This week’s Cybersecurity News in Review includes coverage of a number of reports and official government warnings about cyberthreats against critical infrastructure, deepfake threats, an attack against an unnamed aviation organization, identity-related suspicious reports in the financial sector, cyber threats and risks in the hospitality sector, plans for organizations overall to increase spending on IAM and cloud, and growing concern about the impact of quantum computing on cybersecurity. There are also a number of articles on cybersecurity actions by the Cybersecurity and Infrastructure Security Agency (CISA), as well as by other federal government regarding FedRAMP, critical infrastructure, medical devices, DOE electric grid project funding, FISMA, HHS cyber threat intelligence and information sharing, and state and local government cyber grants. Finally, there are reports on DoD’s unclassified summary of its 2023 cyber strategy, the expected release of the CMMC 2.0 rule, DISA cyber and cloud pilot programs, and DoD’s review of plans to get to zero trust by 2027.
DHS report says critical infrastructure is being targeted for cyber attacks via AI
CyberScoop says a DHS annual report warns American adversaries are increasingly using artificial intelligence to target U.S. critical infrastructure. Read more…
Feds issue report on deepfake threats
Security Week reports several U.S. agencies published a cybersecurity information sheet Sept. 12 on threats posed by deepfakes and how organizations can identify and respond to deepfakes. Read more…
Aviation organization hacked by nation-state bad actors
According to CyberScoop, CISA, the FBI and U.S. Cyber Command have issued an alert warning that nation-state hackers have gained access through internet-facing services to an unnamed aviation sector organization. Read more…
Treasury Department: $212 billion in financial sector suspicious cyber activity related to identity
Nextgov/FCW cites Treasury Department officials as flagging over $200 billion in financial sector suspicious activity reports as being tied to identity. Read more…
Hospitality sector faces cyber challenges
Hotel Management takes a look at several reports detailing the unique cybersecurity risks facing the hospitality industry. Read more…
Here’s what CISOs are investing in to boost cybersecurity efforts
CSO says a new survey finds many CISOs are planning to increase their budgets for identity and access management, as well as improved third-party risk management, AI security, and human error/insider risk reduction solutions. Read more…
Cybersecurity’s future quantum problem
Security Week examines the growing cybersecurity risks posed by quantum computing. Read more…
CISA issues open source software security game plan
Nextgov/FCW reports on the details of CISA’s a new “roadmap” the agency has issued as part of its Open Source Software Security efforts to secure such software used by the various critical infrastructure sectors. Read more…
CISA plans “secure-by-design” guidance, cyber best practices effort
According to Nextgov/FCW, CISA Director Jen Easterly says the agency plans to shortly release new “secure-by-design” guidance and launch a public awareness campaign on cybersecurity best practices for citizens and technology users as a whole. Read more…
Easterly says CISA rules on critical infrastructure cyber incident reporting to be finalized in coming months
Cybersecurity Dive quotes CISA Director Jen Easterly as expecting the development of reporting rules to implement the Cyber Incident Reporting for Critical Infrastructure Act to be completed by the end of this year or early 2024 at the latest. Read more…
CISA offers water utilities free vulnerability scanning
Security Week says CISA is offering a new, free vulnerability scanning service for public utility drinking water and wastewater systems. Read more….
What’s next for CISA’s CDM program? Advanced, proactive cyber defense
Nextgov/FCW looks at how CISA”s Continuous Diagnostics and Mitigation program has been used in recent years, and its requested budget’s plan for a “new era” of CDM focused on advanced, proactive cyber defense operations. Read more…
Cyber advisory panel provides CISA with over 100 recommendations for action
CyberScoop reports CISA’s Cybersecurity Advisory Committee has issued a list of more than 100 recommendations for the agency to act upon, including taking steps to boost corporate board cybersecurity expertise develop a national cybersecurity alert mechanism and better protect high-risk communities from surveillance. Read more…
CISA wants vendors to make commitments on education technology cybersecurity
Nextgov/FCW describes a new CISA effort to encourage participating education technology software vendors to make certain commitments to ensure the security of their products. Read more…
Here’s what to expect in upcoming FedRAMP guidance
FedScoop cites the deputy federal CIO discussing the new policy guidance expected soon to help agencies comply with the Federal Risk and Authorization Management Program (FedRAMP). Read more…
Rating system for critical infrastructure cybersecurity may be in the works
Cybersecurity Dive says the Biden Administration is considering possibly instituting a “letter grade raring” for critical infrastructure cybersecurity in an effort to hold owners and operators more accountable. Read more…
FDA ends grace period, will enforce medical device cyber rules
Dark Reading reports the FDA is preparing to enforce on October 1 its congressional grant to authority to reject medical devices that do not comply with new cybersecurity requirements, ending the FDA’s grace period that has been in effect the past six months. Read more…
Energy Dept. releases $39M for power grid cyber projects
Nextgov/FCW says the Department of Energy and announced release of $39 million in new funding for nine National Laboratory projects to protect energy grid cybersecurity. Read more…
Government funding deadline complicates agency FISMA cyber efforts
Nextgov/FCW looks at how the possible shutdown of the federal government Oct. 1 is coinciding with a new deadline for agency FISMA compliance. Read more…
HHS working to boost cyber threat intel, info sharing
Nextgov/FCW cites a Department of Health and Human Services official on efforts being made to increase and improve cyber threat intelligence operations and information sharing with other agencies. Read more…
State and local cybersecurity grant program update
Government Technology dives into how state governments are planning to use the next $1 billion in cybersecurity grants for state and cities that the federal government is preparing to release, as well as where the states stand on applying for the grants. Read more…
DoD’s cyber strategy highlights new capabilities, information sharing
Breaking Defense says the Pentagon has released an unclassified summary of the 2023 Defense Department Cyber Strategy, which it says includes a focus on developing new cyber capabilities and expanding information sharing with allies and partners. Read more…
CMMC 2.0 rule to be released late this year, possible final rule next fall
MeriTalk quotes top officials as saying OMB is expected to give approve for DoD to release its updated Cybersecurity Maturity Model Certification (CMMC) rule in November or December, to be followed by public comments and then a final rule is anticipated in the fall of 2024. Read more…
DISA pilots seek to boost military cybersecurity, cloud
Federal News Network says DISA has 14 ongoing or recently completed initiatives to improve cybersecurity and cloud computing for the military services. Read more…
DoD to review services’ zero trust plans
C4ISRNet quotes Pentagon CIO John Sherman on DoD efforts to begin reviewing plans to implement zero-trust measures across the military, consistent with the strategy published last November, in order to reach zero trust by 2027. Read more…
