Trump pauses on grants, aid leaves federal cyber programs in state of confusion

A series of moves from the president raises questions about what’s next for the federal government’s many cyber grant and aid initiatives.

The post Trump pauses on grants, aid leaves federal cyber programs in state of confusion appeared first on CyberScoop.

Continue reading Trump pauses on grants, aid leaves federal cyber programs in state of confusion

Bipartisan cloud study recommends speeding federal adoption, or remain vulnerable on cyber

The CSIS commission recommended a rethinking of existing procedures to quicken federal agencies’ pace.

The post Bipartisan cloud study recommends speeding federal adoption, or remain vulnerable on cyber appeared first on CyberScoop.

Continue reading Bipartisan cloud study recommends speeding federal adoption, or remain vulnerable on cyber

National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office

It’s made real strides, but there’s a lot more that it could be doing, he said, and more that needs to be done.

The post National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office appeared first on CyberScoop.

Continue reading National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office

Microsoft rolls out expanded logging six months after Chinese breach

The technology giant has come under heavy criticism for not making robust logging features available by default. 

The post Microsoft rolls out expanded logging six months after Chinese breach appeared first on CyberScoop.

Continue reading Microsoft rolls out expanded logging six months after Chinese breach

Software bills of material face long road to adoption

Most cybersecurity leaders want a standard recipe list for software, but implementing an effective compliance regime remains the challenge.

The post Software bills of material face long road to adoption appeared first on CyberScoop.

Continue reading Software bills of material face long road to adoption

Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

Federal Chief Information Security Officer Chris DeRusha, who has played an integral part in responding to the SolarWinds hack, is getting a second gig as deputy national cyber director for federal cybersecurity. National Cyber Director Chris Inglis hailed DeRusha’s appointment on Twitter Thursday. “Personally announcing Federal CISO Chris DeRusha as the new Deputy National Cyber Director for Federal Cybersecurity,” Inglis tweeted. “We are excited to see how Chris’s dual designation as Federal CISO at @OMBPress will improve federal coherence in the cyber domain.” DeRusha steps into his additional role at a time when questions persist on Capitol Hill about the breakdown of cyber roles within the federal bureaucracy. The national cyber director’s office is the newest addition to that bureaucracy, established only this year. The office is coming into being as the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency is increasingly focused on incident response and information sharing in […]

The post Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles appeared first on CyberScoop.

Continue reading Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO

The former top cybersecurity official on Joe Biden’s presidential campaign said late Monday that he is now in charge of helping protect the federal government’s sprawling bureaucracy from hackers. Chris DeRusha, also a former White House cybersecurity official in the Obama administration, announced his appointment as the federal government’s new chief information security officer on LinkedIn. Maria Roat, the acting Federal CIO, confirmed DeRusha’s appointment early Tuesday. As Federal CISO, DeRusha will be responsible for coordinating cybersecurity policy across the federal bureaucracy and prodding agencies to fortify their networks in the wake of a suspected Russian hacking campaign that has infiltrated the departments of Justice, Energy and others. DeRusha is returning to familiar territory, having served as a White House cybersecurity adviser when Biden was vice president. DeRusha is also well-versed in election security issues, having worked as Michigan’s chief security officer before the Biden campaign hired him to prevent a repeat […]

The post Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO appeared first on CyberScoop.

Continue reading Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO

CISA orders agencies to set up vulnerability disclosure programs

Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector. Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs). CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life. “We believe that better security of government computer systems can only be realized when the people are given the opportunity to help,” CISA Assistant Director […]

The post CISA orders agencies to set up vulnerability disclosure programs appeared first on CyberScoop.

Continue reading CISA orders agencies to set up vulnerability disclosure programs

The case for a National Cyber Director

Although the aftershocks of COVID-19 will last for years, one result is already clear — shifting more activity online has increased our society’s digital dependence even faster than expected. The federal government’s cybersecurity capabilities need to keep pace. Although some Federal agencies, particularly the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), have made significant improvements over the last few years, at least three factors impede government-wide progress. First, cybersecurity’s cross-cutting nature does not fit with the U.S. government’s bureaucratic structure. Second, agencies are not incentivized to sustain the degree of coordination required for effective cybersecurity. Third, a lack of central leadership hinders effective incident response. No single policy action will solve these problems, but creating a National Cyber Director along the lines of what the Cyberspace Solarium Commission recommends would be a good start. Bureaucracies prefer issues that fit neatly into one organization’s mission. […]

The post The case for a National Cyber Director appeared first on CyberScoop.

Continue reading The case for a National Cyber Director