Critical infrastructure services in North America face accelerating threats from both nation-states and other sophisticated threat actors. Governments globally are grappling with how to best balance incentives, support, and direct oversight. Meanwhile, critical infrastructure owners and operators face significant challenges with technology, staff resources, and expertise to better manage cyber resilience. For instance, the healthcare industry...

When Executive Order 14028, “Improving the Nation’s Cybersecurity,” was issued in May 2021, it included directives for agencies to establish several incident response and logging procedures, including sharing information on incident detection and response, by August 2023. In August of that year, the Office of Management and Budget issued Memorandum 21-31 setting specific requirements for agencies to meet, for which the Cybers...

Florida is the third-largest state in the U.S. by population, and it continues to grow rapidly – from 2010 to 2020, its population grew by 14.5%. That kind of growth rate might be the envy of other states, but it also means increased pressure on the state government to deliver internet-based, user-friendly services for everything from child support services to renewing business licenses. Bringing digital transformation to the Sunshine St...

Federal departments and agencies are making headway in meeting the requirements of Executive Order 14028, issued in May 2021, to strengthen their cybersecurity by implementing a zero trust architecture. To date, many agencies have made progress in areas like identity management and secure access. But the journey toward achieving a zero trust environment is different for every department. The challenges that civilian agencies must overcome are...

It has become clear over the past several years that maintaining U.S. election integrity is not just a single agency’s responsibility. Conducting fair and accurate elections is the responsibility of each state and territory. Meanwhile, nation-states, partisans, and scammers can interfere with voter information, try to cast doubt on election outcomes, and spread disinformation across social media, to name just a few. The Office of the Dir...

After the events of the past few years, security is in the forefront of election officials’ minds. The individual states are responsible for conducting elections, so the National Association of Counties (NACo) at its annual legislative conference just conducted a series of workshops and panels on the range of threats facing election workers and voters alike. While physical threats, intimidation and harassment are primary concerns, there...

In an era where cyber threats are increasingly sophisticated, the need for robust cybersecurity strategies in government IT departments is more pressing than ever. These threats are continuously evolving, leveraging new technologies and exploiting vulnerabilities in innovative ways. As a result, there is an urgent need for IT sectors to adapt and enhance their cybersecurity strategies. This adaptation isn’t just about implementing new te...

Cybersecurity has always contended with evolving threats. As the internet has become more embedded into social and economic life and smart phones, tablets and other handheld devices become ubiquitous, bad actors have devised new attacks to capitalize on new vulnerabilities. And just as agencies are implementing zero trust architecture to help with this wave, other IT developments are threatening to upend cybersecurity even more. For instance,...

A decade ago, the Continuous Diagnostics and Mitigation (CDM) Program put agencies on the right path with critical investments in identity and access automation, but technology hasn’t stood still. Today, the Federal Zero Trust Strategy aims to accelerate cyber maturity throughout the government and secure our nation’s future. At the same time, relentless innovation in Artificial Intelligence is changing the game for attackers and d...

The cat-and-mouse game between threat actors and cybersecurity professionals continued unabated in 2023, with new threats designed to avoid detection. Many of these threats are new takes on old ones, such as “leveling up” invoice fraud. And ransomware attacks are evolving; rather than encrypting victims’ data, they are straightforwardly stealing the information and extorting payment by threatening to post the info online or t...