Policy & Regulation
-
CISA clocked Salt Typhoon in federal networks before telecom intrusions
Outgoing CISA Director Jen Easterly didn’t say what agencies were impacted by Salt Typhoon or when, but noted it provided greater visibility into the active campaign.
By Matt Kapko • Jan. 16, 2025 -
Biden administration rolls out wide-reaching cybersecurity executive order
Released in the administration's final days, the highly-anticipated order follows a series of sophisticated attacks against federal agencies and critical infrastructure providers.
By David Jones • Jan. 16, 2025 -
CISA pins modest security gains to performance goals program
The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.
By Matt Kapko • Jan. 14, 2025 -
CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership
Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.
By David Jones • Jan. 10, 2025 -
4 cybersecurity trends to watch in 2025
Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.
By David Jones , Matt Kapko • Jan. 9, 2025 -
National cyber director calls for deterrence against China-affiliated cyber threats
Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.
By David Jones • Jan. 9, 2025 -
White House program to certify the security of IoT devices goes live
The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.
By David Jones • Jan. 8, 2025 -
US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group
A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.
By David Jones • Jan. 6, 2025 -
SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms
With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.
By Alexei Alexis • Jan. 3, 2025 -
White House says 9th telecom company hit in Salt Typhoon spree
A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.
By Matt Kapko • Dec. 27, 2024 -
Flagstar fined $3.5M for ‘misleading’ after 2021 cyberattack
The bank “negligently made” materially misleading statements after a hack that resulted in the theft of 1.5 million customers’ personally identifiable information.
By Gabrielle Saulsbery • Dec. 19, 2024 -
CISA mobile security advice gets personal in wake of telecom intrusions
The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.
By Matt Kapko • Dec. 19, 2024 -
Rhode Island officials warn residents as ransomware group threatens social services data leak
The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.
By David Jones • Dec. 18, 2024 -
CISA orders federal agencies to meet security baselines in Microsoft 365
The mandate to secure cloud environments is responsive to recent cybersecurity incidents, but not one specific threat, agency officials said.
By Matt Kapko • Updated Dec. 18, 2024 -
Pennsylvania representative pitches bill to double cyber assistance for local water systems
The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.
By David Jones • Dec. 17, 2024 -
CISA’s pre-ransomware alerts nearly doubled in 2024
The federal agency’s efforts to improve defenses surged in fiscal year 2024. Yet, attacks continue to climb.
By Matt Kapko • Dec. 17, 2024 -
CISA, ONCD propose updated National Cyber Incident Response Plan
The updated framework is designed to bolster the government’s partnership with private-sector organizations in the wake of an attack.
By Matt Kapko • Dec. 16, 2024 -
Sen. Wyden wants FCC to tighten security rules on telecom companies
The U.S. senator from Oregon wants the agency to strengthen rules requiring network operators to defend their systems and customers against intrusions.
By Matt Kapko • Dec. 13, 2024 -
SEC cyber incident reporting rule generates 71 filings in 11 months
Most companies that disclosed cyber incidents to the agency did not describe materiality or other useful information, a BreachRx report found.
By Matt Kapko • Dec. 11, 2024 -
Trump’s pick to run FCC deeply concerned about Salt Typhoon
The recently uncovered swarm of attacks on U.S. telecom companies, part of a China-sponsored campaign, made FCC Commissioner Brendan Carr want to smash his phone, he said.
By Matt Kapko • Dec. 9, 2024 -
FCC proposes stronger telecom cyber rules as Salt Typhoon fallout continues
The agency’s proposed rule changes come two months after a China-government sponsored espionage campaign first came to light.
By Matt Kapko • Dec. 6, 2024 -
UK cyber chief warns country is at an inflection point as digital threats rise
In his first major speech, NCSC CEO Richard Horne said state linked and criminal threat groups are working to undermine the nation’s reliance on technology.
By David Jones • Dec. 3, 2024 -
SEC reports drop in enforcement actions for 2024 FY
The securities regulator also reported a record $8.2 billion in monetary remedies for its last fiscal year, driven by Terraform Labs crypto fraud settlement.
By Justin Bachman • Nov. 26, 2024 -
HHS facing challenges as lead agency for healthcare cybersecurity: GAO
The department hasn’t implemented some policies recommended by the watchdog, which could pose a risk to cybersecurity in the sector as attacks increase, according to the Government Accountability Office.
By Emily Olsen • Nov. 20, 2024 -
Federal probe finds vulnerabilities across more than 300 US water systems
The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.
By David Jones • Nov. 19, 2024