Acquisition reform returns as a familiar Washington ritual, yet change is often only seen at the margins. The task at hand has simply been too monumental to effectively revamp the entire system: Reforming how the Pentagon buys alone isn’t enough, any meaningful transformation depends on revitalizing the industrial base, strengthening supply chain security, giving industry the capital and demand certainty to invest, requirements-setting, and sustained workforce development and

We are thrilled to welcome Glenn Corn to our ICIT team and community as our new Senior Director, Geopolitics and Global Threat Assessments.

Building and scaling cybersecurity programs require managing complexity and significant resource investments. Security leaders facing...

The prevalence of open-source software (OSS) promotes the integration of common software features into existing applications. However,...

ecuring the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help the United States executive admi

ICIT Certified Content: This content has been reviewed by ICIT and deemed valuable content for the community. We encourage you to study it and socialize it with your networks. The whitepaper explores how generating software bills of materials can improve security throughout the software development lifecycle. It was coauthored by Jim Routh, ICIT Fellow, former CISO and CSO at MassMutual, Aetna and CVSHealth, and current cybersecurity advisor and board member. The Apache Log4

Each quarter, a selection of ICIT Fellows gather to discuss their perspectives on a timely cybersecurity topic pertinent to critical infrastructure resiliency and national security. The full ICIT Fellows' Insights Roundtable video is featured below. The conversation topic and questions are based on questions solicited from the ICIT community and we hope that the Fellows' Insights prove informative, actionable, and meaningful. As with all ICIT content, the entirety of the disc

By Don Maclean , ICIT Fellow and Chief Cyber Security Technologist, DLT In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT has embarked on a journey to hold candid interviews with some of the brightest minds in national security, cybersecurity, and technology. Our goal is to s

Zero trust isn’t a new concept, although it’s certainly gained popularity recently after numerous high-profile security incidents and the Executive Order on cybersecurity issued by the White House this past May. While there’s no shortage of theoretical and abstract information available on zero trust, actionable recommendations have been hard to come by. The zero trust architecture provides guidance on protecting resources, the general deployment models are theoretical and no

In 2019, securely operating a distributed workforce was an ideal “wouldn’t it be great if,” and in 2020, this became a requirement. In the wake of the COVID-19 pandemic, cybersecurity teams found themselves frantically working to continue business operations in a suddenly perimeter-less environment. And that trend is likely here to stay, which means that cybersecurity and business leaders need to understand how the zero trust principles changed in the remote working world? An

2nd in the Series of DevSecOps Accelerated ATO As Agencies develop more online services and systems to meet the mission of the Government, their appetite and need to develop and deploy applications rapidly continues to grow. Many Agencies are embracing DevSecOps and cloud services as a way to release these applications quickly; however, the need to meet compliance standards (i.e. RMF, STIG, FISMA, HIPAA, etc.) to obtain their Authority to Operate (ATO) can slow down the proce

Watch Video Panelists Include: Dr. Ron Ross, Fellow, NIST & 2019 ICIT Pioneer Tim Anderson, ICIT Contributor & Sr. Security Advisor, AWS Jeff Hsiao, ICIT Contributor & Security Solutions Engineer, Checkmarx Parham Eftekhari, Board Chair, ICIT & Executive Director, The Cybersecurity Collaborative Joyce Hunter, Executive Director, ICIT & Former Deputy CIO for Policy and Planning, USDA The need for increasing levels of software security is becoming even more apparent as organi

In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT asked some of the brightest minds in national security, cybersecurity, and technology to author essays communicating their perspective. Our goal is to share their knowledge and insights with our community to shed light on solut

Cybersecurity researchers often walk a fine line between objectively presenting the facts surrounding cybersecurity threats without fearmongering to garner the attention necessary to pressure policy makers and decision makers to take action. This is particularly true in the Energy sector, where the exploitation of vulnerabilities can lead to genuine high-risk outcomes such as regional black-outs and potential loss-of-life incidents. While emphasis is rightfully placed by the

This draft publication and the abstract below were released by NIST in June 2019. ICIT strongly encourages you to visit the NIST Publication Library to search for additional information security resources which are freely available. Draft NIST Special Publication 800-171B: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of par

On February 21, 2019, Senator Mark Warner (D-VA), the vice chair of the Senate Intelligence Committee and co-chair of the Senate Cybersecurity Caucus, sent letters to twelve healthcare organizations and four federal agencies soliciting feedback via a series of questions on the security and resiliency of the healthcare sector. In the letter, he stated: “I would like to work with you and other industry stakeholders to develop a short- and long-term strategy for reducing cybers