By Lauren C. Williams
May 19, 2021
Calls for a certified baseline of cybersecurity seem to increase with every cyberattack. And the recent ransomware attack that shut down the East Coast s largest fuel pipeline, Colonial Pipeline, is no exception.
The Cybersecurity Maturity Model Certification program is one of several Defense Department efforts to improve both its own cyber defenses and those of its industry partners. CMMC has been touted as a potential standard that could expand beyond the Defense Industrial Base (DIB) to cover all government contractors. But the core CMMC program is still taking shape, and it s unclear how that will look in the future.
By Justin Katz
May 17, 2021
Brandon Wales, the acting chief of the Cybersecurity and Infrastructure Security Agency, conceded on Thursday the dozens of deadlines in the administration s new executive order will stretch the system as his agency and others work to enact President Joe Biden s wide-ranging plan to revamp the federal government s cybersecurity. I think the community is right to say this is ambitious, this is big, but I think that just reflects what s needed to confront the cybersecurity threats and risks that we face right now, Wales told reporters during an event hosted by the George Washington University s School of Media and Public Affairs.
By Lauren C. Williams
May 17, 2021
The governing body for the Defense Department’s unified cybersecurity standard has a new training lead.
Melanie Kyle Gingrich will take over training daily operations for the Cybersecurity Maturity Model Certification Accreditation Body as the vice president of training and development starting May 10.
Kyle Gingrich replaces Ben Tchoubineh who has been leading the board’s training efforts, particularly with standing up a CMMC ecosystem of organizations that develop course materials and train assessors, since the board s inception in 2019. His last day was May 14.
Kyle Gingrich was previously the senior director for products at Monster Worldwide and the vice president for product and IT at Skillsoft.
The Biden administration’s long-anticipated cybersecurity executive order lays the groundwork for modernizing cyber defenses and protecting critical services from attack by improving incident response and information sharing between the public and private sectors.
By Mike Fong
May 14, 2021
In recent years, the Department of Defense has made a number of efforts to tackle the problems presented by personnel using mobile devices. In 2018, the DOD restricted smartphone usage within secure spaces at the Pentagon carving out an exception for government-issued devices with the cameras and microphones removed and banned active-duty military from using mobile apps that tap GPS. From a distance, these moves may have seemed like overreactions.
Yet the Pentagon knew that any smartphone, when targeted by a threat actor of the nation-state variety, can be turned against its user and repurposed not just as a real-time location tracker but as a spying and eavesdropping device. Seen in this light, the departmentâs struggles to strike a workable balance between the utility and security risks of mobile devices are understandable, especially given the critical nature of DOD operations.