A watchdog report highlighted weaknesses in the Department of Defense's cyber incident reporting procedures, particularly for the critical defense industrial base sector.
The Government Accountability Office criticized the National Nuclear Security Administration's mixed risk management practices around operational technology devices and its lax oversight of subcontractor cybersecurity practices.
The U.S. government wants cyber incident reporting to be more consistent, but it must work through several challenges, including the stigma around the repercussions of reporting.
Overall, the proposed fiscal year 2023 budget represents an 18 percent increase over the requested budget for fiscal year 2022, reflecting a "significantly increased investment" in CISA.
Researchers observed a "very messy attack" on a regional U.S. government agency where attackers lurked in the network for at least five months before ransomware was deployed.