Policy & Regulation


  • Image attribution tooltip
    Megan Quinn/Cybersecurity Dive

    Biden administration makes inroads amid zero trust rollout

    More than 50 federal agencies expect to have EDR technology by the end of fiscal year.

    By May 19, 2022
  • Image attribution tooltip
    Sean Rayford / Stringer via Getty Images

    How the Colonial Pipeline attack instilled urgency in cybersecurity

    The federal government and private sector are still coming to terms with how to protect operational technology in an increasingly volatile threat environment.

    By May 17, 2022
  • Image attribution tooltip
    qingwa via Getty Images

    Companies need to align cyber and disclosure efforts: SEC attorney

    The SEC aims to protect investors from cyber-related risks by cracking down on companies that release misleading disclosures about cyberattacks. 

    By Jim Tyson • May 13, 2022
  • Image attribution tooltip
    Amy Sparwasser/ iStock via Getty Images

    Tech giants pledge multimillion down payment to secure open source

    Top technology companies offered $30 million toward a two-year goal to bolster software supply chain security.

    By May 13, 2022
  • Image attribution tooltip
    Alex Wong via Getty Images

    White House cyber executive order still has unfinished business

    The Biden administration is up against key hurdles in its effort to raise software security standards and establish zero trust across federal agencies.

    By May 12, 2022
  • Image attribution tooltip
    Anastasia Vlasova via Getty Images

    US, allies blame Russia for Viasat cyberattack

    The Five Eyes and other EU authorities linked Russia to a series of web defacement, DDoS and destructive wiper attacks in the weeks leading up to the Ukraine invasion.

    By May 11, 2022
  • Image attribution tooltip
    Retrieved from GPA Photo Archive.

    Vet software security as part of enterprise procurement, NIST says

    The guidance, an answer to last year's executive order, examines where and when potential supply chain vulnerabilities can surface.

    By May 9, 2022
  • Image attribution tooltip
    Drew Angerer via Getty Images

    Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations

    The Transportation Department’s pipeline safety regulator scrutinized control room management, which may have contributed to the fuel disruptions from the 2021 ransomware attack.

    By May 6, 2022
  • Image attribution tooltip
    Permission granted by Gartner
    Sponsored by Gartner Peer Insights

    Cybersecurity quarterly benchmarks: Q1, 2022

    Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

    May 2, 2022
  • Image attribution tooltip
    Patterson, Richard. Retrieved from Flickr.

    Banks face 'tight deadline' under new cyber notification rule

    The May 1 cutoff to comply with the rule comes as the Biden administration has warned U.S. businesses about the increasing risk of Russian cyberattacks.

    By Anna Hrushka • April 22, 2022
  • Image attribution tooltip
    onurdongel via Getty Images

    Cyber agencies renew warnings of Russia-linked threats against industrial targets

    Separately, the U.S. is expanding the Joint Cyber Defense Collaborative to include experts on industrial control systems.

    By April 21, 2022
  • Image attribution tooltip
    Anna Moneymaker via Getty Images

    DOJ disrupts Russia-backed Cyclops Blink botnet

    The court-ordered operation is the latest effort to stop malicious cyber activity following the Russian invasion of Ukraine.

    By April 7, 2022
  • Image attribution tooltip
    Stefani Reynolds / Stringer via Getty Images

    Federal authorities urged to bolster intel sharing amid nation-state threats

    Current Russian cyber activity has been limited, but experts warn the threat may increase on short notice.

    By April 6, 2022
  • Image attribution tooltip
    Mark Makela/Getty Images via Getty Images

    State Department launches cyber bureau amid rising global tensions

    The long anticipated bureau aims to weave diplomacy into the global effort to combat ransomware and rogue nation-state activity.

    By April 5, 2022
  • Image attribution tooltip
    Stefani Reynolds / Stringer via Getty Images

    Biden administration's FY 2023 budget includes 11% increase for cyber

    The budget calls for additional hiring at CISA and money to modernize IT at federal agencies.

    By March 30, 2022
  • Image attribution tooltip
    Kevin Dietsch via Getty Images

    What cyber incident reporting rules mean for critical infrastructure

    The goal of the legislation is to provide legal cover for companies to share threat intelligence with law enforcement and government agencies.

    By March 15, 2022
  • Image attribution tooltip
    Ian Forsyth / Stringer via Getty Images

    Kronos ransomware attack raises questions of vendor liability

    A cyberattack with supply chain and legal consequences has stakeholders considering contract minutiae.

    By Lance Whitney • March 14, 2022
  • Image attribution tooltip
    onurdongel via Getty Images

    Congress adds historic cyber incident reporting rule to massive $1.5 trillion package

    Key members of Congress and CISA say the bill will help protect critical infrastructure against malicious attacks.

    By March 11, 2022
  • Image attribution tooltip
    Spencer Platt via Getty Images

    SEC pushes for tougher cybersecurity disclosure rules

    Companies would need to report breaches within four days under the proposed rules. 

    By Jim Tyson • March 10, 2022
  • Image attribution tooltip
    Anna Moneymaker via Getty Images

    Russian cyberattacks surprisingly limited in Ukraine, US officials say

    U.S. Cyber Command Gen. Paul Nakasone said Russia-backed cyber activity has been much lower than expected.

    By March 9, 2022
  • Image attribution tooltip
    Paul O''Driscoll via Getty Images
    Opinion

    Would a cyberattack on a NATO country trigger Article 5?

    Few nations have sophisticated cyber capabilities and for operational security reasons, they are closely guarded, rarely shared, and carefully used.

    By Mark Laity • March 2, 2022
  • Image attribution tooltip
    OlegAlbinsky via Getty Images

    New York rolls out statewide cyber command center

    Russia's invasion of Ukraine should make local government leaders watchful of critical infrastructure risk, expert says.

    By Cailin Crowe • Feb. 28, 2022
  • Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by spainter_vfx via Getty Images

    DHS to lead federal response to Russia-Ukraine crisis

    Cyberattacks in Ukraine continue as Russian troops enter Kyiv.

    By Feb. 25, 2022
  • Image attribution tooltip
    Stefan Zaklin via Getty Images

    Apache tells US Senate committee the Log4j vulnerability could take years to resolve

    While a software bill of materials could improve supply chain security, users still download vulnerable versions of software. 

    By Feb. 9, 2022
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    NIST targets software supply chain with guidance on security standards

    Guidelines call for developers to attest they use secure software practices.

    By Feb. 7, 2022