Policy & Regulation

  • Technologist shows two customers how to use enterprise software at desktop computer
    Image attribution tooltip
    gilaxia via Getty Images

    Strict security rules could push open source community out of federal work, expert says

    Agency CISOs and development experts say federal agencies need to work collaboratively with open source community contributors.

    By Sept. 27, 2022
  • The dome of U.S. Capitol is seen framed by trees.
    Image attribution tooltip
    Dan Zukowski/Cybersecurity Dive
    Opinion

    6 things businesses need to know about the changing privacy landscape

    New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.

    By Ryan P. Blaney • Sept. 26, 2022
  • Cell phone or mobile service tower in forested area of West Virginia providing broadband service
    Image attribution tooltip
    BackyardProduction via Getty Images

    How common telecom cyber risks snowball in cloud, open source

    Public cloud plays a central role in the modernization of wireless networks. But more open source software, vendors and vulnerabilities could spell trouble.

    By Sept. 23, 2022
  • Image attribution tooltip
    Mario Tama via Getty Images

    Morgan Stanley fined $35M by SEC over improper data disposal

    The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

    By Gabrielle Saulsbery • Sept. 21, 2022
  • The Capital One flag flies over its headquarters March 13, 2006 in Mclean, Virginia.
    Image attribution tooltip
    Mark Wilson via Getty Images

    Capital One freed from consent order tied to 2019 breach

    The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

    By Gabrielle Saulsbery • Sept. 20, 2022
  • An image of the White House.
    Image attribution tooltip
    Vacclav/iStock via Getty Images

    White House guidance on third-party software seen as a major test of cyber risk strategy

    The U.S. hopes that by forcing software producers to meet a set of minimum security standards for federal use, a new baseline strategy will be adopted industrywide. 

    By Sept. 19, 2022
  • Industrial equipment (pipes, manometer/pressure gauge, levers, faucets, indicators) in a natural gas compressor station.
    Image attribution tooltip
    Cat Eye Perspective via Getty Images

    Industrial control systems face more cyber risks than IT, expert testifies

    Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said. 

    By Sept. 16, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA can’t definitively say if ransomware is getting better or worse

    Organizations can be unwilling to notify government officials when ransomware intrusions occur, but that simple act might prevent the next attack.

    By Sept. 15, 2022
  • A photo of the White House.
    Image attribution tooltip
    PorqueNoStudios/iStock via Getty Images

    White House sets minimum security standards for federal software use

    The Office of Management and Budget is requiring agencies to get a self-attestation from software producers showing compliance with NIST guidance.

    By Sept. 14, 2022
  • Sen. Angus King was part of a panel with Suzanne Spaulding and Mike Montgomery at the Billington CyberSecurity Summit in Washington D.C.
    Image attribution tooltip
    Courtesy of Billington CyberSecurity Summit

    US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

    Legislators say the Cyberspace Solarium Commission led to significant national security enhancements, but analysts are calling for urgent momentum on a federal law on data privacy and security.

    By Sept. 13, 2022
  • Statue of Alexander Hamilton.
    Image attribution tooltip
    Chip Somodevilla via Getty Images

    US Treasury sanctions Iran intelligence agency following Albanian government attack

    The Treasury Department said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007.

    By Sept. 12, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA announces RFI for critical infrastructure cyber reporting mandate

    The agency plans to publish the information request in the Federal Register on Monday and will kick off a national listening tour.

    By Sept. 9, 2022
  • Close shot of the U.S. Capitol dome against the bright blue sky.
    Image attribution tooltip
    Brendan Hoffman via Getty Images
    Opinion

    How the US government’s cyber priorities will impact businesses

    There is a high probability that enterprise leaders will need to comply with some level of federal cybersecurity requirements or guidance.

    By Tim Mackey • Sept. 9, 2022
  • Two people sitting on a stage during a conference, with a U.S. flag in the background.
    Image attribution tooltip
    Permission granted by Billington CyberSecurity

    CISA Director: Tech industry should infuse security at product design stage

    Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.

    By Sept. 7, 2022
  • Concept with expert setting up automated software on laptop computer.
    Image attribution tooltip
    NicoElNino via Getty Images

    Feds push for developers to take lead in securing software supply chain

    The guidelines from CISA and the NSA come amid a growing movement to “shift left” and evaluate software security earlier in the development cycle. 

    By Sept. 2, 2022
  • Federal Trade Commission
    Image attribution tooltip
    Carol Highsmith. (2005). "The Apex Building" [Photo]. Retrieved from Wikimedia Commons.

    Twitter whistleblower claims may bolster federal privacy push

    Bipartisan efforts to protect consumer information may gain momentum following allegations that Twitter failed to safeguard private data.

    By Jim Tyson • Aug. 23, 2022
  • An illustration of cyber security, showing a padlock over a circuit board.
    Image attribution tooltip
    Getty

    DOE to support development of ‘next-generation cyber tools’ to protect grid

    The agency announced $45 million will be available for up to 15 “next-generation” cybersecurity research, development and demonstration projects.

    By Robert Walton • Aug. 19, 2022
  • cybersecurity stock photo
    Image attribution tooltip
    Yudram_TA via Getty Images

    Zero trust adoption skyrockets, nearing universal adoption

    A report from Okta shows organizations fully embracing zero-trust principles, as hybrid work requires long-term changes to identity management. 

    By Aug. 16, 2022
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive

    CISA director lauds first-year efforts of public-private cyber collaborative

    One year into the Joint Cyber Defense Collaborative, Jen Easterly says the partnership has helped limit the scale of threats.

    By Aug. 15, 2022
  • Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency.
    Image attribution tooltip
    Tasos Katopodis via Getty Images

    US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says

    A dizzying array of agencies and disorganized efforts bolsters Chris Krebs’ call for a cybersecurity governance overhaul.

    By Aug. 12, 2022
  • Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, testifies on Capitol Hill, October 19, 2017 in Washington, DC.
    Image attribution tooltip
    Drew Angerer/Getty Images via Getty Images

    Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says

    The state of cybersecurity is bad and it’s going to get worse, Chris Krebs said at Black Hat. But somehow things might eventually get better.

    By Aug. 10, 2022
  • Cryptocurrency
    Image attribution tooltip
    da-kuk via Getty Images

    Blockchain, privacy advocates push back on Tornado Cash sanctions

    Groups are decrying the Treasury Department's virtual currency mixer sanctions, saying they harm the ability of crypto users to conduct secure and private transactions. 

    By Aug. 10, 2022
  • The White House exterior in the morning light with an American flag flying.
    Image attribution tooltip
    Chip Somodevilla / Staff via Getty Images

    White House to incorporate performance metrics into national cybersecurity strategy

    The Office of the National Cyber Director is working across multiple federal agencies and private sector partners to set priorities and assess effectiveness.

    By Aug. 5, 2022
  • Image attribution tooltip
    Stefan Zaklin via Getty Images

    US must take a lead role in cyber diplomacy, State Dept. nominee says

    Nathaniel Fick told lawmakers the U.S. should promote international cyber norms to protect national security from authoritarian threats. 

    By Aug. 4, 2022
  • A man and a woman shake hands in front of a desk that has flags from the U.S. and Ukraine. The people are in front of a blue background with CISA logos.
    Image attribution tooltip
    Retrieved from Jen Easterly/CISA.

    CISA expands cyber relationship with Ukraine authorities

    The agreement formalizes closer ties between Ukraine and the key U.S. cybersecurity agency after the war with Russia led to increased threat activity. 

    By July 28, 2022