All the elements of the U.S. healthcare system are under siege by hackers. A recent article in Modern Healthcare reported that “[o]ver the past five years, there’s been a 256% increase in large breaches reported to [the U.S. Department of Health and Human Services] involving hacking and a 264% increase in ransomware.” Federal health agencies face the same risks – and private-sector attacks ripple through the agencies, a...

Election security is top of mind across the United States, from concern about malign foreign interference, to DDoS attacks against election websites, to the security of voting machines and their software, to insider and third-party threats, even to “swatting” of local election officials, to name just a few. At the heart of all these threats is the intent to change the outcome of political races. Outcomes, in the end, are determined...

Government agencies at all levels face cyber threats at an increasing rate. Ransomware attacks alone increased by 70% year over year in 2023. Yet agencies are constrained by budget limitations and the shortage of cybersecurity professionals, leading to trying to manage from crisis to crisis and never catching up. Automating security workflows can help agencies get a handle on their challenges and prioritize their security needs, but it isn...

There are plenty of benefits to innovative new technologies, from greater efficiency to cost savings to customer satisfaction. It is rare, however, for a new technology to truly replace existing IT – rather, it gets incorporated into or bolted onto current systems. This approach, along with the explosion of mobile devices and proliferation of software and SaaS applications, dramatically increases and clouds an Agency’s cyber footpr...

The premise of Moore’s law is that the speed and capability of computers can be expected to double every two years. Unspoken but implied is that new technologies will be introduced at a similar clip – along with new, sometimes unforeseen, challenges. Cybersecurity professionals know all about Moore’s law. For instance, the past 18 months has brought artificial intelligence (AI) into the mainstream, introducing plenty of both...

When FBI Director Christopher Wray speaks publicly about the cyberthreat posed by the Chinese government to U.S. critical infrastructure, it is past time to take the danger seriously. “The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to...

Agencies increasingly rely on Software-as-a-Service (SaaS) platforms such as Salesforce for mission-critical functions, which offers them numerous benefits including flexibility, reducing upfront IT resource costs and delegating upgrades and patches to the provider. Using Salesforce does not remove the agencies’ responsibility for cybersecurity, however, and SaaS applications face their own risks, including misconfigurations, poor access...

Ever since the issuance of Executive Order 14028, issued in May 2021 to improve cybersecurity across the entire government by implementing a zero trust architecture, federal agencies have been hard at work to meet the requirement. Then, in October 2023 – less than 18 months later – a new executive order, 14110, was released on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” These are...

It may seem ironic, but government agencies at all levels wrestle with the difficulty of compliance with regulatory requirements even as they issue regulations for others (sometimes including themselves) to meet. For example, just as the healthcare industry follows HIPAA, so too do Veterans Administration hospitals – along with all federal, state, local, tribal and territorial health organizations. Then there are government-only policies...

Federal cyber leaders are tasked with the challenge of balancing active defense efforts, particularly when the U.S. is involved in international conflict, with building an infrastructure secure from the individual device all the way to enterprise environment. To do all of that, defending their networks and building for the future, DoD leaders must prioritize continuous monitoring of their cyber systems to address hidden vulnerabilities to addr...