Policy & Regulation
-
CISA updates ransomware guide 3 years after its debut
The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.
By David Jones • May 24, 2023 -
Critical infrastructure security spending to grow 83% by 2027: ABI Research
Analysts forecast cybersecurity spending among critical infrastructure organizations to grow from an estimated $129 billion in 2022 to almost $236 billion by 2027.
By Matt Kapko • May 19, 2023 -
Why and how to report a ransomware attack
The majority of ransomware attacks go unreported, creating a blind spot that hampers response, recovery efforts and the prevention of future attacks.
By Matt Kapko • May 18, 2023 -
House hearing details cyber resilience efforts for energy, water and healthcare
Officials from the Department of Health and Human Services, Environmental Protection Agency and the Department of Energy testified how sector agencies are responding to rising threats.
By David Jones • May 17, 2023 -
Flood of ransom payments continues as officials mull ban
The revived debate over the viability of a ransom payment ban comes down to the cost ransomware is causing organizations globally.
By Matt Kapko • May 11, 2023 -
CISA director wary of technology industry repeating its mistakes with AI
The multibillion-dollar cybersecurity industry is the result of misaligned incentives, where speed-to-market outranked security, Jen Easterly said.
By Naomi Eide • May 11, 2023 -
Walden says cybersecurity strategy mostly well-received
The acting national cyber director says common ground exists in certain areas, but a great deal of work remains.
By David Jones • May 10, 2023 -
White House considers ban on ransom payments, with caveats
Experts suggest the effort, a reversal from the administration's previous stance, is fraught with complications that could cause unintended consequences.
By Matt Kapko • May 8, 2023 -
Former Uber CSO avoids prison time for ransomware coverup
Joseph Sullivan was convicted last year after covering up a cyberattack while the ride sharing firm was under a Federal Trade Commission probe.
By David Jones • May 5, 2023 -
Most open source maintainers still consider themselves hobbyists, despite compensation pledges
A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.
By David Jones • May 2, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA seeks public comment on software security attestation form
The release is part of a larger effort by the Biden administration to strengthen software security at the development stage.
By David Jones • April 28, 2023 -
Acting National Cyber Director downplays reports of interagency strife
There’s been no sign of tension between U.S. cybersecurity officials during Kemba Walden’s tenure, at least from her perspective.
By Matt Kapko • April 27, 2023 -
White House to share roadmap for national cyber strategy implementation this summer
Acting National Cyber Director Kemba Walden said the strategy is built to have a 10-year shelf life, allowing for flexibility as new technologies and threats emerge.
By Matt Kapko • April 26, 2023 -
Software industry leaders debate real costs and benefits of CISA security push
The global effort to promote secure by design is seen as a potential game changer for software security, but may require substantial investments and considerable cultural changes.
By David Jones • April 14, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
Explore the core tactics of secure by design and default
The international joint guide encapsulates security recommendations long-touted by CISA, including technical tactics for software and infrastructure design and best practices for default security measures at large.
By Matt Kapko • April 13, 2023 -
CISA, partner agencies unveil secure by design principles in historic shift of software security
Authorities are engaging key stakeholders, but there is a broad understanding that these proposed changes will require massive changes in industry culture.
By David Jones • Updated April 13, 2023 -
CISA to unveil secure-by-design principles this week amid push for software security
The Biden administration plans to shift responsibility for product safety to the tech industry. Stakeholder discussions are already underway.
By David Jones • April 12, 2023 -
Biden cyber officials see auto, food safety as models for security overhaul
The push to hold technology stakeholders liable for secure-by-design products will be a multiyear effort likely to involve Congress, the acting national cyber director said.
By David Jones • April 10, 2023 -
White House eyes the next frontier of cybersecurity — space
The focus comes more than a year into the Ukraine war, which led to nation state attacks on commercial satellites.
By David Jones • March 30, 2023 -
Opinion
The proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.
If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.
By Frank Shultz • March 27, 2023 -
US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure
Security needs to be baked into the technology Americans use every day and not bolted onto aging systems, said Kemba Walden, acting national cyber director.
By David Jones • March 24, 2023 -
5 steps organizations can take to counter IAM threats
Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.
By Matt Kapko • March 24, 2023 -
CISA director urges top business leaders, board members to take cyber risk ownership
Jen Easterly said the government cannot solve challenges posed by rising threat activity without active participation and corporate oversight from the private sector.
By David Jones • March 24, 2023 -
FTC opens inquiry into cloud market competition, security
As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.
By Matt Ashare • March 23, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA revises cybersecurity performance goals
After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA.
By David Jones • March 22, 2023