Shift to secure-by-design must start at university level, CISA director says

Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum. 

By David Jones • March 13, 2023

Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation

The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack. 

By David Jones • March 10, 2023

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

tk

By Cybersecurity Dive staff

TSA unveils emergency cybersecurity requirements for airlines, airports

The requirements follow the release of the Biden administration’s national cybersecurity strategy, which includes enhanced measures for critical infrastructure.

By David Jones • March 8, 2023

How will the government enforce the national cyber strategy?

Efforts to enact laws and regulations that impose greater responsibility on the technology sector aren’t likely to come quick or easy.

By Matt Kapko • March 8, 2023

Who is liable for flawed software? New guidance upends the security standard

Development practices and safe harbor provisions are the subject of major debate as work to implement the White Houses’ cyber strategy begins.

By David Jones • March 6, 2023

EPA unveils cybersecurity oversight for public drinking water systems

An agency memorandum marks the first new initiative on critical infrastructure since the White House released its national cyber strategy.

By David Jones • March 3, 2023

The US cyber strategy is out. Now, officials just have to implement it

Industry stakeholders signal a willingness to discuss further steps, while congressional leaders hint additional action may be on the table. 

By David Jones • March 3, 2023

White House releases national cyber strategy, shifting security burden

The long-anticipated policy will push the technology industry to shoulder more of the load for cyber risk, while promoting long-term investments and global cooperation against common threats. 

By David Jones • March 2, 2023

CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access

The voluntary assessment raises concerns as the unnamed organization with a mature security program was unable to detect simulated actors moving laterally across its systems for months.

By David Jones • March 1, 2023

3 CISA principles for secure by design

The Biden administration is expected to emphasize safer development practices when it rolls out the national security strategy for cyber. 

By David Jones • Feb. 28, 2023

CISA director urges tech industry to take responsibility for secure products

Industry can no longer blame and shame customers who are victims of sophisticated attacks, Jen Easterly said.

By David Jones • Feb. 27, 2023

Google backs federal push for tech to embrace ‘secure by design’

CISA has urged the technology industry to develop more resilient products before they reach customers.

By David Jones • Feb. 15, 2023

National cyber director to retire this month

Chris Inglis, the president’s top cyber policy advisor, is stepping down as the nation awaits the unveiling of the National Cyber Strategy.

By David Jones • Feb. 9, 2023

Corporate boards struggle to understand cybersecurity and digital transformation

Boards are trying to navigate the ever-evolving threat landscape as federal regulators plan additional breach disclosure rules.

By David Jones • Feb. 6, 2023

Companies face data privacy maze, skills gap

New state privacy laws coming into effect could add pressure for companies trying to navigate the changing regulatory landscape. 

By Alexei Alexis • Feb. 1, 2023

CISA’s public-private cyber collaborative to focus on energy, water

The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems. 

By David Jones • Jan. 27, 2023

Threat actors are using remote monitoring software to launch phishing attacks

A joint warning from CISA, the NSA and MS-ISAC warns APT actors could leverage legitimate tools using help-desk themed lures to gain persistence. 

By David Jones • Jan. 26, 2023

CISA issues baseline cybersecurity recommendations for K-12 schools

Insufficient funding and IT staffing levels make many CISA recommendations difficult for K-12 schools to achieve.

By Matt Kapko • Jan. 26, 2023

World Economic Forum officials warn global instability could lead to catastrophic cyber event

A report released at the WEF said top business leaders and security experts fear heightened geopolitical tensions could result in a major attack in the next two years.

By David Jones • Jan. 19, 2023

SEC aims to tighten cybersecurity, climate rules before May

The agency aims in early 2023 to complete several new regulations, many of them focused on increasing disclosures for investors.

By Jim Tyson • Jan. 17, 2023

CISA’s 2022 highlight reel details progress and potential for security coordination

The agency acted on 2,609 cyber incidents and produced 416 vulnerability advisories in 2022.

By Matt Kapko • Jan. 17, 2023

Surging cyberthreats, data concerns remain top dispute risks for organizations

A survey from Baker McKenzie shows a heightened risk of legal challenges amid a rise in sophisticated cyberattacks, along with concerns about the regulatory response. 

By David Jones • Jan. 12, 2023

FCC revives push to speed up telecom incident disclosures

Telecom operators are a primary target for threat actors. A change to breach reporting rules is long overdue, one analyst said.

By Matt Kapko • Jan. 10, 2023

Tech priorities out of sync with security needs, CISA director says

As long as priorities and incentives are misaligned, security and safety needs will remain unmet. “We can’t just let technology off the hook,” Jen Easterly said.

By Matt Kapko • Jan. 9, 2023

National Cyber Director eyes retirement: report

The inaugural cybersecurity chief at the White House assumed the role in June 2021 following a nearly three decade career at the NSA.

By Matt Kapko • Dec. 22, 2022