Government Agencies Release Blueprint for Secure Smart Cities
NCSC and CISA want to balance connectivity with resilience
Stay informed on government cyber security initiatives, policy changes, and threats. Your source for the latest in government infosec news and updates.
Search across headline titles and summaries.
Background for this topic.
Government encompasses public institutions and the systems used to administer services, enforce laws, manage public funds, and protect classified or otherwise sensitive information. Its distinctive assets include identity and benefits records, tax and health data, diplomatic material, election infrastructure, and operational technology supporting utilities or emergency services. Availability and integrity can be as important as confidentiality: outages or altered records may disrupt essential services, public safety, or legal processes.
Security therefore spans citizen-facing portals, internal networks, remote access, contractors, and shared infrastructure, including systems that depend on legacy technology or tightly connected suppliers. Espionage, credential compromise, exploitation of unpatched vulnerabilities, and disruptive attacks are material risks, though exposure varies by agency and system. Useful controls include strong identity management, network segmentation, encryption, privacy safeguards, prioritized vulnerability management, tested backups, and rehearsed incident response. Procurement rules, records obligations, and sector-specific compliance also shape how agencies collect, retain, share, and investigate data.
NCSC and CISA want to balance connectivity with resilience
GovAssure will mandate all UK government departments to go through annual independent, more robust security audits
UK government survey finds they are prioritizing other things
The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets
An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022
Also a bunch of Russians plus someone giving free trips to the Motherland Four US citizens have been accused of working on behalf of the Russian government to push pro-Kremlin propaganda and unduly influence elections in Florida.…
'My computer locked up and a siren went off,' one mark tells Better Business Bureau Two execs and a multinational payment processing company must pay $650k to the US government, says the FTC, which accuses them of knowingly processing credit card payments for Microsoft-themed support scammers.…
Plus: Signal, WhatsApp, and Viber also write online protest over Online Safety Bill back door The UK’s chartered institute for IT has slammed proposed legislation that could see the government open a “back door” to encrypted messaging.…
The UK Government OSB undermines end-to-end encrypted communications and must be reconsidered according to an open letter signed by Signal and WhatsApp
No worries, outsourcer only handles government tech contracts worth billions Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant.…
A new Android trojan called 'Chameleon' has been targeting users in Australia and Poland since the start of the year, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. [...]