Policy & Regulation
-
UK cyber chief warns country is at an inflection point as digital threats rise
In his first major speech, NCSC CEO Richard Horne said state linked and criminal threat groups are working to undermine the nation’s reliance on technology.
By David Jones • Dec. 3, 2024 -
SEC reports drop in enforcement actions for 2024 FY
The securities regulator also reported a record $8.2 billion in monetary remedies for its last fiscal year, driven by Terraform Labs crypto fraud settlement.
By Justin Bachman • Nov. 26, 2024 -
HHS facing challenges as lead agency for healthcare cybersecurity: GAO
The department hasn’t implemented some policies recommended by the watchdog, which could pose a risk to cybersecurity in the sector as attacks increase, according to the Government Accountability Office.
By Emily Olsen • Nov. 20, 2024 -
Federal probe finds vulnerabilities across more than 300 US water systems
The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.
By David Jones • Nov. 19, 2024 -
Easterly to step down from CISA director role on Inauguration Day
CISA confirmed that political appointees of the Biden administration will also depart the agency as the Trump administration takes over.
By David Jones • Nov. 18, 2024 -
National cyber director calls for streamlined security regulations
Harry Coker Jr. assured critical infrastructure and private sector stakeholders that while standards are necessary, there is a need to harmonize burdensome compliance demands.
By David Jones • Nov. 14, 2024 -
US hopes to leverage UN cybercrime treaty toward ransomware fight
The Biden administration decided to back the controversial accord, despite widespread concerns about potential human rights abuses.
By David Jones • Nov. 12, 2024 -
TSA proposes cyber risk management programs for surface transportation, pipeline operators
The proposed rule would also require the disclosure of cyber incidents to CISA and physical security concerns to TSA.
By David Jones • Nov. 7, 2024 -
4 tech issues to watch in Trump’s second term
AI, cloud and cybersecurity policies are in the spotlight ahead of the forthcoming Trump administration.
By Roberto Torres • Nov. 7, 2024 -
USDA, White House launch study to boost cyber resilience of rural water utilities
A yearlong program with the National Rural Water Association will provide technical assistance to water utilities led by Vermont and Oregon officials.
By David Jones • Nov. 4, 2024 -
SEC cyber rules could survive regardless of election outcome, experts say
As the U.S. presidential election looms, cybersecurity remains a bipartisan focus, experts said during a joint CFO Dive and CIO Dive live event.
By Grace Noto • Nov. 4, 2024 -
As presidential election looms, disparate approaches to cyber policy come into focus
Government officials and security leaders are hoping the nation’s need for cyber resilience will stand on bipartisan cooperation and transcend partisan politics regardless of the election results.
By David Jones • Oct. 31, 2024 -
CISA rolls out international strategic plan to bolster cyber cooperation
The agency is looking to strengthen intel sharing with key cyber partners, raise security standards and ensure a more resilient global supply chain.
By David Jones • Oct. 30, 2024 -
Cyber task force has a long to-do list for next president
The change in leadership presents an opportunity to assess what’s working, where adjustments could be made and areas that are in most need of prioritization, the McCrary Institute said.
By Matt Kapko • Oct. 29, 2024 -
SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure
The agency alleged Unisys, Avaya, Check Point Software and Mimecast misled investors about the extent of their respective cyber risks.
By David Jones • Oct. 22, 2024 -
FCC expands cooperation with states on data security, privacy enforcement
More states are working with the agency to investigate possible violations of consumer privacy and data security laws.
By David Jones • Oct. 22, 2024 -
New legislation aims to tame ‘Wild West’ in healthcare cybersecurity
The proposed bill, introduced last month by Sens. Ron Wyden and Mark Warner, is a good step forward, but hospitals may need more funds to boost their cybersecurity practices, experts say.
By Emily Olsen • Oct. 22, 2024 -
Microsoft confirms partial loss of security log data on multiple platforms
The company previously expanded free access to security logs on several platforms, including Purview, following the 2023 state-linked hack of Exchange Online.
By David Jones • Oct. 18, 2024 -
FBI, CISA seek input on software security, configuration changes
Authorities are seeking public comment on steps the software industry can take to make their products more resistant to malicious threat activity.
By David Jones • Oct. 17, 2024 -
US disables Anonymous Sudan infrastructure linked to DDoS attack spree
Authorities unsealed charges alleging two Sudanese nationals ran the hacktivist group, linked to major attacks against Microsoft and others.
By David Jones • Oct. 17, 2024 -
Majority of global CISOs want to split roles as regulatory burdens grow
Trellix research shows rising cybersecurity demands from the SEC and other government bodies are pushing CISOs even closer to the edge.
By David Jones • Oct. 15, 2024 -
Cyber risk tops C-suite concerns heading into US election
A report by PwC shows American business leaders will continue to focus on data regulation, AI and technology investments regardless of which party prevails in November.
By David Jones • Oct. 10, 2024 -
FTC settles yearslong investigation into Marriott’s ‘security failures’
The settlement caps a pattern of major data breaches at Marriott and its subsidiary Starwood Hotels and Resorts Worldwide over the last decade.
By Matt Kapko • Oct. 10, 2024 -
Deep Dive
CIOs turn to NIST to tackle generative AI’s many risks
Discover's CIO is one of many tech leaders working to limit generative AI missteps by turning to risk management frameworks to get deployment right from the outset.
By Lindsey Wilkinson • Oct. 9, 2024 -
Counter Ransomware Initiative summit emphasizes arduous effort
An international collective of cyber officials continued discussions with the White House on how to counter ransomware attacks, reduce payments and increase response capabilities.
By Matt Kapko • Oct. 7, 2024