Policy & Regulation: Page 2


  • Green lights show behind plugged-in cables.
    Image attribution tooltip
    gorodenkoff/iStock via Getty Images

    White House plans IoT security labeling program for spring 2023

    Major connected device manufacturers, retailers and industry groups back efforts to boost cyber awareness.

    By Oct. 21, 2022
  • Mandiant CEO Kevin Mandia and CISA Director Jen Easterly speak at the mWISE Conference.
    Image attribution tooltip

    mWISE Conference/ Mandiant

    CISA’s priority sectors for 2023: water, hospitals, K-12

    The industries slated for emphasis are “target-rich, resource-poor entities,” CISA Director Jen Easterly said. They’re also heavily targeted by ransomware.

    By Oct. 21, 2022
  • Two men sit on stage in front of a logo of the executive office of the president national cyber director.
    Image attribution tooltip
    Permission granted by Mandiant

    National cybersecurity strategy to debut within months, White House official says

    The Biden administration’s strategy will have extensive collaboration with the private sector, National Cyber Director Chris Inglis says.

    By Oct. 20, 2022
  • TSA rolls out long-anticipated cyber directive for freight, passenger rail systems

    The directive is part of a wider administration effort to build resilience across a series of critical infrastructure sites nationwide.

    By Oct. 19, 2022
  • Brian Gattoni speaking on stage.
    Image attribution tooltip
    Roberto Torres/Cybersecurity Dive

    Cyber defense is not IT’s job alone, CISA CTO says

    While tech executives must provide critical tools and procedures to lower cyber risk, the whole organization is responsible for fending off attackers.

    By Roberto Torres • Oct. 19, 2022
  • A closeup up a car dashboard with a a driver's hand. A phone is on a mount to the right of the steering wheel.
    Image attribution tooltip
    Drew Angerer via Getty Images

    Uber ex-CSO verdict raises thorny issues of cyber governance and transparency

    The former chief security officer of the ride-sharing firm is seen by many as a scapegoat for an unsupervised and unaccountable corporate culture.

    By Oct. 19, 2022
  • Woman speaks at a White House podium in the distance, seen through a blurred out crowd.
    Image attribution tooltip
    Alex Wong via Getty Images

    White House to raise cyber standards for healthcare, water and emergency communications

    CISA will also roll out minimum security standards by late October that can apply to organizations across sectors.

    By Oct. 14, 2022
  • Concept digital technology 4.0,wireless network 5G signal,CCTV camera surveillance,intelligent of artificial systems,and display screen,to monitor road safety and city.
    Image attribution tooltip
    phuttaphat tipsana via Getty Images

    White House to roll out Energy Star-like ratings for IoT

    The labeling plan is part of a long-sought effort to boost security and transparency in commonly used technology products. 

    By Oct. 12, 2022
  • Image attribution tooltip
    Sean M. Haffey via Getty Images

    Cybersecurity needs a statewide approach, report finds

    Research from Deloitte and state CIOs shows cities often hesitate to work with states on cybersecurity to protect their autonomy, but local government cyber grants could change that. 

    By Michael Brady • Oct. 10, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA orders federal IT overhaul with automated asset inventory, software scanning

    Civilian agencies will be required to check for vulnerabilities in a push to gain better visibility into IT networks.

    By Oct. 4, 2022
  • Technologist shows two customers how to use enterprise software at desktop computer
    Image attribution tooltip
    gilaxia via Getty Images

    Strict security rules could push open source community out of federal work, expert says

    Agency CISOs and development experts say federal agencies need to work collaboratively with open source community contributors.

    By Sept. 27, 2022
  • The dome of U.S. Capitol is seen framed by trees.
    Image attribution tooltip
    Dan Zukowski/Cybersecurity Dive
    Opinion

    6 things businesses need to know about the changing privacy landscape

    New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.

    By Ryan P. Blaney • Sept. 26, 2022
  • Cell phone or mobile service tower in forested area of West Virginia providing broadband service
    Image attribution tooltip
    BackyardProduction via Getty Images

    How common telecom cyber risks snowball in cloud, open source

    Public cloud plays a central role in the modernization of wireless networks. But more open source software, vendors and vulnerabilities could spell trouble.

    By Sept. 23, 2022
  • Image attribution tooltip
    Mario Tama via Getty Images

    Morgan Stanley fined $35M by SEC over improper data disposal

    The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

    By Gabrielle Saulsbery • Sept. 21, 2022
  • The Capital One flag flies over its headquarters March 13, 2006 in Mclean, Virginia.
    Image attribution tooltip
    Mark Wilson via Getty Images

    Capital One freed from consent order tied to 2019 breach

    The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

    By Gabrielle Saulsbery • Sept. 20, 2022
  • An image of the White House.
    Image attribution tooltip
    Vacclav/iStock via Getty Images

    White House guidance on third-party software seen as a major test of cyber risk strategy

    The U.S. hopes that by forcing software producers to meet a set of minimum security standards for federal use, a new baseline strategy will be adopted industrywide. 

    By Sept. 19, 2022
  • Industrial equipment (pipes, manometer/pressure gauge, levers, faucets, indicators) in a natural gas compressor station.
    Image attribution tooltip
    Cat Eye Perspective via Getty Images

    Industrial control systems face more cyber risks than IT, expert testifies

    Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said. 

    By Sept. 16, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA can’t definitively say if ransomware is getting better or worse

    Organizations can be unwilling to notify government officials when ransomware intrusions occur, but that simple act might prevent the next attack.

    By Sept. 15, 2022
  • A photo of the White House.
    Image attribution tooltip
    PorqueNoStudios/iStock via Getty Images

    White House sets minimum security standards for federal software use

    The Office of Management and Budget is requiring agencies to get a self-attestation from software producers showing compliance with NIST guidance.

    By Sept. 14, 2022
  • Sen. Angus King was part of a panel with Suzanne Spaulding and Mike Montgomery at the Billington CyberSecurity Summit in Washington D.C.
    Image attribution tooltip
    Courtesy of Billington CyberSecurity Summit

    US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

    Legislators say the Cyberspace Solarium Commission led to significant national security enhancements, but analysts are calling for urgent momentum on a federal law on data privacy and security.

    By Sept. 13, 2022
  • Statue of Alexander Hamilton.
    Image attribution tooltip
    Chip Somodevilla via Getty Images

    US Treasury sanctions Iran intelligence agency following Albanian government attack

    The Treasury Department said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007.

    By Sept. 12, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA announces RFI for critical infrastructure cyber reporting mandate

    The agency plans to publish the information request in the Federal Register on Monday and will kick off a national listening tour.

    By Sept. 9, 2022
  • Close shot of the U.S. Capitol dome against the bright blue sky.
    Image attribution tooltip
    Brendan Hoffman via Getty Images
    Opinion

    How the US government’s cyber priorities will impact businesses

    There is a high probability that enterprise leaders will need to comply with some level of federal cybersecurity requirements or guidance.

    By Tim Mackey • Sept. 9, 2022
  • Two people sitting on a stage during a conference, with a U.S. flag in the background.
    Image attribution tooltip
    Permission granted by Billington CyberSecurity

    CISA Director: Tech industry should infuse security at product design stage

    Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.

    By Sept. 7, 2022
  • Concept with expert setting up automated software on laptop computer.
    Image attribution tooltip
    NicoElNino via Getty Images

    Feds push for developers to take lead in securing software supply chain

    The guidelines from CISA and the NSA come amid a growing movement to “shift left” and evaluate software security earlier in the development cycle. 

    By Sept. 2, 2022