Policy & Regulation


  • An executive leads a company meeting inside a boardroom
    Image attribution tooltip
    Jacob Lund via Getty Images

    Corporate boards struggle to understand cybersecurity and digital transformation

    Boards are trying to understand the ever-evolving threat landscape as federal regulators plan additional breach disclosure rules.

    By Feb. 6, 2023
  • Data privacy
    Image attribution tooltip
    Vertigo3d via Getty Images

    Companies face data privacy maze, skills gap

    New state privacy laws coming into effect could add pressure for companies trying to navigate the changing regulatory landscape. 

    By Alexei Alexis • Feb. 1, 2023
  • Computer engineer working in factory with laptop computer
    Image attribution tooltip
    Thinkhubstudio via Getty Images

    CISA’s public-private cyber collaborative to focus on energy, water

    The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems. 

    By Jan. 27, 2023
  • Close-up Portrait of Software Engineer Working on Computer, Line of Code Reflecting in Glasses.
    Image attribution tooltip
    gorodenkoff via Getty Images

    Threat actors are using remote monitoring software to launch phishing attacks

    A joint warning from CISA, the NSA and MS-ISAC warns APT actors could leverage legitimate tools using help-desk themed lures to gain persistence. 

    By Jan. 26, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA issues baseline cybersecurity recommendations for K-12 schools

    Insufficient funding and IT staffing levels make many CISA recommendations difficult for K-12 schools to achieve.

    By Jan. 26, 2023
  • A depiction of computer hardware.
    Image attribution tooltip
    solarseven via Getty Images

    World Economic Forum officials warn global instability could lead to catastrophic cyber event

    A report released at the WEF said top business leaders and security experts fear heightened geopolitical tensions could result in a major attack in the next two years.

    By Jan. 19, 2023
  • Securities and Exchange Commission, SEC, Building in Washington DC
    Image attribution tooltip
    qingwa via Getty Images

    SEC aims to tighten cybersecurity, climate rules before May

    The agency aims in early 2023 to complete several new regulations, many of them focused on increasing disclosures for investors.

    By Jim Tyson • Jan. 17, 2023
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive

    CISA’s 2022 highlight reel details progress and potential for security coordination

    The agency acted on 2,609 cyber incidents and produced 416 vulnerability advisories in 2022.

    By Jan. 17, 2023
  • Law flat icon on wooden block cube with calculator and pencil on dollar bank note money,
    Image attribution tooltip
    grapestock via Getty Images

    Surging cyberthreats, data concerns remain top dispute risks for organizations

    A survey from Baker McKenzie shows a heightened risk of legal challenges amid a rise in sophisticated cyberattacks, along with concerns about the regulatory response. 

    By Jan. 12, 2023
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images

    FCC revives push to speed up telecom incident disclosures

    Telecom operators are a primary target for threat actors. A change to breach reporting rules is long overdue, one analyst said.

    By Jan. 10, 2023
  • Rajeev Chand, partner and head of research at Wing Venture Capital, CrowdStrike CEO George Kurtz and CISA Director Jen Easterly (left to right) discuss cybersecurity challenges on a CES panel in Las V
    Image attribution tooltip

    CES

    Tech priorities out of sync with security needs, CISA director says

    As long as priorities and incentives are misaligned, security and safety needs will remain unmet. “We can’t just let technology off the hook,” Jen Easterly said.

    By Jan. 9, 2023
  • Chris Inglis
    Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images

    National Cyber Director eyes retirement: report

    The inaugural cybersecurity chief at the White House assumed the role in June 2021 following a nearly three decade career at the NSA.

    By Dec. 22, 2022
  • A woman views an art installation created with artificial intelligence.
    Image attribution tooltip
    Chris McGrath via Getty Images

    Despite enforcement delays, attorneys urge preparation for AI, privacy laws

    New legislation extends to employers with applicants or workers who are residents of New York City or California — and may be a harbinger of what’s to come elsewhere.

    By Ginger Christ • Dec. 21, 2022
  • a graphic showing hands typing in a keyboard
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    NIST bids adieu to SHA-1 cryptographic algorithm

    The widely used security specification has been insufficient since 2005, and won't fully sunset until 2030.

    By Dec. 16, 2022
  • Google logo displayed outside the company's New York City office.
    Image attribution tooltip
    Drew Angerer via Getty Images

    Google stresses unmet need for software supply chain security

    The open source software ecosystem remains vulnerable, and fragmented efforts could stifle progress, according to Google.

    By Dec. 8, 2022
  • A man in a suit stands behind a chair while holding its back.
    Image attribution tooltip
    Chip Somodevilla via Getty Images

    Cyber Safety Review Board to probe Lapsus$ ransomware spree

    Following an inaugural review of Log4j, the board will investigate the threat actor’s prolific campaign of cyber extortion against major companies, including Uber, T-Mobile and Nvidia.

    By Dec. 2, 2022
  • Huawei logo depicted on side of building at company's campus in Dongguan, China.
    Image attribution tooltip
    Kevin Frayer via Getty Images

    FCC bans imports of telecom gear from China-based companies

    The latest in a series of orders aligns the agency’s equipment authorization process with national security policies.

    By Nov. 28, 2022
  • Image attribution tooltip
    Mark Wilson/Staff via Getty Images

    Defense Department launches zero trust, phasing out perimeter defense strategy

    Private sector partners say the rollout will raise the security bar to better protect the entire defense industry ecosystem.

    By Nov. 23, 2022
  • A drilling rig and platform used in the oil and gas industry for offshore fuel exploration.
    Image attribution tooltip
    CloudVisual via Getty Images

    Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO

    A report warns the industry could see an attack that rivals the deadly 2010 Deepwater Horizon disaster and urges Interior Department officials to stand up safeguards.

    By Nov. 18, 2022
  • A depiction of computer hardware.
    Image attribution tooltip
    solarseven via Getty Images

    Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

    The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

    By Nov. 16, 2022
  • Oil Or Gas Transportation With Blue Gas Or Pipe Line Valves On Soil And Sunrise Background
    Image attribution tooltip
    onurdongel via Getty Images

    Critical infrastructure providers ask CISA to place guardrails on reporting requirements

    Top companies and industry groups fear incident reporting mandates would overwhelm CISA with noise. 

    By Nov. 16, 2022
  • A group of business people stack their hands on top of one another
    Image attribution tooltip
    PeopleImages via Getty Images

    Why privacy professionals should work closely with company engineers

    Transcend's general counsel, Brandon Wiebe, said the increasingly technical nature of data privacy regulations requires cross-functional collaboration. 

    By Lyle Moran • Nov. 14, 2022
  • A digital lock on a computer memory board with red and blue lights intersecting
    Image attribution tooltip
    Just_Super via Getty Images

    CISA wants to change how organizations prioritize vulnerabilities

    Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.

    By Nov. 14, 2022
  • Twitter's bird logo is seen on an office building.
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images

    Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

    Regulatory attention is just the latest trouble for the embattled social media platform. Without chief security, privacy or compliance officers, following a consent decree becomes more difficult.

    By Nov. 10, 2022
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images

    SolarWinds under SEC probe related to 2020 supply chain attack

    The company also disclosed a proposed $26 million settlement of a class action suit related to the cyberattack. 

    By Nov. 9, 2022