Collaborate Disseminate
The Federal Cybersecurity Workforce Expansion Act would establish an apprenticeship program at CISA and a VA pilot program to train veterans on cyber work.
The post Bipartisan House legislation calls for two new federal cybersecurity training programs appeared first on CyberScoop.
Two Democratic senators are calling on the departments of State and Veterans Affairs to brief lawmakers on how their agencies have been impacted by the SolarWinds breach. The breach, in which suspected Russian government-backed hackers backdoored a network management product called SolarWinds Orion, could have infected thousands of federal government agencies and private sector entities with malware, according to SolarWinds. And although the State Department has reportedly been compromised during the course of the supply-chain espionage operation, the department has not been forthcoming about the extent of the damage, according to Sen. Bob Menendez, D-N.J. “While several other cabinet agencies that are victims of this cybersecurity breach have publicly acknowledged having been attacked, to date the Department of State has been silent on whether its computer, communication and information technology systems were compromised,” Menendez wrote in a letter he sent Wednesday to Secretary of State Mike Pompeo. The Department of […]
The post Lawmakers want more transparency on SolarWinds breach from State, VA appeared first on CyberScoop.
Continue reading Lawmakers want more transparency on SolarWinds breach from State, VA
For the first time, Americans will have the option to use a cryptographically secure USB keystick to protect their online accounts on federal government websites. Owners of online accounts protected by identity-proofing start up ID.me will be able to use keysticks conforming to the Universal Second Factor, or U2F, standard promulgated by the Fast IDentity Online, or FIDO Alliance, ID.me announced Tuesday. The option will be available to users alongside existing two-factor services, such as a code sent by SMS text message, or a call to a landline, the company said. It’s the first time U2F keysticks — considered a gold-standard protection against phishing and other forms of online identity theft — have been available to the users of federal online services. ID.me did not disclose the three federal agencies it said were buying the company’s identity proofing services — but it has in the past done very public work to provide veterans secure […]
The post Some federal websites now allowing users to login via secure USB keys appeared first on Cyberscoop.
Continue reading Some federal websites now allowing users to login via secure USB keys
The company that pioneered safety certification for electrical devices at the end of the 19th century and went on to represent a reassuring stamp of approval in the 20th century has quietly begun to issue cybersecurity certifications for networked software. Underwriters Laboratories, or UL as most people know from its ubiquitous logo, launched its Cybersecurity Assurance Program last year, publishing its 2900 standard that covers the security of software for network-connectable devices and special supplements with additional requirements particular to medical devices and industrial control systems. The requirements were drafted with the help of academics, industry experts and government officials — including federal “three-letter agencies” — UL Principal Engineer for Medical Software and Systems Anura S. Fernando told CyberScoop. The feds “provided us with some direction on what they’d like to see improved from a cybersecurity national posture point of view,” he said. According to a UL factsheet, its 2900 series of standards tests and evaluate products based on […]
The post UL now wants to ubiquitous in cybersecurity, including medical devices and industrial controls appeared first on Cyberscoop.