min read

This week’s cybersecurity news in review includes coverage of new warnings of cyber vulnerabilities via managed service providers, new cyber risk management guidance from NIST, dual directives from the White House regarding risks from quantum computing, promises by HHS to do more to implement automated CDM, and a report on how local governments are looking at new options for cyber insurance. There are also stories on an  upcoming test for DoD’s CMMC 2.0 contractor cybersecurity certification program and the Pentagon’s effort to CMMC 2.0 to protecting American warfighters, a new CYBERCOM threat information sharing forum, and a Defense Department bug bounty program found hundreds of contractor vulnerabilities. Finally, there are articles on a number new surveys and reports, dealing with federal agency progress being made to adopt zero trust, some limitations for AI in cybersecurity, how ransomware attacks increased last year, and the need to dramatically grow the world’s cyber workforce.

U.S., allied nations warn of MSPs as cyber attack vectors

Nextgov reports U.S. federal agencies and allied counterparts have issued a joint advisory urging organizations to review their agreements with managed service providers, noting bad actors’ plans to increase their use of such entities as vectors for attack. Read more…

NIST SP 800-161 Rev 1 released, provides new supply chain cyber risk management guidance

According to Homeland Security News Wire, NIST has updated its basic cybersecurity supply chain risk management guidance, issuing Special Publication 800-161 Rev 1 to help organizations identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization. Read more…

White House EO, national security memo issued on future quantum threats

SC Magazine reports the Biden administration issued new mandates and timelines May 4 for departments and agencies to deal with the risks posed by future quantum technologies.  Read more…

HHS makes stronger commitment to automated CDM

FedScoop reports the U.S. Department of Health and Human Services, in response to a critical audit, has agreed to work with DHS to continue implementing automated Continuous Diagnostics and Mitigation (CDM) tools. Read more…

Local governments explore new cyber insurance options to cope with ransomware

Government Technology says some local governments who are finding cyber insurance unaffordable are looking to self-insurance and service providers’ warranties in an effort to better deal with ransomware and other cyber incidents. Read more…

CMMC 2.0 set for tabletop exercises

Federal News Network says military contractors should monitor upcoming DoD tabletop exercises this summer  to see how well the department’s Cybersecurity Maturity Model Certification (CMMC) 2.0 works.  Read more…

DoD: CMMC 2.0 cyber certification needed to protect warfighters

Nextgov says Pentagon officials are pushing to make sure contractors adhere to its revised Cybersecurity Maturity Model Certification (CMMC 2.0) requirements, saying such efforts are vital to protecting the American warfighter.  Read more…

CYBERCOM creates new cyber threat information sharing forum with private sector

According to FedScoop, U.S. Cyber Command has established a public-private sector collaborative effort to share insights and information about critical cyber threats.  Read more…

Pentagon bug bounty program finds hundreds of contractor cyber vulnerabilities

Defense News reports on a recent DoD bug bounty effort that found hundreds of cyber vulnerabilities among dozens of defense contractors over a year.  Read more…

New survey of feds finds progress on zero trust

A survey of federal IT officials finds that three-quarters of respondents indicated their agencies have a formal zero trust strategy already in place, and more than 60 percent believe their agencies will be able to meet the zero trust requirements of President Biden’s May 2021 executive order on cybersecurity by the end of FY 2024, Nextgov says. Read more…

AI helps cyber, but human analysis still needed

According to Dark Reading, a new survey reports on the challenges posed by cybersecurity products that utilize artificial intelligence (AI) and machine learning, issues that still require humans to review and analyze. Read more…

Ransomware survey shows attacks soared in 2021

CRN says a new survey shows a 37 percent spike last year in ransomware attacks, and in the payments paid by organizations to get their data back, with only 61 percent of such data actually recovered.  Read more…

Report shows huge worldwide cyber workforce gap looming

Nextgov says a new analysis finds that the global cybersecurity workforce will need to grow by nearly two-thirds adequately protect enterprises’ critical assets. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.