Microsoft rolls out expanded logging six months after Chinese breach

The technology giant has come under heavy criticism for not making robust logging features available by default. 

The post Microsoft rolls out expanded logging six months after Chinese breach appeared first on CyberScoop.

Continue reading Microsoft rolls out expanded logging six months after Chinese breach

A tangled mess: Government rules for social media security lack clarity

In wake of SEC breach, federal policymakers, agencies, and experts can’t seem to agree on whether agencies must use MFA on social media.

The post A tangled mess: Government rules for social media security lack clarity appeared first on CyberScoop.

Continue reading A tangled mess: Government rules for social media security lack clarity

Only 3 agencies have hit deadline for cyber event logging standards, GAO finds

The Department of Agriculture, the National Science Foundation and the Small Business Administration are the only CFO Act agencies that met OMB’s August 2023 timeline for the implementation of enhanced logging requirements.

The post Only 3 agencies have hit deadline for cyber event logging standards, GAO finds appeared first on CyberScoop.

Continue reading Only 3 agencies have hit deadline for cyber event logging standards, GAO finds

Federal agencies are falling behind on meeting key privacy goal set five years ago

Several federal agencies are playing catch-up on meeting recommendations from NIST detailed in a 2018 framework for how government should incorporate privacy into their risk management strategies.

The post Federal agencies are falling behind on meeting key privacy goal set five years ago appeared first on CyberScoop.

Continue reading Federal agencies are falling behind on meeting key privacy goal set five years ago

White House releases cybersecurity budget priorities for FY 2025

The Biden administration noted that department and agencies are expected to follow the recently released National Cybersecurity Strategy.

The post White House releases cybersecurity budget priorities for FY 2025 appeared first on CyberScoop.

Continue reading White House releases cybersecurity budget priorities for FY 2025

Biden administration seeks money to bolster Ukraine war-related cybersecurity at home, abroad

The Biden administration is requesting additional funds from Congress to help Ukraine with its digital defenses, strengthen cybersecurity in Europe and enhance U.S. capabilities to respond to the fallout from the Russian invasion. The overall fiscal 2022 supplemental request, sent to Capitol Hill this week, seeks $10 billion in Ukraine-related needs and $22.5 billion in funding related to COVID-19. Among the bigger pots of cybersecurity-focused funding the administration is requesting is $1.25 billion for the Defense Department to assist Ukraine with support on “operational surges across multiple national defense components, including accelerated cyber capabilities, weapons systems upgrades, increased intelligence support, and classified programs.” A $1.75 billion request for the State Department to provide economic aid to Ukraine includes support for “continuity of government” and resilience work, including cybersecurity and efforts to counter disinformation. Other funds sought for Ukraine assistance include Department of Energy money to evaluate cybersecurity needs for connecting Ukraine’s […]

The post Biden administration seeks money to bolster Ukraine war-related cybersecurity at home, abroad appeared first on CyberScoop.

Continue reading Biden administration seeks money to bolster Ukraine war-related cybersecurity at home, abroad

Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]

The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.

Continue reading Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

Federal Chief Information Security Officer Chris DeRusha, who has played an integral part in responding to the SolarWinds hack, is getting a second gig as deputy national cyber director for federal cybersecurity. National Cyber Director Chris Inglis hailed DeRusha’s appointment on Twitter Thursday. “Personally announcing Federal CISO Chris DeRusha as the new Deputy National Cyber Director for Federal Cybersecurity,” Inglis tweeted. “We are excited to see how Chris’s dual designation as Federal CISO at @OMBPress will improve federal coherence in the cyber domain.” DeRusha steps into his additional role at a time when questions persist on Capitol Hill about the breakdown of cyber roles within the federal bureaucracy. The national cyber director’s office is the newest addition to that bureaucracy, established only this year. The office is coming into being as the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency is increasingly focused on incident response and information sharing in […]

The post Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles appeared first on CyberScoop.

Continue reading Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

OMB orders federal agencies to let CISA access defenses of devices, servers

The White House is directing agencies to let the Cybersecurity and Infrastructure Security Agency work with them on their efforts to protect endpoints, such as computer workstations and servers — an area where officials have said the federal government fell short in the SolarWinds hack. The Office of Management and Budget issued a memo on Friday that sets a 90-day deadline for CISA, the main cyber wing of the Department of Homeland Security, to access agencies’ current endpoint detection and response deployments. It then spells out timelines for other steps to improve their endpoint defenses. OMB says the goal is to establish “improved agency capabilities for early detection, response, and remediation of cybersecurity incidents on their networks, using advanced technologies and leading practices.” The memo is an outgrowth of President Joe Biden’s cybersecurity executive order from May. And the focus on endpoints reflects one of the main takeaways from a […]

The post OMB orders federal agencies to let CISA access defenses of devices, servers appeared first on CyberScoop.

Continue reading OMB orders federal agencies to let CISA access defenses of devices, servers

Federal CISO forecasts one of toughest tasks in sweeping Biden cyber executive order

At 34 pages, President Joe Biden’s May executive order on cybersecurity is lengthier than many such White House directives. It’s going to keep federal agencies busy for a long time implementing a host of protective measures, but one might prove a heavier burden, according to Federal Chief Information Security Officer Chris DeRusha. The executive order establishes cybersecurity event log requirements for agencies, meant to improve the government’s ability to investigate and clean-up attacks. “To do monitoring and understand what activity is occurring or has occurred on your network, that’s a huge multi-year exercise that each agency’s going to have to undertake,” DeRusha said during an interview that aired Tuesday as part of CyberTalks, a summit presented by CyberScoop. But it’s a very important part of the order, he said. “When you think about it it’s really a key pillar of … cyber hygiene,” said DeRusha. Under the order, the Homeland […]

The post Federal CISO forecasts one of toughest tasks in sweeping Biden cyber executive order appeared first on CyberScoop.

Continue reading Federal CISO forecasts one of toughest tasks in sweeping Biden cyber executive order