cdm – WindowsTechs.com

Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says

Posted on March 18, 2021 by Tim Starks

In one of the bluntest assessments of U.S. government security shortcomings around the SolarWinds hack, a top Department of Homeland Security official told senators on Thursday that federal defenses simply aren’t aligned properly to detect advanced attackers. The testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses points to a forthcoming reorientation of how DHS’s Cybersecurity and Infrastructure Security Agency protects agencies from threats. It’s a shift resulting from the fallout from the hack at federal contractor SolarWinds that resulted in breaches at numerous federal agencies and major technology companies. And it’s a shift that Congress is aiding with $650 million that it recently appropriated for CISA. “Part of the challenge is that you can only secure what you can see,” Brandon Wales, acting director of the agency, told committee Chairman Gary Peters, D-Mich. “Over the past decade our system of protection has largely relied […]

The post Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says appeared first on CyberScoop.

Continue reading Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says→

Top Security Objectives for CDM Compliance

Posted on April 3, 2019 by Jacqueline von Ogden

As more organizations are required to comply with Phase 3 Continuous Diagnostics & Mitigations (CDM) requirements, the objectives for organizations to meet those requirements have become increasingly clear.
The post Top Security Ob… Continue reading Top Security Objectives for CDM Compliance→

CDM Compliance and Cybersecurity Risks

Posted on February 21, 2019 by Jacqueline von Ogden

The Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) is a critical component of the government’s cybersecurity posture. Government agencies and organizations need to both understand and align with the C… Continue reading CDM Compliance and Cybersecurity Risks→

DHS supply chain and CDM bills pass the House

Posted on September 5, 2018 by Zaid Shoorbajee

The House passed two bills Tuesday that aim to bolster the Department of Homeland Security’s cybersecurity efforts as they relate to securing the agency’s own vendor supply chain as well as securing other federal agencies’ networks. Both bills now head to the Senate. One of them, the Securing the Homeland Security Supply Chain Act of 2018, would give the secretary of Homeland Security authority to block IT vendors deemed to pose a supply chain risk from contracting with the agency. “There is no question that nation-states and criminal actors are constantly trying to exploit U.S. government and private sector systems to steal information or insert potentially harmful hardware or software,” said the bill’s sponsor, Rep. Peter King, R-N.Y., on the House floor before a voice vote. King cited recent and ongoing U.S. government scrutiny of Russian cybersecurity company Kaspersky Lab and Chinese telecommunications companies Huawei and ZTE as justification for […]

The post DHS supply chain and CDM bills pass the House appeared first on Cyberscoop.

Continue reading DHS supply chain and CDM bills pass the House→

DOD official: Automation can save Pentagon from drowning in data

Posted on April 17, 2018 by Sean Lyngaas

The Defense Department must do more to take advantage of automation tools to avoid drowning in a sea of network data and risk missing cyber threats, according to a top department official. “Right now, we buy a system for every use case, so we’re probably generating a lot more information than we need to,” Patricia Janssen, director of cybersecurity planning and implementation in the DOD CIO’s office, said Monday at the RSA Public Sector Conference in San Francisco. “How do we bring all that data together to help us manage and identify our vulnerabilities and our weaknesses?” Janssen asked. Automation tools can help DOD cut through the “noise” of unneeded data, she said at a panel discussion of continuous monitoring for cyber threats. The department’s thousands of computer systems make automation imperative to keep those systems patched and identify insider threats, Janssen added. Training staff to carry that out manually simply […]

The post DOD official: Automation can save Pentagon from drowning in data appeared first on Cyberscoop.

Continue reading DOD official: Automation can save Pentagon from drowning in data→

Booz Allen scores $621M DHS contract for government-wide cybersecurity program

Posted on February 2, 2018 by Chris Bing

Multinational consulting giant Booz Allen Hamilton has been awarded a six-year, $621 million contract to further develop and implement the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, a government-wide cybersecurity effort to monitor and protect federal networks. The award is tied to the Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Program, part of CDM Phase 3. Booz Allen was among a small group of contractors also involved in prior stages, providing a total of 13 federal departments and agencies with cybersecurity software that can help spot and mitigate malicious activity. “Our work will expand into new areas of cybersecurity, like incident response and automation,” Marcie Nagel, a Booz Allen principal and leader of the firm’s CDM work, said in a release. “This work aims to help these federal departments and agencies leverage new capabilities that will ultimately empower our clients to defend their networks faster with […]

The post Booz Allen scores $621M DHS contract for government-wide cybersecurity program appeared first on Cyberscoop.

Continue reading Booz Allen scores $621M DHS contract for government-wide cybersecurity program→

Budget would boost DHS cyber efforts in NCCIC, CDM

Posted on May 23, 2017 by Shaun Waterman

President Trump’s budget proposal, unveiled Tuesday, would boost spending on the Department of Homeland Security’s 24-hour digital-attack watch center by almost $50 million and more than double the funding for a governmentwide online security tools program to $279 million. The proposal would also treble the size of the tiny team of DHS cybersecurity advisers who work with key businesses across the country. Despite these increases, not every tech element of the department got its funding goosed. Research and development in the DHS Science and Technology Directorate was slashed by $100 million and the allocation for the CIO office was also down $60 million. In documents released by the department and the White House Office of Management and Budget, the administration says it is asking for $3.28 billion for DHS’s National Protection and Programs Directorate, which includes most of the department’s cyber functions. It would be an increase of $196 million over fiscal 2017. The […]

The post Budget would boost DHS cyber efforts in NCCIC, CDM appeared first on Cyberscoop.

Continue reading Budget would boost DHS cyber efforts in NCCIC, CDM→

Sen. Warner wants action on WannaCry patching from DHS, OMB

Posted on May 16, 2017 by Shaun Waterman

Democratic Sen. Mark Warner has written to federal officials asking for details about how agencies patched their systems to protect them against the fast-spreading WannaCry ransomware. White House homeland security adviser Thomas Bossert told reporters during the daily briefing Monday that no federal systems had been infected, but Warner noted in his letter that despite a National Institute of Standards and Technology recommendation that security-related software updates “be installed within a defined timeframe (in many cases seven to 30 days for critical patches),” the Government Accountability Office last year found “numerous instances where agencies failed to comply with those deadlines.” Microsoft included a fix for the vulnerability in a regularly scheduled patch in mid-March. Over the weekend, the company took the unprecedented step of releasing a patch for several discontinued but still widely used software products, including Windows XP. In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of […]

The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.

Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB→

Sen. Warner wants action on WannaCry patching from DHS, OMB

Posted on May 16, 2017 by Shaun Waterman

The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.

Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB→

Six big vendors dominate a fragmented federal cyber market, numbers show

Posted on April 20, 2017 by Shaun Waterman

Federal procurement of cybersecurity goods and services is highly fragmented, according to new research published this week, with more than 7,600 different companies winning U.S. government contracts during the past six years. But despite this long tail of small awards, the market space is dominated by a handful of familiar names. Only six contractors — Leidos, Northrup Grumman, Booz Allen Hamilton, IBM, Hewlett Packard and General Dynamics — earned a billion dollars or more in cyber contracts from the U.S. government in fiscal 2011-16, according to the new report from Govini, a consultancy that crunches procurement numbers. “Acquisition of cybersecurity solutions is highly fragmented now,” Arun Sankaran, Govini’s director of professional services, told CyberScoop. He was the lead author of the report, which analyzes the $45.9 billion obligated between 2011-2016 in three categories of federal cybersecurity spending: defense, resilience and threat analytics. Spending rose significantly in the second half of that period, from an average of $6.3 billion […]

The post Six big vendors dominate a fragmented federal cyber market, numbers show appeared first on Cyberscoop.

Continue reading Six big vendors dominate a fragmented federal cyber market, numbers show→