Former DHS official charged with stealing govt employees’ PII

A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working Read More …

DHS Announces “Hack DHS” Bug Bounty Program to Identify Potential Cybersecurity Vulnerabilities

WASHINGTON – Today, the Department of Homeland Security (DHS) announced the launch of “Hack DHS,” a bug bounty program to identify potential cybersecurity vulnerabilities within certain DHS systems and increase the Department’s cybersecurity resilience. Through Hack DHS, vetted cybersecurity researchers Read More …

DHS Announces New Cybersecurity Requirements for Surface Transportation Owners and Operators

WASHINGTON – DHS’s Transportation Security Administration (TSA) today announced two new Security Directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure. Read More …

The US government just launched a big push to fill cybersecurity jobs, with salaries to match

The US Department of Homeland Security, a key cybersecurity agency, has just announced a new system that will help it recruit, develop and retrain cybersecurity pros in the federal government. The DHS’s new recruitment system, dubbed the Cybersecurity Talent Management Read More …

CISA Binding Operational Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities

A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Section 3553(b)(2) of title 44, U.S. Code, authorizes the Secretary of the Department of Homeland Security Read More …

Ransom Disclosure Act would give victims 48 hours to report payments

Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the ‘Ransom Disclosure Act’. The bill was drafted by U.S. Senator Elizabeth Warren Read More …

How Pipeline Owners and Operators Can Fulfill the TSA’s Second Security Directive

Senior officials at the Department of Homeland Security (DHS), of which the TSA is a part, announced at the time of their security directive that they would soon require pipeline organizations to implement a new set of mandatory security controls Read More …

DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators

WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and Read More …

Department of Homeland Security email accounts exposed in SolarWinds hack

Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. SolarWinds, the central point Read More …

FBI warns of rise in PYSA ransomware operators targeting US, UK schools

The FBI has warned of a surge in attacks against schools in which ransomware operators are stealing data to pile on the pressure for payment. In a joint FBI and DHS-CISA flash industry alert (.PDF) this week, law enforcement said Read More …