Cybersecurity News in Review

Robert DuPree
June 20, 2022 • 4 min read

This week’s Cybersecurity News in Review includes articles about a new government alert about how Chinese hackers have exploited telecom company vulnerabilities, draft guidance on zero trust from NIST, the Biden Administration’s possible interest in mandating cybersecurity features for certain entities and in ensuring that money spent under the 2021 infrastructure bill goes toward “cyber smart” projects, and problems some agencies are having moving to multi-factor authentication.  There are also reports on the VA’s opposition to legislation mandating a cybersecurity audit of the department, and the Army’s plans for cyber spending next year and to grow its cyber forces this decade. Finally, there is coverage of the water sector’s interest in having EPA play a greater role in providing cybersecurity guidance, the delay in rolling out cybersecurity grants to state and local governments, and a revealing new survey on the impact of ransomware.

Feds warn Chinese hackers have hit telecom companies

Nextgov says a new alert from CISA, the NSA and FBI warns that, since 2020, Chinese government hackers have successfully exploited flaws that have been around for years in the systems of U.S. network providers, using these vulnerabilities to steer traffic to their own infrastructure. Read more…

NIST issues draft guidance on zero trust

Government Technology reports NIST’s National Cybersecurity Center of Excellence (NCCoE) has released the first of several preliminary drafts outlining ways that organizations can implement zero-trust architectures. Read more…

Biden Administration explores possible cyber mandates

Nextgov quotes National Cyber Director Chris Inglis as saying his team is looking at possible legislation to require providers of critical information and communications technology to include certain cybersecurity features, rather than to relay on them to voluntarily do so.  Read more…

White House official wants infrastructure projects to be “cyber smart”

FCW reports National Cyber Director Chris Inglis wants projects funded under last year’s $1.2 trillion Infrastructure Investment and Jobs Act to be “cyber smart” investments, which prioritize cybersecurity standards and White House guidance around zero trust, even when they are for physical infrastructure. Read more…

Legacy systems pose problems for agencies shifting to multifactor authentication

CyberScoop reports a CISA official says some federal agencies may not make the November deadline for fully instituting  multifactor authentication (MFA), and that legacy infrastructure that must be updated is a major factor.  Read more…

VA officials balk at legislation to force scrutiny of its cybersecurity

According to FCW, a congressional panel heard opposition Department of Veterans Affairs cyber officials to bipartisan legislation that would mandate an audit of the VA’s security management system in order to determine its ability to protect against persistent cybersecurity threats. Read more…

Army official discusses technology, planned cyber spending

Breaking Defense quotes the Army’s chief information officer as warning that spending money “on technologies that are 10 years old because we’ve gotten comfortable with them…that’s not what’s going to help us fight and win…for the Army of 2030.” He also said the service plans to spend $2 billion for offensive and defensive cyber operations, and cybersecurity R&D. Read more…

Army plans long-term boost in cyber forces

Army Times says the U.S. Army is looking to double the size of its active-duty cyber forces by 2030 from 3,000 to 6,000, and that for overall active duty, reserves and National Guard, the cyber branch will expand to more than 7,000 people, up from 5,000. Read more…

U.S. water sector wants EPA to have greater role in its cyber guidance

FCW says water sector interests want the Environmental Protection Agency to boost its oversight of cybersecurity standards for water and wastewater systems, which are seen as a critical infrastructure cybersecurity “weak link.”  Read more…

State, local governments still waiting for cyber grants

With the fiscal year about to enter Q4, Government Technology discusses the delay in rolling out the first year of federal cybersecurity grant funding for state and local governments approved by Congress last fall.  Read more…

Survey: Ransomware attacks up and payouts often lead to more attacks, higher demands

SC Magazine cites a new survey that found 80% of organizations paying ransomware were victimized by a second attack, often within a month of paying the ransom, and that the second attack frequently sought an even higher ransom amount.  It also found the number of respondents victimized by ransomware rose from 55% in  2021 to 73% in 2022. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.