Cybersecurity

Cybersecurity Leader: Deterrence Policy for Hacks Can’t Mirror That for Nukes

The Cyberspace Solarium Commission emerged due to the late John McCain’s  frustration with current U.S. doctrine on what should trigger a “use of force.”

Cybersecurity

NIST Releases Guidance for Assessing Compliance with Core Cybersecurity Publication 

The document is targeted at auditors—internal and external to an organization—who are set to play a central role in cybersecurity policy under a May executive order and initiatives like the Pentagon’s Cybersecurity Maturity Model Certification program.

Cybersecurity

Senator Touts Liability Protections in Recently Passed Cyber Incident Reporting Bill 

Agencies designated for managing risk in particular sectors have work ahead of them to hammer out details with the Cybersecurity and Infrastructure Security Agency.

Cybersecurity

FCC seeks comments on internet traffic routing risks

The Border Gateway Protocol traffic routing system dates back to an era of high trust between networks on the internet but now poses risks.

Cybersecurity

Outgoing Official Pushes for CISA Shift from Risk Advisor to Risk Reducer

After almost a decade and a series of massive intrusion campaigns, government and industry may finally be ready to have the crucial talk about cybersecurity metrics they’ve been avoiding.

Cybersecurity

Education's CISO Anticipates FedRAMP Evolution for ‘Zero-Trust’ Alignment

The Education Department’s Chief Information Security Officer co–chairs the Federal CISO Council, a channel for the administration’s implementation of Executive Order 14028.

Cybersecurity

Federal Agencies Lean On Multifactor Authentication As Key Security Component

Public sector officials discussed how strong identity verification technology plays a key role in supporting agency collaboration and data protections. 

Cybersecurity

Cyber-Incident Reporting Legislation Clears House in Bipartisan Spending Bill

The bill, attached to government funding legislation, now moves to the Senate, which recently passed the same incident reporting provisions separately by unanimous consent.

Cybersecurity

SEC proposes mandatory breach reporting for publicly traded companies

The Securities and Exchange Commission is proposing new rules requiring companies to disclose to investors material cybersecurity incidents within four business days.

Cybersecurity

House Committee Approves Cybersecurity Training Bill 

The legislation advances in the House after clearing the Senate in March, and would offer new cybersecurity training to federal and state governments.

Cybersecurity

CISA Warns of Ransomware Gang, Issues Indicators of Compromise

Processes spurring from the Ragnar Locker Ransomware have affected at least 52 critical infrastructure victims since January, but will terminate if it encounters systems in certain Russian and near-Russian locations.

Cybersecurity

White House reminds agencies to adopt NIST's software supply chain security framework

The Office of Management and Budget pressed federal agencies on a deadline to adopt the software supply chain best practices as directed under last year's White House cybersecurity executive order.

Cybersecurity

U.S.-Spain Summit Aims to Promote Tech Advancement in Nations That Don't 'Diminish Freedom’

The first U.S.-Spain Cybersecurity Seminar emphasized a transatlantic partnership against cybercrimes, set against Russia’s invasion of Ukraine.