One Cybersecurity and Infrastructure Security Agency (CISA) program that has been widely adopted throughout the federal government also is one of its longest-established – the Continuous Diagnostics and Mitigation (CDM) program. Introduced in 2012, the program provides a dynamic approach to strengthening the cybersecurity of government networks and systems. The program has evolved over the past decade to add new capabilities, including c...

The persistence of nation-state actors has introduced a threat to America’s cybersecurity landscape that has never been seen before. Ample countermeasures have been prescribed through various White House, DoD, and CISA guidance that places responsibility on government and private industry to follow these new guidelines for the development of secure software. As we turn the corner toward the close of the federal fiscal year and begin cybe...

Federal agencies take seriously the cybersecurity of their IT systems. They must observe numerous federal policies and programs, from Executive Order 14028 on down. Many agencies are far less aware of the need to strengthen the security of their operations technology (OT), the equipment that runs many kinds of systems, including healthcare. Historically, that was less of an issue since most OT systems were closed and standalone. But the intern...

Ransomware attacks have become more frequent and sophisticated, causing significant damage and financial loss to businesses of all sizes. According to Verizon’s 2022 data breach report, ransomware attacks saw a 13% increase in the past five years. The first half of 2022 saw nearly 236.7 million ransomware attacks worldwide, and hhe average cost of a ransomware attack was $1.85 million. Statistics reveal that a ransomware attack will occu...

When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

Cybersecurity professionals are well aware that the threat landscape they live in is volatile and poses ever-changing threats to the systems they defend. One kind of risk is exploding – attacks on APIs. APIs are such attractive targets because their purpose is to allow two or more applications to communicate with each other. Infecting an API drastically expands the attack surface, but most enterprises do not have transparency into their...

Federal agencies across government have started the shift in mindset from just patching and remediation to truly transformative cybersecurity modernization. There is no better example than the move to developing zero trust architecture governmentwide. While every agency is in a different stage of its ZT implementation journey, there are key guideposts and best practices that every federal IT and security team should be following to optimize th...

Federal agencies have taken the lead in the public sector’s adoption of cloud computing. It has provided many benefits, including flexibility for applications, cost savings as legacy systems have been phased out, and empowering customers in their interactions with agencies – but it also has opened new methods for cyberattacks, such as corrupting elements of the software supply chain. As a result, data protection is more important t...

Government agencies at all levels are doing everything they can to protect their data from the ongoing onslaught of cyberattacks. Whether it’s implementing zero trust architecture to meet the requirements of Executive Order 14028, federal agencies using FedRAMP certified cloud services, any of the dozens of state, local, municipal and educational organizations enrolled in StateRAMP, government as a whole understands the critical importan...

Federal agencies have been mandated to migrate to IPv6; the mandate requires at least 20% of IP-enabled assets on agencies’ networks operate in IPv6-only environments by the end of FY 2023. Join us for the last of the quarterly sessions as thought leaders from government and industry share real-world examples and lessons learned in working to meet this mandate over the past year. We’ll Discuss: Review the progress made by agencies...