Home  /  Empower and Protect  /  Cybersecurity News in Review

Cybersecurity News in Review

By Robert DuPree •  January 24, 2020
cyber security news

This week’s cybersecurity news in review includes coverage on the Army’s latest initiative to improve RMF cybersecurity accreditation, an update on DoD’s plans to proceed with its CMMC cybersecurity certification framework, and the Pentagon’s upcoming security-focused DevSecOps guidance and endpoint management security guidance, which is currently under development. There are also articles on warnings by an NSA official that federal agencies must do more to protect their systems from cyber adversaries, Treasury Department efforts to better identify risks in and coordinate cybersecurity with the American financial sector, and DHS’ request for feedback on the new CISA Trusted Internet Connection 3.0 guidance. Finally, there are stories examining why the Trump Administration may be publicizing its cyber responses against U.S. adversaries, a recent House hearing on possible Iranian cyber actions in response to the killing of an Iranian military leader by the U.S., and candid comments by President Trump on U.S. cyber capabilities.  

Project Sentinel is the Army’s next step in RMF cybersecurity accreditation

After DoD adopted the Risk Management Framework as its method for accrediting IT and weapons system cybersecurity five years ago, the Army had problems with significantly increased workloads.  But now, Federal News Network says, the Army has made huge progress in addressing that issue and is now embarking on Project Sentinel, a multi-year, three-phase RMF reform effort. Read more…

Pentagon plans to proceed with CMMC in RFPs even before rulemaking process completed

Nextgov quotes a government official as saying DoD’s Cybersecurity Maturity Model Certification (CMMC) program for conducting independent third-party cybersecurity audits of military contractors will go through a formal rulemaking process later this year. However, the official said DoD won’t wait for that to be completed and will include the CMMC in requests for proposals beginning in Q3. Read more…

Upcoming DoD DevSecOps guidance will focus on security

FCW quotes a Pentagon official as saying DoD intends to issue, by this summer, security-focused DevSecOps guidance, which he says would be a companion document to the broader enterprise DevSecOps reference design released last August.  Read more…

Endpoint guidance in the works from Defense Department CIO

The office of the Pentagon’s CIO is, Nextgov says, reportedly developing security guidance to clarify DoD policy on endpoint management.  Read more…

NSA official warns government needs to step up its cybersecurity efforts

Fifth Domain reports on recent warnings by the NSA’s general counsel that, as American adversaries become more technologically advanced, the federal government must do more to protect its networks and systems from cyber attacks.  Read more…

Treasury Department steps up cybersecurity efforts vis-à-vis U.S. financial sector

Nextgov discusses how the Treasury Department is seeking to do more to protect the American financial sector in cyberspace, issuing proposals to better identify cybersecurity risks and how to better work with the industry on risk management and other initiatives, and to require financial entities to submit a cybersecurity plan for the department to evaluate.  Read more…

CISA seeks agency feedback to “less prescriptive” draft TIC 3.0 guidance

The Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) issued five draft documents for its new Trusted Internet Connection (TIC 3.0) draft guidance and, FCW reports, is looking for agency feedback on what it describes as TIC 3.0’s “less prescriptive, more descriptive” approach to implementing secure internet connections. Read more…

Is publicizing U.S. cyber responses useful in the long run?

Government Executive examines how the Trump Administration may be publicizing various cyber activities against adversaries as a way to send a signal a strong response, even though publicizing them may make such tactics more difficult to use again. Read more…

House panel voices concern about retaliatory Iranian cyber attacks

According to FCW, a Jan. 15 House hearing that discussed how Iran might respond to the recent killing of an Iranian military general featured a number of questions and concerns about the possibility of cyber retaliation against American critical infrastructure.  Read more…

President Trump comments on U.S. cyber capabilities, strategies

Fifth Domain quotes President Trump, in a recent interview, discussing how the U.S. “is better at cyber than anyone else in the world,” and commenting on the White House’s more aggressive cybersecurity strategy and changes in recent years to DoD’s approach to cyber operations. Read more…

Robert DuPree

Robert DuPree

Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree See full bio...

The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.

Leave a Reply

Your email address will not be published.

ten + sixteen =