White House to raise cyber standards for healthcare, water and emergency communications

CISA will also roll out minimum security standards by late October that can apply to organizations across sectors.

By Naomi Eide • Oct. 14, 2022

White House to roll out Energy Star-like ratings for IoT

The labeling plan is part of a long-sought effort to boost security and transparency in commonly used technology products. 

By David Jones • Oct. 12, 2022

Cybersecurity needs a statewide approach, report finds

Research from Deloitte and state CIOs shows cities often hesitate to work with states on cybersecurity to protect their autonomy, but local government cyber grants could change that. 

By Michael Brady • Oct. 10, 2022

CISA orders federal IT overhaul with automated asset inventory, software scanning

Civilian agencies will be required to check for vulnerabilities in a push to gain better visibility into IT networks.

By David Jones • Oct. 4, 2022

Strict security rules could push open source community out of federal work, expert says

Agency CISOs and development experts say federal agencies need to work collaboratively with open source community contributors.

By David Jones • Sept. 27, 2022

6 things businesses need to know about the changing privacy landscape

New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.

By Ryan P. Blaney • Sept. 26, 2022

How common telecom cyber risks snowball in cloud, open source

Public cloud plays a central role in the modernization of wireless networks. But more open source software, vendors and vulnerabilities could spell trouble.

By Matt Kapko • Sept. 23, 2022

Morgan Stanley fined $35M by SEC over improper data disposal

The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

By Gabrielle Saulsbery • Sept. 21, 2022

Capital One freed from consent order tied to 2019 breach

The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

By Gabrielle Saulsbery • Sept. 20, 2022

White House guidance on third-party software seen as a major test of cyber risk strategy

The U.S. hopes that by forcing software producers to meet a set of minimum security standards for federal use, a new baseline strategy will be adopted industrywide. 

By David Jones • Sept. 19, 2022

Industrial control systems face more cyber risks than IT, expert testifies

Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said. 

By David Jones • Sept. 16, 2022

CISA can’t definitively say if ransomware is getting better or worse

Organizations can be unwilling to notify government officials when ransomware intrusions occur, but that simple act might prevent the next attack.

By Matt Kapko • Sept. 15, 2022

White House sets minimum security standards for federal software use

The Office of Management and Budget is requiring agencies to get a self-attestation from software producers showing compliance with NIST guidance.

By David Jones • Sept. 14, 2022

US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

Legislators say the Cyberspace Solarium Commission led to significant national security enhancements, but analysts are calling for urgent momentum on a federal law on data privacy and security.

By David Jones • Sept. 13, 2022

US Treasury sanctions Iran intelligence agency following Albanian government attack

The Treasury Department said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007.

By David Jones • Sept. 12, 2022

CISA announces RFI for critical infrastructure cyber reporting mandate

The agency plans to publish the information request in the Federal Register on Monday and will kick off a national listening tour.

By David Jones • Sept. 9, 2022

How the US government’s cyber priorities will impact businesses

There is a high probability that enterprise leaders will need to comply with some level of federal cybersecurity requirements or guidance.

By Tim Mackey • Sept. 9, 2022

CISA Director: Tech industry should infuse security at product design stage

Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.

By David Jones • Sept. 7, 2022

Feds push for developers to take lead in securing software supply chain

The guidelines from CISA and the NSA come amid a growing movement to “shift left” and evaluate software security earlier in the development cycle. 

By David Jones • Sept. 2, 2022

Twitter whistleblower claims may bolster federal privacy push

Bipartisan efforts to protect consumer information may gain momentum following allegations that Twitter failed to safeguard private data.

By Jim Tyson • Aug. 23, 2022

DOE to support development of ‘next-generation cyber tools’ to protect grid

The agency announced $45 million will be available for up to 15 “next-generation” cybersecurity research, development and demonstration projects.

By Robert Walton • Aug. 19, 2022

Zero trust adoption skyrockets, nearing universal adoption

A report from Okta shows organizations fully embracing zero-trust principles, as hybrid work requires long-term changes to identity management. 

By David Jones • Aug. 16, 2022

CISA director lauds first-year efforts of public-private cyber collaborative

One year into the Joint Cyber Defense Collaborative, Jen Easterly says the partnership has helped limit the scale of threats.

By David Jones • Aug. 15, 2022

US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says

A dizzying array of agencies and disorganized efforts bolsters Chris Krebs’ call for a cybersecurity governance overhaul.

By Matt Kapko • Aug. 12, 2022

Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says

The state of cybersecurity is bad and it’s going to get worse, Chris Krebs said at Black Hat. But somehow things might eventually get better.

By Matt Kapko • Aug. 10, 2022