Policy & Regulation

Biden administration makes inroads amid zero trust rollout

More than 50 federal agencies expect to have EDR technology by the end of fiscal year.

By David Jones • May 19, 2022

How the Colonial Pipeline attack instilled urgency in cybersecurity

The federal government and private sector are still coming to terms with how to protect operational technology in an increasingly volatile threat environment.

By David Jones • May 17, 2022

Companies need to align cyber and disclosure efforts: SEC attorney

The SEC aims to protect investors from cyber-related risks by cracking down on companies that release misleading disclosures about cyberattacks. 

By Jim Tyson • May 13, 2022

Tech giants pledge multimillion down payment to secure open source

Top technology companies offered $30 million toward a two-year goal to bolster software supply chain security.

By David Jones • May 13, 2022

White House cyber executive order still has unfinished business

The Biden administration is up against key hurdles in its effort to raise software security standards and establish zero trust across federal agencies.

By David Jones • May 12, 2022

US, allies blame Russia for Viasat cyberattack

The Five Eyes and other EU authorities linked Russia to a series of web defacement, DDoS and destructive wiper attacks in the weeks leading up to the Ukraine invasion.

By David Jones • May 11, 2022

Vet software security as part of enterprise procurement, NIST says

The guidance, an answer to last year's executive order, examines where and when potential supply chain vulnerabilities can surface.

By Matt Kapko • May 9, 2022

Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations

The Transportation Department’s pipeline safety regulator scrutinized control room management, which may have contributed to the fuel disruptions from the 2021 ransomware attack.

By David Jones • May 6, 2022

Cybersecurity quarterly benchmarks: Q1, 2022

Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

May 2, 2022

Banks face 'tight deadline' under new cyber notification rule

The May 1 cutoff to comply with the rule comes as the Biden administration has warned U.S. businesses about the increasing risk of Russian cyberattacks.

By Anna Hrushka • April 22, 2022

Cyber agencies renew warnings of Russia-linked threats against industrial targets

Separately, the U.S. is expanding the Joint Cyber Defense Collaborative to include experts on industrial control systems.

By David Jones • April 21, 2022

DOJ disrupts Russia-backed Cyclops Blink botnet

The court-ordered operation is the latest effort to stop malicious cyber activity following the Russian invasion of Ukraine.

By David Jones • April 7, 2022

Federal authorities urged to bolster intel sharing amid nation-state threats

Current Russian cyber activity has been limited, but experts warn the threat may increase on short notice.

By David Jones • April 6, 2022

State Department launches cyber bureau amid rising global tensions

The long anticipated bureau aims to weave diplomacy into the global effort to combat ransomware and rogue nation-state activity.

By David Jones • April 5, 2022

Biden administration's FY 2023 budget includes 11% increase for cyber

The budget calls for additional hiring at CISA and money to modernize IT at federal agencies.

By David Jones • March 30, 2022

What cyber incident reporting rules mean for critical infrastructure

The goal of the legislation is to provide legal cover for companies to share threat intelligence with law enforcement and government agencies.

By David Jones • March 15, 2022

Kronos ransomware attack raises questions of vendor liability

A cyberattack with supply chain and legal consequences has stakeholders considering contract minutiae.

By Lance Whitney • March 14, 2022

Congress adds historic cyber incident reporting rule to massive $1.5 trillion package

Key members of Congress and CISA say the bill will help protect critical infrastructure against malicious attacks.

By David Jones • March 11, 2022

SEC pushes for tougher cybersecurity disclosure rules

Companies would need to report breaches within four days under the proposed rules. 

By Jim Tyson • March 10, 2022

Russian cyberattacks surprisingly limited in Ukraine, US officials say

U.S. Cyber Command Gen. Paul Nakasone said Russia-backed cyber activity has been much lower than expected.

By David Jones • March 9, 2022

Would a cyberattack on a NATO country trigger Article 5?

Few nations have sophisticated cyber capabilities and for operational security reasons, they are closely guarded, rarely shared, and carefully used.

By Mark Laity • March 2, 2022

New York rolls out statewide cyber command center

Russia's invasion of Ukraine should make local government leaders watchful of critical infrastructure risk, expert says.

By Cailin Crowe • Feb. 28, 2022

DHS to lead federal response to Russia-Ukraine crisis

Cyberattacks in Ukraine continue as Russian troops enter Kyiv.

By David Jones • Feb. 25, 2022

Apache tells US Senate committee the Log4j vulnerability could take years to resolve

While a software bill of materials could improve supply chain security, users still download vulnerable versions of software. 

By David Jones • Feb. 9, 2022

NIST targets software supply chain with guidance on security standards

Guidelines call for developers to attest they use secure software practices.

By David Jones • Feb. 7, 2022