Cyber Security News

What we’re talking about

cmmc final rule
Cyber Security

CMMC Final Rule to be Implemented in 2025

The Department of Defense (DoD) has released its Cybersecurity Maturity Model Certification (CMMC) final rule.  This rule will now require contractors to verify that required security measures have been implemented for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).  These requirements will are to be implemented in early to mid-2025 when verification of security

Read More »
Validated End User
Cyber Security

Validated End User (VEU) Program Expanded

The Bureau of Industry and Security (BIS) has expanded its Validated End User (VEU) Program to include controls for data centers in an effort to create a trusted ecosystem for artificial intelligence (AI) development.  The VEU will now review applicants data centers to ensure application of appropriate safeguards and security measures.  This update to the

Read More »
DFAR Amendment for Contractor Implementation
Cyber Security

DFAR Amendment for Contractor Implementation

The Department of Defense (DoD) has proposed a Defense Federal Acquisition Regulation Supplement (DFAR) amendment for contractor implementation of Cybersecurity Maturity Model Certification (CMMC).  DFARS case 2019-D041 was first published in September 2020 with an effective date of November 20, 2020 to allow for the development of CMMC 2.0.  CMMC 2.0 establishes a framework for

Read More »
Suit Filed Against Georgia Tech
Cyber Security

Suit Filed Against Georgia Tech by U.S. Government

A suit filed against Georgia Tech by the United States Government alleges that the university’s affiliate, Georgia Tech Research Corporation (GTRC) knowingly failed to meet its cybersecurity requirements for the Department of Defense (DoD).  The suit was initiated by a whistleblower complaint from members of Georgia Tech’s Cybersecurity team.   The lawsuit alleges that the Georgia

Read More »
Integrating Physical Security Requirements
Cyber Security

Integrating Physical Security Requirements for Businesses

Integrating physical security requirements is an area of growing concern for organizations of all sizes.  Aside from insuring basic safety for personnel and physical assets, businesses are faced with security requirements for cybersecurity and export compliance.  This necessitates a non-siloed approach to an often overlooked management function. Basic Physical Security Measures Every organization should ensure

Read More »
NIST Special Publication 800-53
Cyber Security

NIST Special Publication 800-53 Controls

NIST Special Publication 800-53 is a catalog of security and privacy controls released by the National Institute of Standards and Technology for U.S. federal information systems.  It includes key steps in the Risk Management Framework for the selection of appropriate security controls for information systems.  This framework standards and guidelines is a requirement for federal

Read More »
Cyber-Intrusion and Data Exfiltration
Cyber Security

Cyber-Intrusion and Data Exfiltration Concerns for BIS

Cyber-intrusion and data exfiltration are subjects of increased concern for the Bureau of Industry and Security (BIS).  In its March 2024 release of Don’t Let This Happen to You!, BIS reiterates its growing role in export enforcement to protect U.S. national security and foreign policy concerns.  It emphasizes the importance of developing effective export compliance programs

Read More »
Global Challenges for Cybersecurity
Cyber Security

Global Challenges for Cybersecurity Resilience

Global challenges for cybersecurity resilience were outlined in a recent report from the World Economic Forum.  The report, Global Cybersecurity Outlook 2024, analyzes the state of inequity in achieving cyber security, the impacts of geopolitics on the cyber risk landscape, the effects of emerging technologies such as Artificial Intelligence (AI), and the shortage of qualified people

Read More »
secure software development attestation
Cyber Security

Secure Software Development Attestation Form Released

A secure software development attestation form has been approved by the Federal Government in an attempt to ensure that contracted developers of software assume responsibility for the security risks in the protection of federal information.  The form was released by the Cybersecurity and Infrastructure Security Agency (CISA) Office of Management and Budget (OMB) on April

Read More »
lockbit extorsion operation
Cyber Security

Lockbit Extorsion Operation Interrupted by Operation Cronos

The Lockbit extorsion operation was taken down by an international law enforcement effort called “Operation Cronos”.  This action included participation of the FBI, the National Crime Agency of the UK (NCA), and Europol among other organizations.  Actions taken include the UK,s National Crime Agency taking control of the ransomware’s site and the arrest of at

Read More »
KV Botnet
Cyber Security

KV Botnet Disrupted by FBI in Infected SOHO Routers

The FBI has disrupted a KV botnet malware infection instigated by Volt Typhoon, a state sponsored threat actor affiliated with the People’s Republic of China (PRC).  The KV botnet was first identified in December of 2023.  It targeted Cisco and NetGear routers that were were no longer supported by manufacturer software updates.  The court-authorized operation, conducted

Read More »
China Targeting U.S. Infrastructure
Cyber Security

China is Targeting U.S. Infrastructure with Cyberattacks

The Washington Post reported that China is targeting U.S. infrastructure with cyberattacks in a continuing effort to increase its ability to disable critical systems.  The Cybersecurity and Infrastructure Security Agency (CISA) first announced these attacks in May of 2023.  CISA identified the source as Volt Typhoon, a state sponsored hacking group affiliated with China. Chinese

Read More »
Common Cybersecurity Weaknesses for CUI
Cyber Security

Common Cybersecurity Weaknesses for CUI Protection

Recent reports from the Department of Defense (DoD) outline common cybersecurity weaknesses for Controlled Unclassified Information (CUI) protection by contractors.  CUI is information that is possessed or created for the U.S. government that, by law, requires dissemination controls and safeguarding.  These required security controls are specified in NIST SP 800-171.  When prospective contractors respond to

Read More »
DHS Cybersecurity Assessment Criteria
Cyber Security

DHS Cybersecurity Assessment Criteria Announced

DHS cybersecurity assessment criteria has been released that will set the bar for businesses seeking contract awards from the agency.  The U.S. Department of Homeland Security has released this information to ensure that appropriate levels of “cyber readiness” are in place by its vendors.  The DHS plan, released by Chief Information Security Officer Kenneth Bible, is

Read More »
Lawsuit Filed Against Penn State
Cyber Security

Lawsuit Filed Against Penn State for Cybersecurity Claims

A lawsuit filed against Penn State University by the U.S. Department of Justice illustrates the challenges the government faces in instituting effective protection of data.  The suit filed under the False Claims Act (FCA) alleges, that the university misrepresented its adherence to required cybersecurity protocols in the handling of Controlled Unclassified Information (CUI) required.   

Read More »
CUI Document Marking Requirements
Cyber Security

CUI Document Marking Requirements and CMMC 2.0

Controlled Unclassified Information (CUI) document marking requirements apply to a wide range of users who access information related to the U.S. government. CUI  is unclassified information that requires safeguards or dissemination controls in accordance with governmental regulations and policies. CUI is categorized into 20 “Organizational Index Groupings” to address sectors such as Defense, Export Control,

Read More »