Author Archive

Mariam Baksh

Senior Correspondent

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
Cybersecurity

CISA Announces DC Event for Public Input on Incident Reporting Regulations

The effort aims to give officials a greater understanding of cyber threats and the ability to defend U.S. critical infrastructure against cascading impacts when attacks occur.

Cybersecurity

New Report Shows Significant Improvement in Consumer Cyber Hygiene

Senior administration officials and cybersecurity leaders marking Cybersecurity Awareness Month weighed in on a consumer survey examining how behaviors have changed over the last three years.

Cybersecurity

National Cybersecurity Review Begins for All Levels of Government

Answering the survey—based on the National Institute of Standards and Technology’s cybersecurity framework—is mandatory for certain grant recipients.

Cybersecurity

Senators’ Plan to Secure Open Source Software Involves Agencies Using More of It

The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code.

Cybersecurity

Treasury Seeks Comment on How to Structure a Cyber Insurance Program

The Department’s Federal Insurance Office—together with the Cybersecurity and Infrastructure Security Agency—is soliciting feedback in preparation for a report to Congress.

Cybersecurity

Senate Legislation to Secure Open Source Software Relies on Transparency Initiative

Success would depend to a significant degree on whether agencies require vendors of information and communications technology to provide a software bill of materials with their products and services.

Cybersecurity

CISA, NSA Guidance Tries to Reduce Alternatives for Securing Industrial Control Systems

Policymakers in Congress and the administration are grappling with how to set a performance bar for companies' mitigation of cyber threats against critical infrastructure they own, while allowing flexibility the companies say is needed to run their operations.

Cybersecurity

Industry Objections Spur Changes to Cybersecurity Provisions in Defense Bill  

Key members of the House and Senate are altering proposals for identifying systemically important critical infrastructure and securing the software supply chain.

Cybersecurity

FCC Adds China-linked Telecom Providers to List of National Security Threats

The departments of Defense and Justice want the agency to take a more comprehensive approach to preventing foreign adversaries from accessing Americans’ communications and data.

Cybersecurity

CISA Plans to Measure the Effect of Coming Standards on Industry’s Cybersecurity

But big companies want to avoid agencies’ use of related performance goals in new regulation.

Cybersecurity

Defense, Justice Call for FCC Rulemaking to Secure Internet Routing, Opposing NTIA

The departments cited comments from the Cybersecurity and Infrastructure Security Agency and said a regulatory approach would have a greater impact “industry-wide” than dealing with entities case-by-case.

Cybersecurity

OMB: New Acquisition Rule Coming for Vendors to Vouch for Their Software Security

Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.

Cybersecurity

Whistleblower Explains How Twitter Easily Skirted FTC’s Data Security Enforcement

The former public official—and legendary hacker’s—decision to expose what he described as a disastrous security environment at the company has prompted an unlikely alliance in Congress.

Cybersecurity

CISA Requests Input on Terms Already Defined by Incident Reporting Law

The agency is embarking on a rulemaking process to implement the law, which requires those who make ransomware payments to report them to the government. 

Cybersecurity

U.S. Sanctions Iran—Under New Treasury Rules—for Attack on Albania

The new rules elaborate on what kinds of cyber activities warrant sanctions designation.

Policy

Commerce Revises Export Rules to Boost US Standards Development on Critical Tech

The original rule—which banned certain entities from receiving U.S. exports—endangered U.S. participation in international standards bodies where such entities are present, opponents said.

Cybersecurity

White House Attributes Attack on Albania’s Critical Infrastructure to Iran 

A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.

Cybersecurity

Treasury Reissues Rules to Enforce Cyber Sanctions on Foreign Adversaries  

The rules could apply to any new executive order related to the national security emergency President Obama declared in 2015, in advance of a cybersecurity agreement with China.

Cybersecurity

National Cyber Director’s Office Elevates Key Personnel

Nick Leiserson helped develop legislation that created the cyber director’s office. A year after its establishment, he’s moving to a position where he can use it to shape policy.