A new security directive from the Transportation Security Administration that takes aim at identifying, protecting against and responding to threats to companies in the pipeline sector may unintentionally hinder the process, an expert said. A response to the ransomware attack…

The FBI’s cybersecurity investigations would be more successful if cybercrime victims were more forthcoming, Director Chris Wray told Senate appropriators on Wednesday. “If we don’t solve the riddle of how to get the private sector promptly and transparently working with…

State, local, tribal and territorial governments that are members of the Multi-State Information Sharing and Analysis Center (MS-ISAC) now have free access to Deloitte’s Cyber Detect and Respond Portal, a secure online platform that provides cyber threat intelligence. The portal delivers in-depth…

Governors in 27 have states called on the National Guard to help state and local agencies with cyber incident response and remediation, cyber defense analysis, election security planning, threat assessment and interagency planning, according to a blog by think tank…

MITRE announced two new tools – D3FEND and ATT&CK Workbench — to help cybersecurity professionals defend their networks. The D3FEND framework, funded by the National Security Agency and still in the experimental research phase, helps cybersecurity professionals tailor defenses for…

The National Institute of Standards and Technology released Version 1.0.0 of the Open Security Controls Assessment Language (OSCAL), a machine-readable language. The agency has been working with the Federal Risk and Authorization Management Program (FedRAMP) to standardize authorization packages and…

The water industry, like most critical infrastructure sectors, shows a range of cybersecurity preparedness levels, even as threats grow. A June survey conducted by the Water Information Sharing and Analysis Center (Water-ISAC) and the Water Sector Coordinating Council includes responses from…

Today’s leading cyber threat is, unarguably, ransomware. The recent DarkSide ransomware attack on Colonial Pipeline underscored why organizations shouldn’t pay ransoms for stolen data and why they need a solid business continuity and disaster recovery (BCDR) plan. Despite complying with…

The Cybersecurity and Infrastructure Security Agency doesn’t have the data to determine if agencies are segmenting and segregating their networks, according to CISA acting Director Brandon Wales. In a June 3 response to questions from Sen. Ron Wyden (D-Ore.) about…

When agencies think about up-leveling cybersecurity, many start with reinforcing their firewalls and even legacy anti-virus software. However, with the rise of ransomware attacks and catastrophic breaches, it is clear that perimeter security alone is not enough. The recent White…