office of management and budget

Microsoft rolls out expanded logging six months after Chinese breach

Posted on February 21, 2024 by eliasgroll

The technology giant has come under heavy criticism for not making robust logging features available by default.

The post Microsoft rolls out expanded logging six months after Chinese breach appeared first on CyberScoop.

Continue reading Microsoft rolls out expanded logging six months after Chinese breach→

Software bills of material face long road to adoption

Posted on December 22, 2022 by Elias Groll

Most cybersecurity leaders want a standard recipe list for software, but implementing an effective compliance regime remains the challenge.

The post Software bills of material face long road to adoption appeared first on CyberScoop.

Continue reading Software bills of material face long road to adoption→

Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

Posted on October 28, 2021 by Tim Starks

Federal Chief Information Security Officer Chris DeRusha, who has played an integral part in responding to the SolarWinds hack, is getting a second gig as deputy national cyber director for federal cybersecurity. National Cyber Director Chris Inglis hailed DeRusha’s appointment on Twitter Thursday. “Personally announcing Federal CISO Chris DeRusha as the new Deputy National Cyber Director for Federal Cybersecurity,” Inglis tweeted. “We are excited to see how Chris’s dual designation as Federal CISO at @OMBPress will improve federal coherence in the cyber domain.” DeRusha steps into his additional role at a time when questions persist on Capitol Hill about the breakdown of cyber roles within the federal bureaucracy. The national cyber director’s office is the newest addition to that bureaucracy, established only this year. The office is coming into being as the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency is increasingly focused on incident response and information sharing in […]

The post Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles appeared first on CyberScoop.

Continue reading Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles→

Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO

Posted on January 26, 2021 by Sean Lyngaas

The former top cybersecurity official on Joe Biden’s presidential campaign said late Monday that he is now in charge of helping protect the federal government’s sprawling bureaucracy from hackers. Chris DeRusha, also a former White House cybersecurity official in the Obama administration, announced his appointment as the federal government’s new chief information security officer on LinkedIn. Maria Roat, the acting Federal CIO, confirmed DeRusha’s appointment early Tuesday. As Federal CISO, DeRusha will be responsible for coordinating cybersecurity policy across the federal bureaucracy and prodding agencies to fortify their networks in the wake of a suspected Russian hacking campaign that has infiltrated the departments of Justice, Energy and others. DeRusha is returning to familiar territory, having served as a White House cybersecurity adviser when Biden was vice president. DeRusha is also well-versed in election security issues, having worked as Michigan’s chief security officer before the Biden campaign hired him to prevent a repeat […]

The post Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO appeared first on CyberScoop.

Continue reading Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO→

CISA orders agencies to set up vulnerability disclosure programs

Posted on September 2, 2020 by Sean Lyngaas

Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector. Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs). CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life. “We believe that better security of government computer systems can only be realized when the people are given the opportunity to help,” CISA Assistant Director […]

The post CISA orders agencies to set up vulnerability disclosure programs appeared first on CyberScoop.

Continue reading CISA orders agencies to set up vulnerability disclosure programs→

The case for a National Cyber Director

Posted on July 14, 2020 by cyber_admin

Although the aftershocks of COVID-19 will last for years, one result is already clear — shifting more activity online has increased our society’s digital dependence even faster than expected. The federal government’s cybersecurity capabilities need to keep pace. Although some Federal agencies, particularly the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), have made significant improvements over the last few years, at least three factors impede government-wide progress. First, cybersecurity’s cross-cutting nature does not fit with the U.S. government’s bureaucratic structure. Second, agencies are not incentivized to sustain the degree of coordination required for effective cybersecurity. Third, a lack of central leadership hinders effective incident response. No single policy action will solve these problems, but creating a National Cyber Director along the lines of what the Cyberspace Solarium Commission recommends would be a good start. Bureaucracies prefer issues that fit neatly into one organization’s mission. […]

The post The case for a National Cyber Director appeared first on CyberScoop.

Continue reading The case for a National Cyber Director→

As threats increase, audit finds federal agencies struggle to implement cyber plans

Posted on December 19, 2018 by Sean Lyngaas

A majority of federal civilian agencies examined by a government watchdog are struggling to implement cybersecurity programs capable of adapting to a changing threat landscape. “Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” the Government Accountability Office warned in a report Tuesday that assessed security implementation at the departments of Homeland Security, Justice, Energy and others. Seventeen of 23 inspectors general said their agencies’ cybersecurity programs were not being effectively put into place, and that they had “significant information security deficiencies” in financial reporting controls, the GAO said. The audit is a reminder that, despite years of attention and billions of dollars spent, there is often a discrepancy between objectives and results in the cybersecurity of federal agencies. Agencies were considered to have an “effective” cybersecurity program if they had, at a minimum, “quantitative and qualitative measures on the effectiveness of policies, procedures, and strategy” across […]

The post As threats increase, audit finds federal agencies struggle to implement cyber plans appeared first on CyberScoop.

Continue reading As threats increase, audit finds federal agencies struggle to implement cyber plans→

Federal Agencies Face an Uphill Battle in Cyber-Preparedness

Posted on June 4, 2018 by Tara Seals

In the wake of the elimination of the federal cybersecurity czar position, it turns out that three-quarters of agencies are unprepared for an attack. Continue reading Federal Agencies Face an Uphill Battle in Cyber-Preparedness→

White House releases 2016 agency cyberattack stats, claiming progress

Posted on March 10, 2017 by Shaun Waterman

The White House Office of Management and Budget released fiscal 2016 statistics on cybersecurity measures and incidents at U.S. agencies Friday, using new methodologies that make comparison with prior years essentially impossible, but nonetheless saying the government had made progress. For the first time, agencies were required to report only incidents that affected their operations, and to break those incidents down based on the attack vector used. “This is a shift from the previous reporting methodology,” wrote Grant Schneider, the acting federal chief information security officer, in a blog post unveiling the findings. He added that the shift meant “that the FY 2016 incident data is not comparable to prior years’ incident data.” But he stressed the new reporting requirement OMB, the Department of Homeland Security and other agencies “to focus on incidents that may impact operations.” Of the 30,899 incidents that agencies reported, only 16 were determined by agency heads to be “major […]

The post White House releases 2016 agency cyberattack stats, claiming progress appeared first on Cyberscoop.

Continue reading White House releases 2016 agency cyberattack stats, claiming progress→

Experts: Trump to follow Obama’s lead on cyber policy

Posted on February 23, 2017 by Shaun Waterman

In cybersecurity policy, if in nothing else, there is likely to be a great deal of continuity between the Trump presidency and its predecessor, scholars and executives said Wednesday — seizing in particular on a renewed push for federal IT modernization expected from the incoming administration. “What you see in the draft [executive order on cybersecurity the administration has […]

The post Experts: Trump to follow Obama’s lead on cyber policy appeared first on Cyberscoop.

Continue reading Experts: Trump to follow Obama’s lead on cyber policy→