Author Archive
Cybersecurity
The Federal Government is Moving on Memory Safety for Cybersecurity
The issue of how coding languages might support software developers’ management of memory has recently gotten attention from the National Security Council, the Cybersecurity and Infrastructure Security Agency and Congress.
Cybersecurity
Cyber Director’s Preview of National Strategy Highlights Federal Software Procurement
The national cyber director also indicated plans to rely on feedback from members of the software industry who are working on recommendations for “streamlining” sector-specific regulations.
Policy
GAO Dings OMB on Performance Goals for Agencies’ IT Management
The federal CISO’s plan for getting agencies to focus on cybersecurity measures the administration considers most urgent did not go over so well in a shifting Congress.
Cybersecurity
CMS Subcontractor Breach Potentially Exposes Sensitive Data of 254,000 Customers
The Centers for Medicare and Medicaid said the breach involved a subcontractor that appears to have violated its obligations to the agency.
Cybersecurity
GAO Highlights Interoperability Challenges With Zero Trust
A cybersecurity specialist from the watchdog is ready to dive into related policy implications, but says work on agencies’ implementation is the more immediate concern.
Emerging Tech
NTIA Wants to Know How Best to Spend $1.5B in Grants for Secure, Open 5G
The money will be available to suppliers of information and communications technology in an effort to move away from Chinese companies like Huawei and ZTE.
Cybersecurity
Preparations for Quantum Cyber Threat Get a Senate Boost
The bill would require an annual report to Congress from the Office of Management and Budget with the goal of identifying funding needed for agencies’ transition to post-quantum cryptography.
Cybersecurity
FERC Chairman Wants to Update Cybersecurity Requirements
Discussion of potential changes centered on a need for software transparency and independent supply-chain assessments.
Policy
Key Cyber and Tech Provisions Included—and Excluded—from the Final NDAA
This year, provisions that were ultimately left out of the massive annual Defense authorization bill—despite in some cases bipartisan agreement across both Congressional chambers—got the most attention.
Cybersecurity
TSA Considers Using Third-Party Assessors in Coming Pipeline Regulations
The agency is exercising its authority to regulate pipelines and railways after issuing a series of short-term emergency security directives.
Cybersecurity
What the Census Bureau Can Learn From the IRS About Detecting Cyberattacks
Inspectors general from Commerce and Treasury present a tale of two testing regimes.
Cybersecurity
Agencies Push Deadline to Comment on Would-Be Federal Cyber Insurance Program
Insurance companies are pushing for taxpayer assistance to provide coverage in the event of catastrophic incidents.
Cybersecurity
Big Tech Tells CISA to Exempt Third-Party Providers from Incident Reporting Rule
Major industry groups clashed on how CISA should define key terms in its rulemaking process to implement the federal incident reporting law.
Cybersecurity
CISA Highlights Space, Bioeconomy as Possible New Critical Infrastructure Sectors
The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.
Cybersecurity
DHS Chief Appears to Back Status Quo Approach for Securing Critical Infrastructure
The Biden administration is looking to Congress for help with ‘filling gaps in statutory authorities’ for improving U.S. cybersecurity.
Cybersecurity
CISA Issues Vulnerability-Management Tools Dependent on Industry Action
Federal agencies are under a binding operational directive to address exploitable security vulnerabilities in their software, but the success of CISA’s effort relies on the cooperation of software vendors.
Cybersecurity
NIST Official Warns Against Device-only Approach to Securing IoT
Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.
News
What a Divided Government Could Mean for Tech Policy
Here’s what a split Congress might mean for tech, cybersecurity and governance.
Cybersecurity
CISA, NSA and Industry Outline Security Responsibilities of Software Suppliers
New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.
Cybersecurity