Policy & Regulation: Page 2


  • Image attribution tooltip
    onurdongel via Getty Images

    Congress adds historic cyber incident reporting rule to massive $1.5 trillion package

    Key members of Congress and CISA say the bill will help protect critical infrastructure against malicious attacks.

    By March 11, 2022
  • Image attribution tooltip
    Spencer Platt via Getty Images

    SEC pushes for tougher cybersecurity disclosure rules

    Companies would need to report breaches within four days under the proposed rules. 

    By Jim Tyson • March 10, 2022
  • Image attribution tooltip
    Anna Moneymaker via Getty Images

    Russian cyberattacks surprisingly limited in Ukraine, US officials say

    U.S. Cyber Command Gen. Paul Nakasone said Russia-backed cyber activity has been much lower than expected.

    By March 9, 2022
  • Image attribution tooltip
    Paul O''Driscoll via Getty Images
    Opinion

    Would a cyberattack on a NATO country trigger Article 5?

    Few nations have sophisticated cyber capabilities and for operational security reasons, they are closely guarded, rarely shared, and carefully used.

    By Mark Laity • March 2, 2022
  • Image attribution tooltip
    OlegAlbinsky via Getty Images

    New York rolls out statewide cyber command center

    Russia's invasion of Ukraine should make local government leaders watchful of critical infrastructure risk, expert says.

    By Cailin Crowe • Feb. 28, 2022
  • Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by spainter_vfx via Getty Images

    DHS to lead federal response to Russia-Ukraine crisis

    Cyberattacks in Ukraine continue as Russian troops enter Kyiv.

    By Feb. 25, 2022
  • Image attribution tooltip
    Stefan Zaklin via Getty Images

    Apache tells US Senate committee the Log4j vulnerability could take years to resolve

    While a software bill of materials could improve supply chain security, users still download vulnerable versions of software. 

    By Feb. 9, 2022
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    NIST targets software supply chain with guidance on security standards

    Guidelines call for developers to attest they use secure software practices.

    By Feb. 7, 2022
  • Image attribution tooltip
    Applebaum, Benjamin. (2021). "Washington, D.C. (August 10, 2021) Homeland Security Deputy Secretary John Tien swears in Robert Silvers as the new DHS Under Secretary for the Office of Strategy, Policy, and Plans at DHS Headquarter" [Photograph]. Retrieved from Flickr.

    DHS adds review board to advise federal response to major cyberattacks

    The board, which follows President Biden's May 2021 executive order on cybersecurity, will start with a review of the Apache Log4j vulnerability. 

    By Feb. 3, 2022
  • Image attribution tooltip
    Martyn Aim via Getty Images

    Conflict over Ukraine raises cyber risk for US enterprises

    A diplomatic standoff with Russia threatens to drag U.S. companies and critical infrastructure into wider security crisis that could echo NotPetya. 

    By Feb. 1, 2022
  • Image attribution tooltip
    Win McNamee via Getty Images

    White House targets security 'paradigm shift' with federal zero-trust strategy

    Agencies have 60 days to submit zero-trust plans to OMB and CISA. 

    By Samantha Schwartz • Jan. 28, 2022
  • Image attribution tooltip
    Tanaonte via Getty Images

    GDPR regulators crack down on data processing as companies struggle with privacy compliance

    Almost four years into GDPR, it has taken regulators time to find their footing to pursue violations.

    By Samantha Schwartz • Jan. 28, 2022
  • Image attribution tooltip
    Chip Somodevilla via Getty Images

    Industry responded to Treasury ransomware sanctions but full impact unknown

    The list of sanctioned ransomware-related parties has made incident responders take a more "cautious approach," said OFAC's Michael Lieberman.

    By Samantha Schwartz • Jan. 27, 2022
  • Image attribution tooltip
    onurdongel via Getty Images
    Opinion

    It's time to focus on critical infrastructure systems security

    Cyber-physical systems running on legacy infrastructure are ideal attack surfaces for malicious actors. 

    By Katell Thielemann • Jan. 24, 2022
  • Image attribution tooltip
    Win McNamee via Getty Images

    Biden gives defense, intel agencies 180 days to apply MFA, encryption

    The White House's memorandum builds on past requirements to bolster U.S. cyber standards. This time, the administration is targeting agencies that handle classified intelligence. 

    By Samantha Schwartz • Jan. 20, 2022
  • Image attribution tooltip
    Mario Tama via Getty Images

    Log4j raises cyber risk for public finance entities, Fitch warns

    Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity. 

    By Jan. 19, 2022
  • Image attribution tooltip
    Chip Somodevilla / Staff via Getty Images

    Feds want businesses to report cyberattacks — the agency doesn't matter

    The FBI's Bryan Vorndran compared a cyberattack to a house robbery: Law enforcement assists with attack response while CISA is representative of an alarm company tasked with prevention. 

    By Samantha Schwartz • Jan. 14, 2022
  • Image attribution tooltip
    BackyardProduction via Getty Images

    FCC seeks stronger breach reporting rules for telecoms

    After massive breaches at T-Mobile and other telecoms, the proposed regulations would create faster consumer disclosure and mandate reporting of inadvertent cases.

    By Jan. 13, 2022
  • Image attribution tooltip
    Sarah Silbiger via Getty Images

    Congressional cyber commission expires but work to continue with 'Solarium 2.0'

    Despite the commission's success, unfinished business includes setting up a joint collaborative environment, institutionalizing the Cyber Diplomacy Act, creating a bureau of cyber statistics, and codifying critical infrastructure.

    By Samantha Schwartz • Dec. 23, 2021
  • Image attribution tooltip
    Sarah Silbiger via Getty Images

    Long-expected cyber incident reporting rule loses ground once again

    The House's recently passed National Defense Authorization Act is set to advance to the Senate. But it omitted a key cyber rule: mandatory incident reporting. 

    By Samantha Schwartz • Dec. 10, 2021
  • Image attribution tooltip
    Stefani Reynolds / Stringer via Getty Images

    What incident reporting could look like

    Legislation could remove some of the complexity of overlapping standards when CISA's roles and authorities become more robust. 

    By Samantha Schwartz • Dec. 10, 2021
  • Image attribution tooltip
    Luke Sharrett via Getty Images

    TSA rolls out rail cyber requirements, targeting prevention and rapid response

    The directives, with immediate implementation expected, are primarily for higher-risk freight railroads, passenger rail, and rail transit, DHS said. 

    By Samantha Schwartz • Dec. 3, 2021
  • Image attribution tooltip
    DKosig via Getty Images

    Insurer Lloyd's slashes coverage on state-sponsored cyberattacks, reflecting battered market

    The limits for state-sponsored attack coverage comes at a time when nation-state activity and ransomware linked to foreign threat actors is surging.

    By Dec. 3, 2021
  • Image attribution tooltip
    Dan Kitwood via Getty Images

    Crypto becoming the preferred currency of cybercriminals and rogue governments

    Authorities are turning the tables on cybercriminals by tracing the steps of illicit transactions and making it more difficult for ransomware operators to evade detection.

    By Nov. 24, 2021
  • Image attribution tooltip
    Chip Somodevilla / Staff via Getty Images

    Recovering ransom payments could become routine for law enforcement

    Backed by blockchain analysts and crypto-tracers, law enforcement agencies want to become more proficient in seizing ransomware-related funds.

    By Samantha Schwartz • Nov. 23, 2021