Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD). The CMMC program requires cyber protection…
The Colonial Pipeline Hack: It’s Real, It Will Happen Again, and We Must Be Prepared
Hackers recently attacked computer systems belonging to the Colonial Pipeline company, forcing them to shut down operations and inhibiting delivery of diesel fuel, gasoline, and jet fuel throughout the East Coast of the United States. This pipeline is not just…
CMMC V1.0 – what is it and will it work?
Last week, my associate, Shane Rogers, shared an article on the GovCybersecurityHub discussing the Cybersecurity Maturity Model Certification (CMMC) and its potential impact on small- and medium-sized government contractors. Shane concluded that the Department of Defense (DoD) is taking incredible…
Why recent cybersecurity legislation is just window dressing
Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…” On the surface, this seems like…
Polymorphic defense – making your systems “moving targets”
In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security…
Zero Trust: Buzzword or hack-buster?
Trust but verify: a Russian proverb Ronald Reagan often used to characterize U.S.-Russia relations, especially regarding nuclear weapons. The Internet has made it clear that the “trust” part of the proverb may not work so well. Today, we may have…
The most reliable approach to incident response and forensics
Every government organization has been the victim of a cybersecurity incident. These can range from mundane incidents such as a user leaving their desk without locking their screen, up to a major breach such as the OPM hack in which…
Increasing application security in the DoD supply chain
In an attempt to improve the security of the Department of Defense (DoD) supply chain, the Pentagon recently released new cybersecurity standards for its contractors. While I’ll be taking a deeper dive into those standards in a future article, they…
The insider threat – the vulnerability that’s coming from inside the house
The insider threat: it’s one of the biggest and most persistent issues in cybersecurity. There have been multiple, recent high-profile cases – Manning, Snowden, and others. And these cases have both kept the issue in the public eye and kept…
Mobile devices – convenience, security risk or both?
Cell phones, tablets, wearables and other mobile devices dominate our lives. I personally bring my trusty iPad to everywhere, and, like everyone else, have my phone with me at all times. The biggest attack surface for any enterprise, then, may…