The DIB Vulnerability Disclosure Program (DIB-VDP), a joint venture between the DoD Cyber Crime Center (DC3), the Defense Counterintelligence and Security Agency (DCSA), and HackerOne, will bring better vulnerability disclosure practices to the DIB.

The guidance offers a wide range of best practices, including that organizations adopt a zero trust mindset, actively monitor the AI model’s behavior, and require the primary developer of the AI system to provide a threat model for their system.

The public draft – titled Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, was published by NIST on April 3. The agency is seeking public comments on the draft through May 20.

The Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has allocated $45 million for 16 projects aimed at developing new technologies to prevent cyberattacks and reduce energy disruptions.

Water and wastewater systems need to enhance their cybersecurity measures to protect against potential cyberattacks due to vulnerabilities in their operational technology (OT) and information technology (IT) systems.

The report provides guidance on open source software adoption, including criteria for selection, risk assessment, licensing, export control, maintenance, vulnerability response, and secure software delivery.

Most of today’s space systems were developed under the premise that space was a sanctuary from conflict, but according to the CSC 2.0 commission, this is no longer the case.

The legislation would not on its own institute the proposed changes in Federal government software procurement and use, but it would order Federal agencies to undertake much of the groundwork necessary to prepare for those changes.

The first three goals in the plan focus on how the agency will “reduce risk and build resilience to cyber and physical threats,” while the fourth goal pledges an internal focus to unify as “One CISA.”

On August 2, the CISA announced that it would be extending the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force to July 31, 2023.