The Department of Navy (DON) recently held its annual WEST Conference, this year with a strong emphasis on cybersecurity. The conference brought together key decision-makers from the Navy, Marine Corps, and Coast Guard, along with experts from various industries and government officials. The discussions were broad-ranging, covering topics related to naval warfare, technology, innovation, and cybersecurity.

At a recent Armed Forces Communications & Electronics Association (AFCEA) DC luncheon, Defense Information Systems Agency (DISA) Director Lt. Gen. Robert J. Skinner highlighted three key priorities for the fiscal year 2023: posture, position and partnerships. These priorities reflect the agency's ongoing efforts to meet the changing threats of today and secure the future of its information systems.

The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.

Ransomware attacks on US government organizations cost $18.9bn in 2020.

The Department of Defense Intelligence Information System (DoDIIS) conference took place in San Antonio, Texas from December 12-15. Its annual gathering of industry and government personnel invites networking, exhibitors and speakers to take on the top IT challenges currently facing the Department of Defense (DOD). Principal Deputy Director of National Intelligence, Dr. Stacy Dixon, spoke to the audience at large regarding data, its challenges, and opportunities within the intelligence community (IC).

TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.

Government organizations have a bad rap for being inefficient. But with outdated technology and limited spending, they aren’t exactly set up for success. And the expectations from stakeholders are high, with funding provided primarily by taxpayer dollars.

As government agencies and organizations look to modernize their technology stacks to keep up with changes in the workforce, aging solutions, and closing contracts, they’ll all set out with a similar process: submit an RFP, review submissions, and choose a vendor. Seems simple enough.

But what government CIOs often don’t realize is that requiring proven, specific use cases may be limiting what their new (and likely expensive) technology investment can do for their organization. Here’s what I mean.

The rise in a remote workforce and use of cloud-enabled business applications equates to the browser essentially becoming our office, providing access to all necessary tools, data, and communications. Threat actors understand this paradigm shift and are now utilizing Highly Evasive Adaptive Threats (HEAT) to initiate ransomware, extortion ware, and other endpoint intrusions.

HEAT attacks are the next generation of cyber threats.

This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control.

This three-part blog series will explore threat-based methodology and how it benefits every company with a network. The series leverages the analysis presented by the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) in conjunction with the National Institute of Standards and Technology (NIST).