Deleted tweet detection is currently running at reduced
capacity due to changes to the Twitter API. Some tweets that have been
deleted by the tweet author may not be labeled as deleted in the PolitiTweet
interface.
Showing page 223 of 2161.
Eric Geller @ericgeller
In response to a Q about CISA's vuln patching directive, Goldstein says CISA is "tracking mitigation of hundreds of thousands of vulnerable instances" across USG, representing "individual pieces of software or products with vulnerabilities that we know are being exploited." — PolitiTweet.org
Eric Geller @ericgeller
Langevin: How is OMB tracking implementation of zero-trust principles? DeRusha: We’re reviewing agencies' ZTA plans with CISA and NCD to “make sure that they're solid plans, that they're achievable, and they have the right investment requests behind them.” — PolitiTweet.org
Eric Geller @ericgeller
Goldstein says this means that "not even a year and a half after the execution of the executive order, we will have EDR deployments in place or underway at over half of the federal government, with more rolling out in the months to come." — PolitiTweet.org
Eric Geller @ericgeller
Jim Langevin: 15 agencies have EDR capabilities. What’s the holdup with the others? Goldstein: “We are in the process of deploying these EDR tools across 26 federal civilian agencies and expect to be underway at 53 agencies by the end of this fiscal year." — PolitiTweet.org
Eric Geller @ericgeller
Garbarino: What has GSA learned from implementing EO requirements? Shive: Make sure cyber is part of every business plan. Attract “top-notch talent.” Form partnerships with “the larger cyber community,” like CISA and NIST. Don’t delay. — PolitiTweet.org
Eric Geller @ericgeller
Goldstein: CISA is making “tremendous progress” toward its post-SolarWinds goals of improved security and visibility. We’re expanding CDM with “never-before-available visibility into agency risks,” and we’re providing more cybersecurity services to other agencies. — PolitiTweet.org
Eric Geller @ericgeller
DeRusha: “We've got a lot of work ahead, but I really feel very, very good about the progress we're making and the path we put ourselves on.” — PolitiTweet.org
Eric Geller @ericgeller
Clarke: How are federal networks more secure today than they were a year ago? DeRusha: “We’ve … made significant progress on some security measures that have immediate impact, like multi-factor authentication, encryption at rest and [encryption] in transit.” — PolitiTweet.org
Eric Geller @ericgeller
Clarke: What has the Biden administration done to protect federal networks in response to rising Russian threats? DeRusha: We've convened agency CIOs and CISOs since last November. “It’s something that we take seriously. We remain in an elevated state.” — PolitiTweet.org
Eric Geller @ericgeller
.@GSA_CIO describes his agency's use of Technology Modernization Fund money to implement zero-trust principles in the services that it provides to other agencies, including https://t.co/iiDArPjREs and https://t.co/1z1SDctWFr. — PolitiTweet.org
Eric Geller @ericgeller
NIST IT Lab Director Chuck Romine describes how his agency has implemented directives in the EO on issues like software supply chain security and zero-trust architecture. — PolitiTweet.org
Eric Geller @ericgeller
Goldstein: "We need to continue to focus and continue investment in both cybersecurity and IT modernization across the entire federal civilian executive branch." — PolitiTweet.org
Eric Geller @ericgeller
CISA's Eric Goldstein says the EO "took important steps" toward changing how the government approaches cybersecurity, but "we have a tremendous amount of more work to do in order to get where we need to be." — PolitiTweet.org
Eric Geller @ericgeller
DeRusha: “We recognize that large-scale transformation does not happen in a year [through] launching new programs. It requires a commitment to cultural change, implementation and continued investment.” — PolitiTweet.org
Eric Geller @ericgeller
DeRusha: “The vast majority of the actions called for in the EO, including these four that I've just highlighted, are now established policies and are being implemented." — PolitiTweet.org
Eric Geller @ericgeller
DeRusha cites a few examples of EO implementation: * OMB memo on zero-trust architecture (to create common security baseline across govt) * NIST software security guidance * OMB memos on logging and EDR — PolitiTweet.org
Eric Geller @ericgeller
DeRusha: “The security of our nation will be drastically improved when the goals of the EO have been met, and we feel we've made tremendous progress over this first year.” — PolitiTweet.org
Eric Geller @ericgeller
Federal CISO Chris DeRusha: “We can no longer rely on the outdated perimeter-based approach, or digital walls, that we've used to keep sophisticated actors from gaining unauthorized access to our systems.” — PolitiTweet.org
Eric Geller @ericgeller
The government needs to set "a bold example" for the private sector and "set the bar high for enterprise network resilience," Garbarino says. — PolitiTweet.org
Eric Geller @ericgeller
Subcommittee ranking member Andrew Garbarino: "We must do more to adapt government standards to not only meet but exceed adversarial capabilities like those of Russian SolarWinds campaign." — PolitiTweet.org
Eric Geller @ericgeller
"Continuing to build out CISA’s role as the operational lead for federal network security is a priority for me," Clarke says. — PolitiTweet.org
Eric Geller @ericgeller
(I wrote about this recently: https://t.co/Gbx6S9ZLsy) — PolitiTweet.org
Eric Geller @ericgeller
One of the centerpieces of the EO is its security mandates for federal networks, from encryption to MFA to logging… https://t.co/W4PAoOWSpm
Eric Geller @ericgeller
Clarke says the post-OPM Federal Cybersecurity Enhancement Act mandated agency use of encryption and MFA, which they still haven't fully done. "Let's ensure that we do not lose focus and momentum this time." — PolitiTweet.org
Eric Geller @ericgeller
"Historically," Clarke says, "government focus has shifted after the headlines [of major cyberattacks] fade, and we have suffered the consequences." — PolitiTweet.org
Eric Geller @ericgeller
Subcommittee chair Yvette Clarke begins by noting how Russia's SolarWinds campaign exposed the limitations of CISA's major cyber monitoring programs, CDM and NCPS, which are struggling to evolve in an era of novel and sophisticated techniques. — PolitiTweet.org
Eric Geller @ericgeller
The House Homeland Security Committee is starting a hearing on federal network cybersecurity, with CISA's Eric Goldstein, Federal CISO and top @ONCD official Chris DeRusha, NIST's Chuck Romine, and @GSA_CIO: https://t.co/9KrH4uxJXH — PolitiTweet.org
Eric Geller @ericgeller
@Grace_Segers my god, the sheer sense of dread at seeing "I don't know anything about this trainwreck [11 replies]" — PolitiTweet.org
Eric Geller @ericgeller
Russian hackers didn't step up their cyberattacks on Ukraine during May holidays like they usually do, Ukraine's cyber agency said in its latest threat report. https://t.co/rw1ifvIXKt The report also contrasts Russian and Ukrainian activities in cyberspace. https://t.co/AFPizPFEhp — PolitiTweet.org
Eric Geller @ericgeller
Cybersecurity agencies from the U.S., the U.K., Canada, New Zealand, and the Netherlands issued a report today about the dangers of overlooking common security configuration failures, from a lack of MFA to open ports exposing RDP, SMB, and other protocols. https://t.co/dDJmbYwbWK — PolitiTweet.org
Eric Geller @ericgeller
@darth @Br_nd_n @RowanKaiser I'm surprised you've never told me "you want to go home and rethink your tweets" — PolitiTweet.org
