Policy & Regulation: Page 13
-
Permission granted by Office of the National Cyber Director
White House to share roadmap for national cyber strategy implementation this summer
Acting National Cyber Director Kemba Walden said the strategy is built to have a 10-year shelf life, allowing for flexibility as new technologies and threats emerge.
By Matt Kapko • April 26, 2023 -
Nico ElNino via Getty Images
Software industry leaders debate real costs and benefits of CISA security push
The global effort to promote secure by design is seen as a potential game changer for software security, but may require substantial investments and considerable cultural changes.
By David Jones • April 14, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
Explore the core tactics of secure by design and default
The international joint guide encapsulates security recommendations long-touted by CISA, including technical tactics for software and infrastructure design and best practices for default security measures at large.
By Matt Kapko • April 13, 2023 -
Center for Strategic and International Studies
CISA, partner agencies unveil secure by design principles in historic shift of software security
Authorities are engaging key stakeholders, but there is a broad understanding that these proposed changes will require massive changes in industry culture.
By David Jones • Updated April 13, 2023 -
Permission granted by CrowdStrike
CISA to unveil secure-by-design principles this week amid push for software security
The Biden administration plans to shift responsibility for product safety to the tech industry. Stakeholder discussions are already underway.
By David Jones • April 12, 2023 -
lucky-photographer via Getty Images
Biden cyber officials see auto, food safety as models for security overhaul
The push to hold technology stakeholders liable for secure-by-design products will be a multiyear effort likely to involve Congress, the acting national cyber director said.
By David Jones • April 10, 2023 -
DKosig/iStock via Getty Images
White House eyes the next frontier of cybersecurity — space
The focus comes more than a year into the Ukraine war, which led to nation state attacks on commercial satellites.
By David Jones • March 30, 2023 -
Chip Somodevilla via Getty Images
OpinionThe proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.
If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.
By Frank Shultz • March 27, 2023 -
Permission granted by Office of the National Cyber Director
US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure
Security needs to be baked into the technology Americans use every day and not bolted onto aging systems, said Kemba Walden, acting national cyber director.
By David Jones • March 24, 2023 -
LeoPatrizi via Getty Images
5 steps organizations can take to counter IAM threats
Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.
By Matt Kapko • March 24, 2023 -
Matt Kapko/Cybersecurity Dive
CISA director urges top business leaders, board members to take cyber risk ownership
Jen Easterly said the government cannot solve challenges posed by rising threat activity without active participation and corporate oversight from the private sector.
By David Jones • March 24, 2023 -
Anna Moneymaker via Getty Images
FTC opens inquiry into cloud market competition, security
As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.
By Matt Ashare • March 23, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA revises cybersecurity performance goals
After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA.
By David Jones • March 22, 2023 -
Brendan Smialowski / Stringer via Getty Images
SEC proposes cybersecurity disclosure rules for financial industry specialists
The changes would require broker-dealers and other entities to adopt written plans to minimize risk and promptly disclose major incidents.
By David Jones • March 17, 2023 -
Danai Jetawattana via Getty Images
CISA launches ransomware warning pilot for critical infrastructure providers
The agency already warned dozens of organizations about ProxyNotShell.
By David Jones • March 14, 2023 -
Permission granted by Carnegie Mellon University
Shift to secure-by-design must start at university level, CISA director says
Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum.
By David Jones • March 13, 2023 -
Chip Somodevilla via Getty Images
Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation
The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack.
By David Jones • March 10, 2023 -
Joe Raedle / Staff via Getty Images
TSA unveils emergency cybersecurity requirements for airlines, airports
The requirements follow the release of the Biden administration’s national cybersecurity strategy, which includes enhanced measures for critical infrastructure.
By David Jones • March 8, 2023 -
Nastco via Getty Images
How will the government enforce the national cyber strategy?
Efforts to enact laws and regulations that impose greater responsibility on the technology sector aren’t likely to come quick or easy.
By Matt Kapko • March 8, 2023 -
Permission granted by General Motors
Who is liable for flawed software? New guidance upends the security standard
Development practices and safe harbor provisions are the subject of major debate as work to implement the White Houses’ cyber strategy begins.
By David Jones • March 6, 2023 -
Justin Sullivan via Getty Images
EPA unveils cybersecurity oversight for public drinking water systems
An agency memorandum marks the first new initiative on critical infrastructure since the White House released its national cyber strategy.
By David Jones • March 3, 2023 -
Permission granted by Office of the National Cyber Director
The US cyber strategy is out. Now, officials just have to implement it
Industry stakeholders signal a willingness to discuss further steps, while congressional leaders hint additional action may be on the table.
By David Jones • March 3, 2023 -
Zach Gibson via Getty Images
White House releases national cyber strategy, shifting security burden
The long-anticipated policy will push the technology industry to shoulder more of the load for cyber risk, while promoting long-term investments and global cooperation against common threats.
By David Jones • March 2, 2023 -
Thinkhubstudio via Getty Images
CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access
The voluntary assessment raises concerns as the unnamed organization with a mature security program was unable to detect simulated actors moving laterally across its systems for months.
By David Jones • March 1, 2023 -
Samantha Schwartz/Cybersecurity Dive
3 CISA principles for secure by design
The Biden administration is expected to emphasize safer development practices when it rolls out the national security strategy for cyber.
By David Jones • Feb. 28, 2023
Previous
