Cybersecurity News in Review

Robert DuPree
November 25, 2022 • 5 min read

This week’s Cybersecurity News in Review includes coverage of a foreign-backed breach of White House and Executive Branch networks, TSA’s plans for new cyber requirements for the aviation sector, new federal guidance on the use of SBOMs for software acquisition, an OMB directive designed to prepare for quantum computing cybersecurity risks, a CISA request for capabilities to help it establish a cyber threat intelligence platform, and extension of the deadline for comments on a possible federal cyber insurance program. There are also articles about a GAO report on the Secret Service’s zero trust cybersecurity efforts, a request to exempt certain tech companies from the new cyber incident reporting law, and GAO criticism of an Interior Department agency’s cyber risk management efforts. Finally there are stories about a new survey on the rising costs of cyber attacks and slow pace of zero trust adoption, a University of Georgia research team’s effort to address smart home hub cyber risks, and how zero trust can help protect U.S. manufacturing from cyber attacks.

APT group linked to Iranian gov’t breaches White House, Exec Branch networks

Dark Reading says CISA has reported that an Iranian government-sponsored advanced persistent threat group used the Log4Shell vulnerability to breach important executive branch systems and to deploy malware.  Read more…

TSA chief says new cyber rules coming for aviation sector

FCW quotes TSA administrator David Pekoske as saying the agency plans new unspecified cybersecurity requirements for the aviation industry in the near future, although no date was provided, using the same procedure it followed for developing cyber rules for oil and gas pipeline sector. Read more…

Cyber agencies urge feds use SBOMs during acquisition process

Federal News Network reports new joint guidance from the NSA, CISA and ODNI identifies Software Bills of Materials (SBOMs) as critical to ensuring security during the software acquisition process, and recommends agencies use SBOMs during the evaluation phase of an acquisition. Read more…

Looking ahead to quantum computing, OMB sets May deadline for agencies to list cryptographic systems at risk

FedScoop says a Nov. 18 OMB memo, issued due to concerns advances in quantum technology by hostile nations could make existing encryption vulnerable, has set a May 2023 deadline for federal agencies to provide an inventory of assets containing cryptographic systems that could be at risk to future attacks from quantum computers. Read more…

CISA RFI looks for capabilities to establish cyber threat intelligence platform

According to Nextgov, GSA has filed an RFI on behalf of CISA to help it perform market research to determine the availability of Threat Intelligence Enterprise Services that would help it develop and configure a cyber threat intelligence exchange platform. Read more…

Deadline pushed to Dec. 14 for comments on possible federal cyber insurance program for critical infrastructure

Nextgov reports the federal government has extended until Dec. 14 the deadline for public input on the question of using federal funds to help insure critical infrastructure providers for losses due to cyber attacks, and how such a federal program might be designed. Read more…

GAO: Secret Service zero trust initiatives must incorporate OMB guidance

A new GAO report finds that while the Secret Service has made progress in enterprisewide adoption of zero trust cybersecurity, the agency needs to modify such efforts to incorporate more recent OMB zero trust guidance, according to Nextgov. Read more…

Tech group seeks exemptions from cyber incident reporting, financial orgs disagree

Nextgov cites a letter from a trade association representing some large commercial information and communications technology providers as saying they should be exempt from rules to implement the new cyber incident reporting law, but that groups representing the financial sector don’t agree.  Read more…

GAO faults Interior Department agency on cyber risk management failures

CyberScoop says the a GAO report has determined that an Interior Dept. agency that oversees offshore oil and gas facilities has taken “few actions” to address cybersecurity risks in that sector.  Read more…

Survey: Costs of cyber attacks soar, while full use of zero trust is lagging

Dark Reading cites a new survey that found cyberattacks are costing organizations over $1 million per incident, and that only twelve percent of the organizations surveyed have fully deployed zero trust architecture.  Read more…

UGa team develops system to help deal with cyber vulnerability of smart home hubs

Homeland Security News Wire says University of Georgia researchers have developed a system that can disclose the cyber activity of smart home hubs – devices that enable individuals to control all of their smart devices from one spot but which are vulnerable to hackers – nearly 90% of the time.Read more…

Zero trust and the manufacturing sector

Venture Beat explores how zero trust can help the manufacturing sector, but warns manufacturers to beware of some vendor claims and to use NIST resources that are designed for them. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.