Policy & Regulation
-
Center for Strategic and International Studies
CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership
Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.
By David Jones • Jan. 10, 2025 -
piranka via Getty Images
4 cybersecurity trends to watch in 2025
Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.
By David Jones , Matt Kapko • Jan. 9, 2025 -
Permission granted by Foundation for Defense of Democracies
National cyber director calls for deterrence against China-affiliated cyber threats
Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.
By David Jones • Jan. 9, 2025 -
Courtesy of Billington CyberSecurity Summit
White House program to certify the security of IoT devices goes live
The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.
By David Jones • Jan. 8, 2025 -
Permission granted by Aspen Cyber Summit, Laurence Genon
US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group
A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.
By David Jones • Jan. 6, 2025 -
hapabapa via Getty Images
SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms
With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.
By Alexei Alexis • Jan. 3, 2025 -
Vitalii Pasichnyk/Getty via Getty Images
White House says 9th telecom company hit in Salt Typhoon spree
A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.
By Matt Kapko • Dec. 27, 2024 -
Avosb via Getty Images
Flagstar fined $3.5M for āmisleadingā after 2021 cyberattack
The bank “negligently made” materially misleading statements after a hack that resulted in the theft of 1.5 million customers’ personally identifiable information.
By Gabrielle Saulsbery • Dec. 19, 2024 -
Justin Sullivan/Getty Images via Getty Images
CISA mobile security advice gets personal in wake of telecom intrusions
The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.
By Matt Kapko • Dec. 19, 2024 -
sgoodwin4813 via Getty Images
Rhode Island officials warn residents as ransomware group threatens social services data leak
The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.
By David Jones • Dec. 18, 2024 -
Adam Gray via Getty Images
CISA orders federal agencies to meet security baselines in Microsoft 365
The mandate to secure cloud environments is responsive to recent cybersecurity incidents, but not one specific threat, agency officials said.
By Matt Kapko • Updated Dec. 18, 2024 -
Joe Cicak via Getty Images
Pennsylvania representative pitches bill to double cyber assistance for local water systems
The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.
By David Jones • Dec. 17, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISAās pre-ransomware alerts nearly doubled in 2024
The federal agency’s efforts to improve defenses surged in fiscal year 2024. Yet, attacks continue to climb.
By Matt Kapko • Dec. 17, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA, ONCD propose updated National Cyber Incident Response Plan
The updated framework is designed to bolster the government’s partnership with private-sector organizations in the wake of an attack.
By Matt Kapko • Dec. 16, 2024 -
Drew Angerer/Getty Images via Getty Images
Sen. Wyden wants FCC to tighten security rules on telecom companies
The U.S. senator from Oregon wants the agency to strengthen rules requiring network operators to defend their systems and customers against intrusions.
By Matt Kapko • Dec. 13, 2024 -
Photo illustration: Industry Dive; US Securities and Exchange Commission
SEC cyber incident reporting rule generates 71 filings in 11 months
Most companies that disclosed cyber incidents to the agency did not describe materiality or other useful information, a BreachRx report found.
By Matt Kapko • Dec. 11, 2024 -
Kevin Dietsch / Getty Images via Getty Images
Trumpās pick to run FCC deeply concerned about Salt Typhoon
The recently uncovered swarm of attacks on U.S. telecom companies, part of a China-sponsored campaign, made FCC Commissioner Brendan Carr want to smash his phone, he said.
By Matt Kapko • Dec. 9, 2024 -
Chip Somodevilla/Getty Images via Getty Images
FCC proposes stronger telecom cyber rules as Salt Typhoon fallout continues
The agency’s proposed rule changes come two months after a China-government sponsored espionage campaign first came to light.
By Matt Kapko • Dec. 6, 2024 -
Alihan Usullu via Getty Images
UK cyber chief warns country is at an inflection point as digital threats rise
In his first major speech, NCSC CEO Richard Horne said state linked and criminal threat groups are working to undermine the nation’s reliance on technology.
By David Jones • Dec. 3, 2024 -
Hapabapa via Getty Images
SEC reports drop in enforcement actions for 2024 FY
The securities regulator also reported a record $8.2 billion in monetary remedies for its last fiscal year, driven by Terraform Labs crypto fraud settlement.
By Justin Bachman • Nov. 26, 2024 -
Alex Wong via Getty Images
HHS facing challenges as lead agency for healthcare cybersecurity: GAO
The department hasn’t implemented some policies recommended by the watchdog, which could pose a risk to cybersecurity in the sector as attacks increase, according to the Government Accountability Office.
By Emily Olsen • Nov. 20, 2024 -
Win McNamee via Getty Images
Federal probe finds vulnerabilities across more than 300 US water systems
The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.
By David Jones • Nov. 19, 2024 -
Permission granted by Carnegie Mellon University
Easterly to step down from CISA director role on Inauguration Day
CISA confirmed that political appointees of the Biden administration will also depart the agency as the Trump administration takes over.
By David Jones • Nov. 18, 2024 -
Permission granted by Office of the National Cyber Director
National cyber director calls for streamlined security regulations
Harry Coker Jr. assured critical infrastructure and private sector stakeholders that while standards are necessary, there is a need to harmonize burdensome compliance demands.
By David Jones • Nov. 14, 2024 -
Michael Santiago via Getty Images
US hopes to leverage UN cybercrime treaty toward ransomware fight
The Biden administration decided to back the controversial accord, despite widespread concerns about potential human rights abuses.
By David Jones • Nov. 12, 2024
