Policy & Regulation: Page 3
-
Tech priorities out of sync with security needs, CISA director says
As long as priorities and incentives are misaligned, security and safety needs will remain unmet. “We can’t just let technology off the hook,” Jen Easterly said.
By Matt Kapko • Jan. 9, 2023 -
National Cyber Director eyes retirement: report
The inaugural cybersecurity chief at the White House assumed the role in June 2021 following a nearly three decade career at the NSA.
By Matt Kapko • Dec. 22, 2022 -
Despite enforcement delays, attorneys urge preparation for AI, privacy laws
New legislation extends to employers with applicants or workers who are residents of New York City or California — and may be a harbinger of what’s to come elsewhere.
By Ginger Christ • Dec. 21, 2022 -
NIST bids adieu to SHA-1 cryptographic algorithm
The widely used security specification has been insufficient since 2005, and won't fully sunset until 2030.
By Matt Kapko • Dec. 16, 2022 -
Google stresses unmet need for software supply chain security
The open source software ecosystem remains vulnerable, and fragmented efforts could stifle progress, according to Google.
By Matt Kapko • Dec. 8, 2022 -
Cyber Safety Review Board to probe Lapsus$ ransomware spree
Following an inaugural review of Log4j, the board will investigate the threat actor’s prolific campaign of cyber extortion against major companies, including Uber, T-Mobile and Nvidia.
By David Jones • Dec. 2, 2022 -
FCC bans imports of telecom gear from China-based companies
The latest in a series of orders aligns the agency’s equipment authorization process with national security policies.
By Matt Kapko • Nov. 28, 2022 -
Defense Department launches zero trust, phasing out perimeter defense strategy
Private sector partners say the rollout will raise the security bar to better protect the entire defense industry ecosystem.
By David Jones • Nov. 23, 2022 -
Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO
A report warns the industry could see an attack that rivals the deadly 2010 Deepwater Horizon disaster and urges Interior Department officials to stand up safeguards.
By David Jones • Nov. 18, 2022 -
Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn
The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.
By David Jones • Nov. 16, 2022 -
Critical infrastructure providers ask CISA to place guardrails on reporting requirements
Top companies and industry groups fear incident reporting mandates would overwhelm CISA with noise.
By David Jones • Nov. 16, 2022 -
Why privacy professionals should work closely with company engineers
Transcend's general counsel, Brandon Wiebe, said the increasingly technical nature of data privacy regulations requires cross-functional collaboration.
By Lyle Moran • Nov. 14, 2022 -
CISA wants to change how organizations prioritize vulnerabilities
Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.
By Matt Kapko • Nov. 14, 2022 -
Twitter, amid security and compliance officer exodus, could run afoul of FTC rules
Regulatory attention is just the latest trouble for the embattled social media platform. Without chief security, privacy or compliance officers, following a consent decree becomes more difficult.
By Matt Kapko • Nov. 10, 2022 -
SolarWinds under SEC probe related to 2020 supply chain attack
The company also disclosed a proposed $26 million settlement of a class action suit related to the cyberattack.
By David Jones • Nov. 9, 2022 -
Senator proposes cybersecurity mandates for health systems
Cybersecurity can no longer be treated as a secondary concern and must become incorporated into every organization’s core business model, according to the chairman of the Senate Select Committee on Intelligence.
By Susan Kelly • Nov. 8, 2022 -
CISA demystifies phishing-resistant MFA
The “gold standard” safeguard isn’t a one-size-fits-all or all-or-nothing endeavor. For most organizations, a phased approach works best.
By Matt Kapko • Nov. 4, 2022 -
NIST seeks water industry feedback on boosting cyber resilience
The Biden administration is turning its security attention to the water and wastewater treatment industry, which has become vulnerable to cyberattacks as facilities grow more digital.
By David Jones • Nov. 4, 2022 -
CISA director bullish on private sector cooperation toward cybersecurity goals
Jen Easterly urged U.S. companies to embrace the agency’s efforts to raise cybersecurity performance, create resilient products and share more information.
By David Jones • Nov. 3, 2022 -
US ransomware payments surge to $1.2B in 2021: Treasury
The evidence of the rapid increase comes as the White House concluded an international summit with a pledge to strengthen anti-ransomware cooperation.
By David Jones • Nov. 2, 2022 -
FTC slams Chegg for chronic, ‘careless security’
The online tutoring and book rental company suffered four data breaches between 2017 and 2020, one of which exposed personal information on about 40 million customers.
By Matt Kapko • Nov. 1, 2022 -
White House convenes dozens of countries to fight ransomware
The second international summit follows a series of high profile attacks against CommonSpirit Health and the Los Angeles Unified School District.
By David Jones • Oct. 31, 2022 -
CISA aims for target rich, resource poor sectors in rollout of security basics
Officials hope new cybersecurity performance goals will serve as a roadmap to strengthen the resilience of local providers like schools, hospitals and utilities.
By David Jones • Oct. 28, 2022 -
How cybersecurity experts are reacting to CISA’s security goals
Federal authorities describe the cross-sector guidance as “a floor, not a ceiling.”
By Matt Kapko • Oct. 28, 2022 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
Explore CISA’s 37 steps to minimum cybersecurity
The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.
By Naomi Eide • Oct. 28, 2022