This Friday marks our 100th #federalfriday blog! To celebrate, we’re looking back on our 10 most popular articles.
Europol’s 10th annual Internet Organised Crime Threat Assessment (IOCTA) reported on new trends and emerging trends in the EU’s cybercrime in 2023. Europol found that cryptocurrency was becoming a larger part of financial crimes, ransomware groups were expanding their targets to include smaller businesses, and that phishing remained the most popular way to commit fraud. Read this blog to find out more about the most concerning crimes uncovered in the IOCTA and the predictions they made for the next year.
The Intelligence Community’s Open Source Intelligence (IC’s OSINT) 2024-2026 Strategy outlined how the IC could better implement OSINT into their work while upholding privacy and civil liberties through four main goals: “Coordinate Open Source Data Acquisition and Expand Data Sharing”, “Establish Integrated Open Source Collection Management”, “Drive OSINT Innovation To Deliver New Capabilities”, and “Develop the Next-Generation OSINT Workforce and Tradecraft”. These goals are strongly tied to the OSINT strategy the Bureau of Intelligence and Research (INR) released shortly after.
Like many other federal agencies being scrutinized by the Department of Government Efficiency (DOGE), the Cybersecurity and Infrastructure Security Agency (CISA) suffered serious cuts to their workforce (a roughly 10% loss). Amid this tumultuous period, the successor to Jen Easterly, the previous director of CISA was nominated: Sean Plankey. Plankey has a lot of experience working in federal cybersecurity, making his appointment unsurprising - but his confirmation has been delayed due to other factors. Get into this blog to discover more about Plankey’s work history, and check out the Salt Typhoon Update to understand the delay.
The European Union’s Cyber Resilience Act (CRA) requires digital products (involving hardware and/or software) to meet certain cybersecurity standards before being allowed to hit the market. The act also mandates more reporting of cybersecurity risks during development. Safe products will receive a CE mark, while non-compliant products will be recalled. There is one notable exception of a digital product to the CRA - click on the link to read about it.
CISA’s FY2024-2026 strategic plan guides the agency through three main goals: “Address Immediate Threats”, “Harden the Terrain”, and “Drive Security at Scale” - all done by embodying the hacker spirit. This blog (the oldest on the list), also includes a bonus section on the Department of Education, which received a K-12 Digital Infrastructure Brief from CISA and established a Government Coordinating Council (GCC) to improve cyber defenses.
The 2023 Internet Crime Complaint Center (IC3) was based on 880,418 complaints made on cyber crimes that resulted in $12.5 billion in losses - and the top categories were phishing crimes, personal data breaches, non-paymen/non-delivery and extortion. Our blog details more on the report - including the most expensive ransomware crimes, and the countries who sent in the most complaints with the link above.
The U.S. Cyber Command (CYBERCOM), and the Defense Advanced Research Projects Agency (DARPA) launched Constellation, a pilot program that ensured that state-of-the-art cyber advancements could be implemented into CYBERCOM’s software ecosystem. The blog shares details about some of the projects being included in the program and the opportunity it poses to other organizations.
Brazil - one of the top 5 countries most affected by ransomware in the world - decreed a National Cybersecurity Policy (PNCiber) to guide cybersecurity activity in the country. PNCiber also established the National Cybersecurity Committee (CNCiber), a group of federal representatives overseeing the implementation of the cybersecurity policy and building it out into measurable goals. Learn more about the specific objectives in our article.
In the first round of our coverage of the cuts at CISA, we discussed the appointment of a new senior advisor for CISA - Karen Evans - who has a long record of working in federal cybersecurity in previous administrations. Questions about DOGE’s potentially insecure access to the Office of Personnel Management (OPM) network, the Department of Treasury’s payment system, and the U.S. Agency for International Development (USAID) systems arose around the same time, adding more worry to the state of federal cybersecurity.
Our most popular blog yet covered the “worst telecom hack in our nation’s history”, a cyber operation carried out by a Chinese state-sponsored hacking group that infiltrated several prominent telecommunications firms in the U.S. The hack was so expansive that cybersecurity experts could not offer a recovery timeline. Even now, the Salt Typhoon group has continued to target other telecom organizations; Viasat, a satellite communications company with nearly 189,000 broadband subscribers in America, recently shared they had been breached by the hackers. The Salt Typhoon cyber espionage group was not the first of its kind (see Volt Typhoon and Flax Typhoon), and will likely continue to be a developing story, even past our first update.
Subscribe to our blog to keep up with this story and many others in the #federalfriday series!