Policy & Regulation

FCC bans imports of telecom gear from China-based companies

The latest in a series of orders aligns the agency’s equipment authorization process with national security policies.

By Matt Kapko • Nov. 28, 2022

Defense Department launches zero trust, phasing out perimeter defense strategy

Private sector partners say the rollout will raise the security bar to better protect the entire defense industry ecosystem.

By David Jones • Nov. 23, 2022

Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO

A report warns the industry could see an attack that rivals the deadly 2010 Deepwater Horizon disaster and urges Interior Department officials to stand up safeguards.

By David Jones • Nov. 18, 2022

Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

By David Jones • Nov. 16, 2022

Critical infrastructure providers ask CISA to place guardrails on reporting requirements

Top companies and industry groups fear incident reporting mandates would overwhelm CISA with noise. 

By David Jones • Nov. 16, 2022

Why privacy professionals should work closely with company engineers

Transcend's general counsel, Brandon Wiebe, said the increasingly technical nature of data privacy regulations requires cross-functional collaboration. 

By Lyle Moran • Nov. 14, 2022

CISA wants to change how organizations prioritize vulnerabilities

Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.

By Matt Kapko • Nov. 14, 2022

Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

Regulatory attention is just the latest trouble for the embattled social media platform. Without chief security, privacy or compliance officers, following a consent decree becomes more difficult.

By Matt Kapko • Nov. 10, 2022

SolarWinds under SEC probe related to 2020 supply chain attack

The company also disclosed a proposed $26 million settlement of a class action suit related to the cyberattack. 

By David Jones • Nov. 9, 2022

Senator proposes cybersecurity mandates for health systems

Cybersecurity can no longer be treated as a secondary concern and must become incorporated into every organization’s core business model, according to the chairman of the Senate Select Committee on Intelligence.

By Susan Kelly • Nov. 8, 2022

CISA demystifies phishing-resistant MFA

The “gold standard” safeguard isn’t a one-size-fits-all or all-or-nothing endeavor. For most organizations, a phased approach works best.

By Matt Kapko • Nov. 4, 2022

NIST seeks water industry feedback on boosting cyber resilience

The Biden administration is turning its security attention to the water and wastewater treatment industry, which has become vulnerable to cyberattacks as facilities grow more digital.

By David Jones • Nov. 4, 2022

CISA director bullish on private sector cooperation toward cybersecurity goals

Jen Easterly urged U.S. companies to embrace the agency’s efforts to raise cybersecurity performance, create resilient products and share more information. 

By David Jones • Nov. 3, 2022

US ransomware payments surge to $1.2B in 2021: Treasury

The evidence of the rapid increase comes as the White House concluded an international summit with a pledge to strengthen anti-ransomware cooperation.

By David Jones • Nov. 2, 2022

FTC slams Chegg for chronic, ‘careless security’

The online tutoring and book rental company suffered four data breaches between 2017 and 2020, one of which exposed personal information on about 40 million customers.

By Matt Kapko • Nov. 1, 2022

White House convenes dozens of countries to fight ransomware

The second international summit follows a series of high profile attacks against CommonSpirit Health and the Los Angeles Unified School District. 

By David Jones • Oct. 31, 2022

CISA aims for target rich, resource poor sectors in rollout of security basics

Officials hope new cybersecurity performance goals will serve as a roadmap to strengthen the resilience of local providers like schools, hospitals and utilities. 

By David Jones • Oct. 28, 2022

How cybersecurity experts are reacting to CISA’s security goals

Federal authorities describe the cross-sector guidance as “a floor, not a ceiling.” 

By Matt Kapko • Oct. 28, 2022

Explore CISA’s 37 steps to minimum cybersecurity

The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.

By Naomi Eide • Oct. 28, 2022

CISA releases long-awaited cybersecurity performance goals for critical infrastructure

The goals are meant to apply to every critical infrastructure, focusing on security basics such as requiring unique credentials and asset inventory.

By David Jones • Oct. 27, 2022

GAO to feds: More coordination needed to strengthen K-12 cybersecurity

The government watchdog said the Ed Department and CISA have “little to no interaction” with other agencies and the K-12 community on cybersecurity.

By Anna Merod • Oct. 25, 2022

FTC orders Drizly to tighten data security practices as 2.5M consumers exposed

The Uber subsidiary must implement a comprehensive information security program, while the CEO will be held to similar requirements in the future. 

By David Jones • Oct. 25, 2022

Help wanted for 3.4M jobs: Cyber workforce shortage is an acute, worldwide problem

Research from (ICS)2 shows an ongoing skills gap in the information security space is under greater pressure than before.

By David Jones • Oct. 24, 2022

Cybersecurity quarterly benchmarks: Q1, 2022

Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

Oct. 24, 2022

White House plans IoT security labeling program for spring 2023

Major connected device manufacturers, retailers and industry groups back efforts to boost cyber awareness.

By David Jones • Oct. 21, 2022