Policy & Regulation


  • Huawei logo depicted on side of building at company's campus in Dongguan, China.
    Image attribution tooltip
    Kevin Frayer via Getty Images

    FCC bans imports of telecom gear from China-based companies

    The latest in a series of orders aligns the agency’s equipment authorization process with national security policies.

    By Nov. 28, 2022
  • Image attribution tooltip
    Mark Wilson/Staff via Getty Images

    Defense Department launches zero trust, phasing out perimeter defense strategy

    Private sector partners say the rollout will raise the security bar to better protect the entire defense industry ecosystem.

    By Nov. 23, 2022
  • A drilling rig and platform used in the oil and gas industry for offshore fuel exploration.
    Image attribution tooltip
    CloudVisual via Getty Images

    Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO

    A report warns the industry could see an attack that rivals the deadly 2010 Deepwater Horizon disaster and urges Interior Department officials to stand up safeguards.

    By Nov. 18, 2022
  • A depiction of computer hardware.
    Image attribution tooltip
    solarseven via Getty Images

    Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

    The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

    By Nov. 16, 2022
  • Oil Or Gas Transportation With Blue Gas Or Pipe Line Valves On Soil And Sunrise Background
    Image attribution tooltip
    onurdongel via Getty Images

    Critical infrastructure providers ask CISA to place guardrails on reporting requirements

    Top companies and industry groups fear incident reporting mandates would overwhelm CISA with noise. 

    By Nov. 16, 2022
  • A group of business people stack their hands on top of one another
    Image attribution tooltip
    PeopleImages via Getty Images

    Why privacy professionals should work closely with company engineers

    Transcend's general counsel, Brandon Wiebe, said the increasingly technical nature of data privacy regulations requires cross-functional collaboration. 

    By Lyle Moran • Nov. 14, 2022
  • A digital lock on a computer memory board with red and blue lights intersecting
    Image attribution tooltip
    Just_Super via Getty Images

    CISA wants to change how organizations prioritize vulnerabilities

    Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.

    By Nov. 14, 2022
  • Twitter's bird logo is seen on an office building.
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images

    Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

    Regulatory attention is just the latest trouble for the embattled social media platform. Without chief security, privacy or compliance officers, following a consent decree becomes more difficult.

    By Nov. 10, 2022
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images

    SolarWinds under SEC probe related to 2020 supply chain attack

    The company also disclosed a proposed $26 million settlement of a class action suit related to the cyberattack. 

    By Nov. 9, 2022
  • The east side of the US Capitol in the early morning. Senate Chamber in the foreground.
    Image attribution tooltip
    drnadig via Getty Images

    Senator proposes cybersecurity mandates for health systems

    Cybersecurity can no longer be treated as a secondary concern and must become incorporated into every organization’s core business model, according to the chairman of the Senate Select Committee on Intelligence.

    By Susan Kelly • Nov. 8, 2022
  • Image depicts the implementation of cybersecurity with a lock displayed over a screen.
    Image attribution tooltip
    anyaberkut via Getty Images

    CISA demystifies phishing-resistant MFA

    The “gold standard” safeguard isn’t a one-size-fits-all or all-or-nothing endeavor. For most organizations, a phased approach works best.

    By Nov. 4, 2022
  • View from above of vast vats of brown liquid.
    Image attribution tooltip
    Courtesy of Brown and Caldwell

    NIST seeks water industry feedback on boosting cyber resilience

    The Biden administration is turning its security attention to the water and wastewater treatment industry, which has become vulnerable to cyberattacks as facilities grow more digital.

    By Nov. 4, 2022
  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    CISA director bullish on private sector cooperation toward cybersecurity goals

    Jen Easterly urged U.S. companies to embrace the agency’s efforts to raise cybersecurity performance, create resilient products and share more information. 

    By Nov. 3, 2022
  • An image of the White House.
    Image attribution tooltip
    Vacclav/iStock via Getty Images

    US ransomware payments surge to $1.2B in 2021: Treasury

    The evidence of the rapid increase comes as the White House concluded an international summit with a pledge to strengthen anti-ransomware cooperation.

    By Nov. 2, 2022
  • Chegg boxes of textbook rentals
    Image attribution tooltip
    Sarah Kerver/Getty Images via Getty Images

    FTC slams Chegg for chronic, ‘careless security’

    The online tutoring and book rental company suffered four data breaches between 2017 and 2020, one of which exposed personal information on about 40 million customers.

    By Nov. 1, 2022
  • Anne Neuberger, deputy national security advisor for cyber and emerging technology, speaks at the White House.
    Image attribution tooltip
    Drew Angerer via Getty Images

    White House convenes dozens of countries to fight ransomware

    The second international summit follows a series of high profile attacks against CommonSpirit Health and the Los Angeles Unified School District. 

    By Oct. 31, 2022
  • High voltage towers in the dusk of the evening
    Image attribution tooltip
    yangphoto via Getty Images

    CISA aims for target rich, resource poor sectors in rollout of security basics

    Officials hope new cybersecurity performance goals will serve as a roadmap to strengthen the resilience of local providers like schools, hospitals and utilities. 

    By Oct. 28, 2022
  • A group of co-workers surround a computer screen
    Image attribution tooltip
    Yuri Arcurs via Getty Images

    How cybersecurity experts are reacting to CISA’s security goals

    Federal authorities describe the cross-sector guidance as “a floor, not a ceiling.” 

    By Oct. 28, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    Explore CISA’s 37 steps to minimum cybersecurity

    The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.

    By Oct. 28, 2022
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive

    CISA releases long-awaited cybersecurity performance goals for critical infrastructure

    The goals are meant to apply to every critical infrastructure, focusing on security basics such as requiring unique credentials and asset inventory.

    By Oct. 27, 2022
  • A row of desks sit empty in a classroom with the desk in the forefront having a notebook and pencil sitting on top.
    Image attribution tooltip
    diane39 via Getty Images

    GAO to feds: More coordination needed to strengthen K-12 cybersecurity

    The government watchdog said the Ed Department and CISA have “little to no interaction” with other agencies and the K-12 community on cybersecurity.

    By Anna Merod • Oct. 25, 2022
  • Image attribution tooltip
    Justin Sullivan via Getty Images

    FTC orders Drizly to tighten data security practices as 2.5M consumers exposed

    The Uber subsidiary must implement a comprehensive information security program, while the CEO will be held to similar requirements in the future. 

    By Oct. 25, 2022
  • Training and upskilling in data science and analytics
    Image attribution tooltip
    shironosov via Getty Images

    Help wanted for 3.4M jobs: Cyber workforce shortage is an acute, worldwide problem

    Research from (ICS)2 shows an ongoing skills gap in the information security space is under greater pressure than before.

    By Oct. 24, 2022
  • A lightbulb with a cycle circle around it.
    Image attribution tooltip
    Permission granted by Gartner
    Sponsored by Gartner Peer Insights

    Cybersecurity quarterly benchmarks: Q1, 2022

    Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

    Oct. 24, 2022
  • Green lights show behind plugged-in cables.
    Image attribution tooltip
    gorodenkoff/iStock via Getty Images

    White House plans IoT security labeling program for spring 2023

    Major connected device manufacturers, retailers and industry groups back efforts to boost cyber awareness.

    By Oct. 21, 2022