惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
宝玉的分享
宝玉的分享
I
InfoQ
P
Privacy International News Feed
V
V2EX
IT之家
IT之家
S
SegmentFault 最新的问题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
C
CERT Recently Published Vulnerability Notes
C
Check Point Blog
The Register - Security
The Register - Security
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
C
Cyber Attacks, Cyber Crime and Cyber Security
F
Fortinet All Blogs
B
Blog
N
Netflix TechBlog - Medium
B
Blog RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
T
Threatpost
Forbes - Security
Forbes - Security
U
Unit 42
A
Arctic Wolf
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Palo Alto Networks Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recorded Future
Recorded Future
L
Lohrmann on Cybersecurity
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
月光博客
月光博客
Spread Privacy
Spread Privacy
MongoDB | Blog
MongoDB | Blog
Jina AI
Jina AI
I
Intezer
V
Visual Studio Blog
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
MyScale Blog
MyScale Blog
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
量子位

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government Stack Strategically: Rearchitecting Government for What’s Next
Reframing the U.S. Government’s Approach to Cybersecurity Oversight
MeriTalk Sta · 2025-03-04 · via MeriTalk

By Matthew Shallbetter, director of Strategy, Federal Civilian, at Armis

With the profusion of directives and guidance emanating from government cybersecurity oversight agencies, both houses of Congress are proposing legislation that aims to harmonize cybersecurity regulations across the federal government.

The Senate Homeland Security and Governmental Affairs Committee approved the ‘‘Streamlining Federal Cybersecurity Regulations Act” in July 2024 with bipartisan support, but the legislation stalled before full Senate approval. More recently, departing National Cyber Director Harry Coker used a January 7 farewell address to urge the incoming administration and Congress to continue to push to achieve harmonization of federal cybersecurity regulations.

While centralized cybersecurity oversight is important and often relates to critical issues, the number of directives and alerts issued can also inadvertently cause chief information security officers within federal agencies to move their focus to implementing the new policy guidance and away from basic day-to-day cybersecurity functions – tasks that may be viewed as mundane but are nevertheless essential to achieving agency goals.

Addressing this situation will require a recommitment to partnerships in cybersecurity oversight, not only on the part of oversight agencies but also end-user organizations that will need to step up efforts to collaborate with agencies like the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), and the Office of Management and Budget (OMB).

This “all-hands” approach to cybersecurity would encompass contributions from across the government and emphasize cross-agency collaboration. It’s critical to break down the work efficiently.

Oversight agencies can start by adjusting the focus of the cybersecurity guidance and direction they provide to federal agencies to center on only the most critical issues while taking on more of the general oversight activities themselves (or delegating those responsibilities elsewhere when appropriate). Not every agency needs to request, collect and audit a software bill of materials (SBOM). Not every agency has the resources to assess the risks of quantum cryptography.

Still, CISA cannot secure the federal government alone, and agencies must not wait for CISA to do so. To secure their missions, agencies across the federal government should leverage the expertise and technology that agencies like CISA offer and combine this with their own capabilities to help modernize their cybersecurity strategies.

For example, CISA has been taking major steps to modernize the government’s Continuous Diagnostics and Mitigation (CDM) program and make it more relevant to the zero trust solutions and risk reduction efforts federal agencies are implementing. CISA is moving forward with CDM solutions that offer more agile operational tools, better and more impactful data, and simpler, real-time risk analysis. Agencies have an opportunity to integrate these capabilities to modernize their own CDM initiatives and make them a fundamental component of their cybersecurity strategies.

OMB is reinforcing this message in its FY25 Federal Information Security Modernization Act (FISMA) metrics, where agencies are not only challenged to rely on CDM capabilities for reporting their IT inventories but also to extend risk management into previously out-of-scope and undermanaged assets, such as internet of things (e.g., connected TVs, automobiles, cameras and speakers) and operational technology (e.g., building management solutions, air conditioning and heating systems, power grids, medical and lab devices). Agencies are better situated to address the threat to their citizen services from rogue devices. Aligning ratings to actionable measures provides the focus to drive funding where it is needed: delivering skills and capabilities that reduce risk.

Although agencies are poised to effectively track threats to federal government assets and devices, organizations like NIST and CISA have the resources for addressing future risks. For instance, recent guidance to agencies calls on CISOs to inventory any IT systems or assets that may contain vulnerable cryptography. Many agencies lack the time, resources and expertise to implement this guidance, and doing so would pull resources away from the nuts-and-bolts cybersecurity activities that must be undertaken by agencies every day.

Assistance with tasks like quantum algorithm audits from a designated oversight agency with in-house cybersecurity expertise would result in greater immediate protection by allowing agency personnel to focus on the most imminent threats while giving them a boost in preparation for future threats like quantum computer attacks.

At the agency level, cybersecurity should be viewed as an inherent part of doing business, not just for delivering services but also for quickly scaling resources with collective knowledge through collaboration with CISA and other agencies. While it won’t happen overnight, agency CISOs can make this a reality during their tenure if they actively engage in the process.

Shallbetter previously served as director of security design/innovation at the Department of Health and Human Services.