Welcome to Our Newsletter
This month, ISEC7 will discuss recent cybersecurity mandates and advisories and the best practices moving forward, new changes to the executive order landscape, and how ISEC7 SPHERE can help satisfy CSfC continuous monitoring requirements, in addition to sharing our upcoming events.
Department of Homeland Security Warns of Iranian Cyberattacks
On June 22, the Department of Homeland Security (DHS) issued a National Terrorism Advisory Bulletin warning about the heightened risk of retaliatory cyberattacks from Iran following U.S. airstrikes on Iranian nuclear facilities. The DHS emphasized that the ongoing conflict with Iran has created a significantly elevated threat environment within the United States; the agency warned that both pro-Iranian hacktivists and cyber actors affiliated with the Iranian government are likely to target U.S. networks, particularly those that are poorly secured or involve internet-connected devices. These actors have a history of launching disruptive cyberattacks and are expected to continue exploiting vulnerabilities in U.S. infrastructure. This advisory remains in effect through September 22, 2025, and public sector organizations are urged to remain vigilant and reinforce cybersecurity measures during this critical period.
The team at ISEC7 is uniquely positioned to help organizations in both the public and private sectors strengthen their cyber resilience. Counties, school systems, and related state organizations depend on our proven expertise for secure protocols, management, and the ability to ensure communications during a crisis. Whether optimizing existing tools or implementing best practices, we work with your current cybersecurity investments to strengthen your security posture and support mission-critical operations.
ISEC7 SPHERE as Your CSfC Continuous Monitoring Companion
Agencies implementing classified mobility environments in line with the Commercial Solutions for Classified (CSfC) Mobile Access Capability Package (MACP), as well as the National Institute of Standards and Technology (NIST) and the Department of Defense (DoD), must also implement a continuous monitoring (CM) solution. CM is designed to better allow your organization to analyze and baseline network behavior to detect anomalous activity that would indicate a breach or misconfigured solutions susceptible to breach.
ISEC7 SPHERE is designed to collect, aggregate, correlate, and analyze security event data from CSfC components, and enables continuous monitoring of all data sources across multiple isolated networks without needing to communicate beyond the network isolated environment. Data is collected from hardware devices, virtual machines, security appliances, and software services running across multiple networks and centralizes reporting of the collective infrastructure.
Enabling CM leads to greater visibility of security-related network events with immediate notifications for unauthorized activity. This ensures data confidentiality, integrity, and availability through improved network resilience while facing a rapidly changing mobile cyber threat landscape. Feel free to contact the team of experts at ISEC7, and we can not only provide an objective assessment of your organization’s cybersecurity posture but also offer a demo of ISEC7 SPHERE and show you how to monitor your entire mobile infrastructure and ultimately secure your digital workplace environment through this one essential solution.
Navigating the Current Executive Order Landscape
The White House has released a significant update to Executive Order 14144, “Strengthening and Protecting Innovation in the Nation’s Cybersecurity,” revising the original. While the previous order emphasized regulatory expansion and digital identity initiatives, the new version reduces compliance burdens and shifts away from federal digital ID programs.
Officially titled “Sustaining Select Efforts To Strengthen The Nation’s Cybersecurity And Amending Executive Order 13694 And Executive Order 14144,” the update maintains urgency around the threat of cryptanalytically relevant quantum computers (CRQCs) while streamlining the transition to post-quantum cryptography (PQC). It directs agencies to prioritize quantum-resistant algorithms and coordinate with the National Institute of Standards and Technology (NIST) for timely PQC implementation. By December 2025, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) must publish a list of product categories ready for quantum-safe encryption, and TLS 1.3 or its successor must be adopted by 2030.
For agencies that must now implement PQC, Quantum Xchange™ Phio TX is the first quantum-safe key encryption key delivery product that can combine all post-quantum technologies, to enable encrypted, fault-tolerant, and load-balanced key transmissions over any distance, any medium, and to multiple transmission points, using PQC to secure communication channels and integrating with entropy sources for truly random key generation, ensuring your organization’s communications are secure from ever-growing post-quantum attacks. Not only can we help support the deployment of Quantum Xchange’s Phio TX, but we can also help leverage your current solutions to their fullest capability. If you have questions about Quantum Xchange, the executive order updates, or implementing PQC, please don’t hesitate to reach out to the ISEC7 team.
FBI PSA: Cybercriminals Exploiting IoT Devices
The FBI’s Internet Crime Complaint Center (IC3) recently issued a Public Service Announcement warning the public about cybercriminals exploiting Internet of Things (IoT) devices connected to home networks through a botnet known as BADBOX 2.0. Cybercriminals gain unauthorized access to these devices, such as TV streaming devices and digital projectors, either by pre-installing malicious software before purchasing or by infecting the device during the setup process via malicious applications. Once compromised, these devices become part of the BADBOX 2.0 botnet, which is used for various criminal activities, including launching cyberattacks and facilitating unauthorized access to networks.
The FBI urges the public to be vigilant for signs of compromise, such as the presence of suspicious apps, devices requiring the disabling of Google Play Protect, or unexplained internet traffic. Devices from unrecognized brands or those not Play Protect certified are particularly at risk. To mitigate these threats, the FBI recommends monitoring home network traffic, evaluating all connected IoT devices for suspicious behavior, and disconnecting any that appear compromised.
With the growing integration of IoT devices across enterprise and government networks, it’s critical to understand the risks they pose and prioritize proactive device vetting, network visibility, and endpoint protection to safeguard sensitive data and infrastructure. With the latest expansion of ISEC7 SPHERE, you can now seamlessly integrate IoT devices into your existing management environment. IoT Asset Management keeps track of all your devices, IoT Monitoring provides valuable operational insights, and the IoT Workflow Engine combined with the Notification Engine ensures that you're always informed – whether via Microsoft Teams, ServiceNow, or BlackBerry AtHoc. The addition of IoT functionalities to ISEC7 SPHERE marks a significant step toward a comprehensive and future-proof management solution, and we would be happy to provide a demo and answer any questions you may have.
Upcoming Events
​AFCEA 2025 Army Intelligence Industry Day
Tuesday July 22nd, 2025
National Geospatial-Intelligence Agency (NGA)
7500 GEOINT Drive
Springfield, VA 22150
​
Public Sector Women in IT Summit
Thursday July 24th, 2025
Carahsoft Conference and Collaboration Center
11493 Sunset Hills Rd, Suite 100
Reston, VA 20190​
Public Sector Law Enforcement Summit
Wednesday September 24th, 2025
Carahsoft Conference and Collaboration Center
11493 Sunset Hills Rd, Suite 100
Reston, VA 20190
Check out our latest blog post
In the context of modern government operations, data has become both an asset and a liability.
Digital infrastructure today is deeply integrated into public services, enterprise operations, and national security.
In a recent strategy session, one comment stood out: “Everybody thinks they will save money with cloud, but once in the cloud, you are locked into it.”
Did You Know?
Is it time for a password refresh? According to NIST, length beats complexity. A long passphrase like “correct horse battery staple” is often more secure than a short, complex password.
Never miss an update! Follow us on LinkedIn:
ISEC7 Group & ISEC7 Government Services
ISEC7 Group
8 Market Place, Suite 405 Baltimore, MD 21202, USA
Tel: (866) 630-1893 | sales@isec7.us
