Policy & Regulation: Page 19
-
Martyn Aim via Getty Images
Conflict over Ukraine raises cyber risk for US enterprises
A diplomatic standoff with Russia threatens to drag U.S. companies and critical infrastructure into wider security crisis that could echo NotPetya.
By David Jones • Feb. 1, 2022 -
Win McNamee via Getty Images
White House targets security 'paradigm shift' with federal zero-trust strategy
Agencies have 60 days to submit zero-trust plans to OMB and CISA.
By Samantha Schwartz • Jan. 28, 2022 -
Tanaonte via Getty Images
GDPR regulators crack down on data processing as companies struggle with privacy compliance
Almost four years into GDPR, it has taken regulators time to find their footing to pursue violations.
By Samantha Schwartz • Jan. 28, 2022 -
Chip Somodevilla via Getty Images
Industry responded to Treasury ransomware sanctions but full impact unknown
The list of sanctioned ransomware-related parties has made incident responders take a more "cautious approach," said OFAC's Michael Lieberman.
By Samantha Schwartz • Jan. 27, 2022 -
onurdongel via Getty Images
OpinionIt's time to focus on critical infrastructure systems security
Cyber-physical systems running on legacy infrastructure are ideal attack surfaces for malicious actors.
By Katell Thielemann • Jan. 24, 2022 -
Win McNamee via Getty Images
Biden gives defense, intel agencies 180 days to apply MFA, encryption
The White House's memorandum builds on past requirements to bolster U.S. cyber standards. This time, the administration is targeting agencies that handle classified intelligence.
By Samantha Schwartz • Jan. 20, 2022 -
Mario Tama via Getty Images
Log4j raises cyber risk for public finance entities, Fitch warns
Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity.
By David Jones • Jan. 19, 2022 -
Chip Somodevilla / Staff via Getty Images
Feds want businesses to report cyberattacks — the agency doesn't matter
The FBI's Bryan Vorndran compared a cyberattack to a house robbery: Law enforcement assists with attack response while CISA is representative of an alarm company tasked with prevention.
By Samantha Schwartz • Jan. 14, 2022 -
BackyardProduction via Getty Images
FCC seeks stronger breach reporting rules for telecoms
After massive breaches at T-Mobile and other telecoms, the proposed regulations would create faster consumer disclosure and mandate reporting of inadvertent cases.
By David Jones • Jan. 13, 2022 -
Sarah Silbiger via Getty Images
Congressional cyber commission expires but work to continue with 'Solarium 2.0'
Despite the commission's success, unfinished business includes setting up a joint collaborative environment, institutionalizing the Cyber Diplomacy Act, creating a bureau of cyber statistics, and codifying critical infrastructure.
By Samantha Schwartz • Dec. 23, 2021 -
Sarah Silbiger via Getty Images
Long-expected cyber incident reporting rule loses ground once again
The House's recently passed National Defense Authorization Act is set to advance to the Senate. But it omitted a key cyber rule: mandatory incident reporting.
By Samantha Schwartz • Dec. 10, 2021 -
Stefani Reynolds / Stringer via Getty Images
What incident reporting could look like
Legislation could remove some of the complexity of overlapping standards when CISA's roles and authorities become more robust.
By Samantha Schwartz • Dec. 10, 2021 -
Luke Sharrett via Getty Images
TSA rolls out rail cyber requirements, targeting prevention and rapid response
The directives, with immediate implementation expected, are primarily for higher-risk freight railroads, passenger rail, and rail transit, DHS said.
By Samantha Schwartz • Dec. 3, 2021 -
DKosig via Getty Images
Insurer Lloyd's slashes coverage on state-sponsored cyberattacks, reflecting battered market
The limits for state-sponsored attack coverage comes at a time when nation-state activity and ransomware linked to foreign threat actors is surging.
By David Jones • Dec. 3, 2021 -
Dan Kitwood via Getty Images
Crypto becoming the preferred currency of cybercriminals and rogue governments
Authorities are turning the tables on cybercriminals by tracing the steps of illicit transactions and making it more difficult for ransomware operators to evade detection.
By David Jones • Nov. 24, 2021 -
Chip Somodevilla / Staff via Getty Images
Recovering ransom payments could become routine for law enforcement
Backed by blockchain analysts and crypto-tracers, law enforcement agencies want to become more proficient in seizing ransomware-related funds.
By Samantha Schwartz • Nov. 23, 2021 -
Dan Kitwood/Getty Images News via Getty Images
Companies urged to alert federal law enforcement in ransomware cases
A key official with the U.S. Secret Service says companies need to work with law enforcement agencies, who can help make critical decisions in disrupting illicit transactions.
By David Jones • Nov. 17, 2021 -
Getty via Getty Images
FBI justifies its decision to withhold Kaseya decryptor
The law enforcement agency prioritized the long-term benefits of a delay over the immediate decryption key release.
By Samantha Schwartz • Nov. 17, 2021 -
Jon Cherry via Getty Images
K-12's decade-old cyber guidance needs updating, watchdog says
With K-12 considered critical infrastructure, the Government Accountability Office is calling for more guidance on the federal government's role in protecting schools.
By Roger Riddell • Nov. 15, 2021 -
Michael M. Santiago via Getty Images
Banks outpace other industries in cyber investments, defense strategies: report
The banking industry is actively investing in cyber defense and employing sound corporate governance practices to combat threats, Moody's found.
By David Jones • Nov. 15, 2021 -
Leon Neal via Getty Images
US backs Paris-led effort on cybersecurity cooperation
After sitting on the sidelines for three years, the U.S. is joining an international effort to create stability and order in cyberspace.
By David Jones • Nov. 11, 2021 -
Chip Somodevilla via Getty Images
DOJ unveils charges, money seizures in multinational crackdown against REvil
The Justice, Treasury and State departments led an international effort to crack down on ransomware, money laundering and illicit trading of cryptocurrency connected to the gang linked to the Kaseya attack.
By David Jones • Nov. 9, 2021 -
Mark Makela/Getty Images via Getty Images
State Department to add cyber bureau, tackle tech diplomacy
The additions could help streamline coordination and eliminate the simultaneous — and sometimes redundant — efforts of global partners.
By Samantha Schwartz • Nov. 9, 2021 -
Sarah Silbiger via Getty Images
$1.2 trillion infrastructure bill passes House, tying cyber to physical investments
The bill, which awaits President Joe Biden's signature, invests $2 billion in cybersecurity and formalizes the national cyber director's budget.
By Samantha Schwartz • Nov. 8, 2021 -
Getty Images / Staff via Getty Images
Pentagon revamps CMMC program to help SMBs meet compliance standards
Critics have decried the cybersecurity program as far too expensive and complex for thousands of defense contractors struggling to shield data from nation states.
By David Jones • Nov. 5, 2021
Previous
