The internet is an increasingly dangerous place. The FBI warns of Chinese threats to U.S. critical infrastructure, while the National Security Agency releases guidance for strengthening AI system security. Meanwhile, agencies still wrestle with phishing, ransomware and myriad other threats that occur every day. At the same time, government organizations are expected to implement zero trust architectures, improve identity and access management,...

Federal cyber leaders are tasked with the challenge of balancing active defense efforts, particularly when the U.S. is involved in international conflict, with building an infrastructure secure from the individual device all the way to enterprise environment. To do all of that, defending their networks and building for the future, DoD leaders must prioritize continuous monitoring of their cyber systems to address hidden vulnerabilities to addr...

It may seem ironic, but government agencies at all levels wrestle with the difficulty of compliance with regulatory requirements even as they issue regulations for others (sometimes including themselves) to meet. For example, just as the healthcare industry follows HIPAA, so too do Veterans Administration hospitals – along with all federal, state, local, tribal and territorial health organizations. Then there are government-only policies...

Ever since the issuance of Executive Order 14028, issued in May 2021 to improve cybersecurity across the entire government by implementing a zero trust architecture, federal agencies have been hard at work to meet the requirement. Then, in October 2023 – less than 18 months later – a new executive order, 14110, was released on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” These are...

Agencies increasingly rely on Software-as-a-Service (SaaS) platforms such as Salesforce for mission-critical functions, which offers them numerous benefits including flexibility, reducing upfront IT resource costs and delegating upgrades and patches to the provider. Using Salesforce does not remove the agencies’ responsibility for cybersecurity, however, and SaaS applications face their own risks, including misconfigurations, poor access...

When FBI Director Christopher Wray speaks publicly about the cyberthreat posed by the Chinese government to U.S. critical infrastructure, it is past time to take the danger seriously. “The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to...

Government today faces a long list of imperatives in serving and defending its constituents while supporting and empowering its workforce. Constituents must trust that their need for essential services can be met with transparency, without sacrificing their privacy and security. Agencies and customers alike must feel safe from internal and external threats, including cyberattacks that could cripple infrastructure and disrupt vital services. Em...

The premise of Moore’s law is that the speed and capability of computers can be expected to double every two years. Unspoken but implied is that new technologies will be introduced at a similar clip – along with new, sometimes unforeseen, challenges. Cybersecurity professionals know all about Moore’s law. For instance, the past 18 months has brought artificial intelligence (AI) into the mainstream, introducing plenty of both...

In today’s interconnected digital landscape, application programming interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between various applications and systems. However, with this increased connectivity comes heightened security risks, particularly concerning the protection of sensitive data in those APIs. One of the most notorious examples of API risk is the Cambridge Analytica scandal in the...

The continuous evolution of technology presents us with a dynamic landscape filled with both promise and challenges. As the internet gained widespread adoption, it revolutionized various aspects of our lives, introducing innovations such as online shopping and real-time news updates, alongside issues like spam, phishing, and malware. Traditionally, government entities have been cautious in adopting new technologies, often due to regulatory con...