Policy & Regulation


  • close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept - stock photo
    Image attribution tooltip
    Chainarong Prasertthai via Getty Images
    Image attribution tooltip

    CISA updates ransomware guide 3 years after its debut

    The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.

    By May 24, 2023
  • Coin stacks sitting on blue financial graph background.
    Image attribution tooltip
    MicroStockHub via Getty Images
    Image attribution tooltip

    Critical infrastructure security spending to grow 83% by 2027: ABI Research

    Analysts forecast cybersecurity spending among critical infrastructure organizations to grow from an estimated $129 billion in 2022 to almost $236 billion by 2027.

    By May 19, 2023
  • Cybercriminal experts assemble in conference room.
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    Why and how to report a ransomware attack

    The majority of ransomware attacks go unreported, creating a blind spot that hampers response, recovery efforts and the prevention of future attacks.

    By May 18, 2023
  • The U.S. Capitol building.
    Image attribution tooltip
    drnadig via Getty Images
    Image attribution tooltip

    House hearing details cyber resilience efforts for energy, water and healthcare

    Officials from the Department of Health and Human Services, Environmental Protection Agency and the Department of Energy testified how sector agencies are responding to rising threats.

    By May 17, 2023
  • Money moving through cyberspace.
    Image attribution tooltip
    Viorika via Getty Images
    Image attribution tooltip

    Flood of ransom payments continues as officials mull ban

    The revived debate over the viability of a ransom payment ban comes down to the cost ransomware is causing organizations globally.

    By May 11, 2023
  • Woman and a man standing on stage in front of a screen that says Hack the Capitol
    Image attribution tooltip
    Naomi Eide/Cybersecurity Dive
    Image attribution tooltip

    CISA director wary of technology industry repeating its mistakes with AI

    The multibillion-dollar cybersecurity industry is the result of misaligned incentives, where speed-to-market outranked security, Jen Easterly said. 

    By May 11, 2023
  • Acting National Cyber Director Kemba Walden talks with BSA CEO Victoria Espinel
    Image attribution tooltip
    Permission granted by EPNAC.com
    Image attribution tooltip

    Walden says cybersecurity strategy mostly well-received

    The acting national cyber director says common ground exists in certain areas, but a great deal of work remains.

    By May 10, 2023
  • The president joe biden stands behind a podium in front of the white house, shielding his eyes from the sun.
    Image attribution tooltip
    Kenny Holston via Getty Images
    Image attribution tooltip

    White House considers ban on ransom payments, with caveats

    Experts suggest the effort, a reversal from the administration's previous stance, is fraught with complications that could cause unintended consequences.

    By May 8, 2023
  • A worker cleans a sign in front of the Uber headquarters on May 18, 2020 in San Francisco, California.
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images
    Image attribution tooltip

    Former Uber CSO avoids prison time for ransomware coverup

    Joseph Sullivan was convicted last year after covering up a cyberattack while the ride sharing firm was under a Federal Trade Commission probe.

    By May 5, 2023
  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Most open source maintainers still consider themselves hobbyists, despite compensation pledges

    A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.

    By May 2, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA seeks public comment on software security attestation form

    The release is part of a larger effort by the Biden administration to strengthen software security at the development stage.

    By April 28, 2023
  • People walk past a sign for RSA Conference 2023
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    Acting National Cyber Director downplays reports of interagency strife

    There’s been no sign of tension between U.S. cybersecurity officials during Kemba Walden’s tenure, at least from her perspective.

    By April 27, 2023
  • Kemba Walden, acting national cyber director, rolls out the National Cybersecurity Strategy at a forum by the Center for Strategic and International Studies.
    Image attribution tooltip
    Permission granted by Office of the National Cyber Director
    Image attribution tooltip

    White House to share roadmap for national cyber strategy implementation this summer

    Acting National Cyber Director Kemba Walden said the strategy is built to have a 10-year shelf life, allowing for flexibility as new technologies and threats emerge. 

    By April 26, 2023
  • legal processes
    Image attribution tooltip
    Nico ElNino via Getty Images
    Image attribution tooltip

    Software industry leaders debate real costs and benefits of CISA security push

    The global effort to promote secure by design is seen as a potential game changer for software security, but may require substantial investments and considerable cultural changes.

    By April 14, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    Explore the core tactics of secure by design and default

    The international joint guide encapsulates security recommendations long-touted by CISA, including technical tactics for software and infrastructure design and best practices for default security measures at large.

    By April 13, 2023
  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    Image attribution tooltip

    CISA, partner agencies unveil secure by design principles in historic shift of software security

    Authorities are engaging key stakeholders, but there is a broad understanding that these proposed changes will require massive changes in industry culture.

    By Updated April 13, 2023
  • CISA Director Jen Easterly talks with CEO George Kurtz during the CrowdStrike Government Summit.
    Image attribution tooltip
    Permission granted by CrowdStrike
    Image attribution tooltip

    CISA to unveil secure-by-design principles this week amid push for software security

    The Biden administration plans to shift responsibility for product safety to the tech industry. Stakeholder discussions are already underway.  

    By April 12, 2023
  • The White House in Washington DC at summer day.
    Image attribution tooltip
    lucky-photographer via Getty Images
    Image attribution tooltip

    Biden cyber officials see auto, food safety as models for security overhaul

    The push to hold technology stakeholders liable for secure-by-design products will be a multiyear effort likely to involve Congress, the acting national cyber director said.

    By April 10, 2023
  • Lights in Europe are seen from space.
    Image attribution tooltip
    DKosig/iStock via Getty Images
    Image attribution tooltip

    White House eyes the next frontier of cybersecurity — space

    The focus comes more than a year into the Ukraine war, which led to nation state attacks on commercial satellites.

    By March 30, 2023
  • Image of SEC seal on the side of a building.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip
    Opinion

    The proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.

    If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.

    By Frank Shultz • March 27, 2023
  • Kemba Walden, acting national cyber director, rolls out the National Cybersecurity Strategy at a forum by the Center for Strategic and International Studies.
    Image attribution tooltip
    Permission granted by Office of the National Cyber Director
    Image attribution tooltip

    US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure

    Security needs to be baked into the technology Americans use every day and not bolted onto aging systems, said Kemba Walden, acting national cyber director.

    By March 24, 2023
  • Man using facial recognition technology on city street
    Image attribution tooltip
    LeoPatrizi via Getty Images
    Image attribution tooltip

    5 steps organizations can take to counter IAM threats

    Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.

    By March 24, 2023
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    CISA director urges top business leaders, board members to take cyber risk ownership

    Jen Easterly said the government cannot solve challenges posed by rising threat activity without active participation and corporate oversight from the private sector.

    By March 24, 2023
  • Federal Trade Commission Chair Lina Khan listens as U.S. President Joe Biden delivers remarks on the economy in the Eisenhower Executive Office Building on October 26, 2022 in Washington, DC.
    Image attribution tooltip
    Anna Moneymaker via Getty Images
    Image attribution tooltip

    FTC opens inquiry into cloud market competition, security

    As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.

    By Matt Ashare • March 23, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA revises cybersecurity performance goals

    After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA.

    By March 22, 2023