CISA Wants Exposed Government Devices Remediated In 14 Days
Though government agencies have hundreds of devices exposed to the open Internet, experts wonder if CISA's moving at the right pace.
Stay informed on government cyber security initiatives, policy changes, and threats. Your source for the latest in government infosec news and updates.
Search across headline titles and summaries.
Background for this topic.
Government encompasses public institutions and the systems used to administer services, enforce laws, manage public funds, and protect classified or otherwise sensitive information. Its distinctive assets include identity and benefits records, tax and health data, diplomatic material, election infrastructure, and operational technology supporting utilities or emergency services. Availability and integrity can be as important as confidentiality: outages or altered records may disrupt essential services, public safety, or legal processes.
Security therefore spans citizen-facing portals, internal networks, remote access, contractors, and shared infrastructure, including systems that depend on legacy technology or tightly connected suppliers. Espionage, credential compromise, exploitation of unpatched vulnerabilities, and disruptive attacks are material risks, though exposure varies by agency and system. Useful controls include strong identity management, network segmentation, encryption, privacy safeguards, prioritized vulnerability management, tested backups, and rehearsed incident response. Procurement rules, records obligations, and sector-specific compliance also shape how agencies collect, retain, share, and investigate data.
Though government agencies have hundreds of devices exposed to the open Internet, experts wonder if CISA's moving at the right pace.
Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list The most dangerous type of software bug is the out-of-bounds write, according to MITRE this week. This type of flaw is responsible for 70 CVE-tagged holes in the US government's list of known vulnerabilities that are under active attack and need to be patched, we note.…
Nikita Kislitsin, formerly the head of network security for one of Russia's top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin's prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.