Author Archive

Mariam Baksh

Senior Correspondent

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
Policy

Key Cyber and Tech Provisions Included—and Excluded—from the Final NDAA

This year, provisions that were ultimately left out of the massive annual Defense authorization bill—despite in some cases bipartisan agreement across both Congressional chambers—got the most attention.

Cybersecurity

TSA Considers Using Third-Party Assessors in Coming Pipeline Regulations

The agency is exercising its authority to regulate pipelines and railways after issuing a series of short-term emergency security directives.

Cybersecurity

Agencies Push Deadline to Comment on Would-Be Federal Cyber Insurance Program

Insurance companies are pushing for taxpayer assistance to provide coverage in the event of catastrophic incidents.

Cybersecurity

Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule

Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.

Cybersecurity

CISA Highlights Space, Bioeconomy as Possible New Critical Infrastructure Sectors

The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.

Cybersecurity

DHS Chief Appears to Back Status Quo Approach for Securing Critical Infrastructure

The Biden administration is looking to Congress for help with ‘filling gaps in statutory authorities’ for improving U.S. cybersecurity.

Cybersecurity

CISA Issues Vulnerability-Management Tools Dependent on Industry Action

Federal agencies are under a binding operational directive to address exploitable security vulnerabilities in their software, but the success of CISA’s effort relies on the cooperation of software vendors.

Cybersecurity

NIST Official Warns Against Device-only Approach to Securing IoT

Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.

News

What a Divided Government Could Mean for Tech Policy

Here’s what a split Congress might mean for tech, cybersecurity and governance.

Cybersecurity

CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

Cybersecurity

CISA Leaning Toward Lower Threshold for Mandatory Cyber Incident Reporting

The agency has started to receive feedback from some key stakeholders for its rulemaking process on the issue.

Cybersecurity

NDAA Negotiations Will Determine Success of Several Cyber Solarium Goals

Influence from major industry threatens once again to thwart lawmakers’ attempts to realize their policymaking goals through the annual defense authorization bill.

Cybersecurity

CISA Director: Big Tech Shouldn’t Charge Extra for Event Logging

The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.

Cybersecurity

Agencies Shouldn’t 'Just Trust' Software Vendors' Security Assurances, IG Warns

NIST advisors debating the merits of OMB’s policy on software vendors’ “self-attestation” to secure development practices found common ground on a need for audits and testing.

Data

Senators Applaud Intelligence Leader’s Commitment to Declassification Reform

The senators are trying to focus more resources on artificial intelligence and access-control technologies for agencies to appropriately categorize documents in the digital age.

Cybersecurity

CISA Seeks Feedback on Baseline Measures to Secure Cloud Configuration

Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next. 

News

Justice Reveals Use of a Double Agent in Complaint Against Chinese Spies

The spies were charged with obstruction of justice during the prosecution of a Chinese telecommunications firm in one of three indictments the department uncovered related to China’s quest for technological superiority and global standing, officials said.

Cybersecurity

TSA Opens Registration for Public Meeting on Cybersecurity Regulations

The agency’s advisory committee typically meets behind closed doors, but they are required to hold at least one public meeting per year. 

Cybersecurity

CISA to Focus on Water, Education and Health Sectors Over the Next Year 

The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.