Author Archive
Cybersecurity
New Report Shows Significant Improvement in Consumer Cyber Hygiene
Senior administration officials and cybersecurity leaders marking Cybersecurity Awareness Month weighed in on a consumer survey examining how behaviors have changed over the last three years.
Cybersecurity
National Cybersecurity Review Begins for All Levels of Government
Answering the survey—based on the National Institute of Standards and Technology’s cybersecurity framework—is mandatory for certain grant recipients.
Cybersecurity
Senators’ Plan to Secure Open Source Software Involves Agencies Using More of It
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code.
Cybersecurity
Treasury Seeks Comment on How to Structure a Cyber Insurance Program
The Department’s Federal Insurance Office—together with the Cybersecurity and Infrastructure Security Agency—is soliciting feedback in preparation for a report to Congress.
Cybersecurity
Senate Legislation to Secure Open Source Software Relies on Transparency Initiative
Success would depend to a significant degree on whether agencies require vendors of information and communications technology to provide a software bill of materials with their products and services.
Cybersecurity
CISA, NSA Guidance Tries to Reduce Alternatives for Securing Industrial Control Systems
Policymakers in Congress and the administration are grappling with how to set a performance bar for companies' mitigation of cyber threats against critical infrastructure they own, while allowing flexibility the companies say is needed to run their operations.
Cybersecurity
Industry Objections Spur Changes to Cybersecurity Provisions in Defense Bill
Key members of the House and Senate are altering proposals for identifying systemically important critical infrastructure and securing the software supply chain.
Cybersecurity
FCC Adds China-linked Telecom Providers to List of National Security Threats
The departments of Defense and Justice want the agency to take a more comprehensive approach to preventing foreign adversaries from accessing Americans’ communications and data.
Cybersecurity
CISA Plans to Measure the Effect of Coming Standards on Industry’s Cybersecurity
But big companies want to avoid agencies’ use of related performance goals in new regulation.
Cybersecurity
Defense, Justice Call for FCC Rulemaking to Secure Internet Routing, Opposing NTIA
The departments cited comments from the Cybersecurity and Infrastructure Security Agency and said a regulatory approach would have a greater impact “industry-wide” than dealing with entities case-by-case.
Cybersecurity
OMB: New Acquisition Rule Coming for Vendors to Vouch for Their Software Security
Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.
Cybersecurity
Whistleblower Explains How Twitter Easily Skirted FTC’s Data Security Enforcement
The former public official—and legendary hacker’s—decision to expose what he described as a disastrous security environment at the company has prompted an unlikely alliance in Congress.
Cybersecurity
CISA Requests Input on Terms Already Defined by Incident Reporting Law
The agency is embarking on a rulemaking process to implement the law, which requires those who make ransomware payments to report them to the government.
Cybersecurity
U.S. Sanctions Iran—Under New Treasury Rules—for Attack on Albania
The new rules elaborate on what kinds of cyber activities warrant sanctions designation.
Policy
Commerce Revises Export Rules to Boost US Standards Development on Critical Tech
The original rule—which banned certain entities from receiving U.S. exports—endangered U.S. participation in international standards bodies where such entities are present, opponents said.
Cybersecurity
White House Attributes Attack on Albania’s Critical Infrastructure to Iran
A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.
Cybersecurity
Treasury Reissues Rules to Enforce Cyber Sanctions on Foreign Adversaries
The rules could apply to any new executive order related to the national security emergency President Obama declared in 2015, in advance of a cybersecurity agreement with China.
Cybersecurity
New Guide to Secure Software Development Passes on Content but Fails on Communication, Industry Official Says
The lengthy document may miss its target audience altogether, one industry observer notes.
Cybersecurity
National Cyber Director’s Office Elevates Key Personnel
Nick Leiserson helped develop legislation that created the cyber director’s office. A year after its establishment, he’s moving to a position where he can use it to shape policy.
IT Modernization