White House eyes the next frontier of cybersecurity — space

The focus comes more than a year into the Ukraine war, which led to nation state attacks on commercial satellites.

By David Jones • March 30, 2023

The proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.

If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.

By Frank Shultz • March 27, 2023

US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure

Security needs to be baked into the technology Americans use every day and not bolted onto aging systems, said Kemba Walden, acting national cyber director.

By David Jones • March 24, 2023

5 steps organizations can take to counter IAM threats

Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.

By Matt Kapko • March 24, 2023

CISA director urges top business leaders, board members to take cyber risk ownership

Jen Easterly said the government cannot solve challenges posed by rising threat activity without active participation and corporate oversight from the private sector.

By David Jones • March 24, 2023

FTC opens inquiry into cloud market competition, security

As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.

By Matt Ashare • March 23, 2023

CISA revises cybersecurity performance goals

After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA.

By David Jones • March 22, 2023

SEC proposes cybersecurity disclosure rules for financial industry specialists

The changes would require broker-dealers and other entities to adopt written plans to minimize risk and promptly disclose major incidents.

By David Jones • March 17, 2023

CISA launches ransomware warning pilot for critical infrastructure providers

The agency already warned dozens of organizations about ProxyNotShell.

By David Jones • March 14, 2023

Shift to secure-by-design must start at university level, CISA director says

Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum. 

By David Jones • March 13, 2023

Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation

The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack. 

By David Jones • March 10, 2023

TSA unveils emergency cybersecurity requirements for airlines, airports

The requirements follow the release of the Biden administration’s national cybersecurity strategy, which includes enhanced measures for critical infrastructure.

By David Jones • March 8, 2023

How will the government enforce the national cyber strategy?

Efforts to enact laws and regulations that impose greater responsibility on the technology sector aren’t likely to come quick or easy.

By Matt Kapko • March 8, 2023

Who is liable for flawed software? New guidance upends the security standard

Development practices and safe harbor provisions are the subject of major debate as work to implement the White Houses’ cyber strategy begins.

By David Jones • March 6, 2023

EPA unveils cybersecurity oversight for public drinking water systems

An agency memorandum marks the first new initiative on critical infrastructure since the White House released its national cyber strategy.

By David Jones • March 3, 2023

The US cyber strategy is out. Now, officials just have to implement it

Industry stakeholders signal a willingness to discuss further steps, while congressional leaders hint additional action may be on the table. 

By David Jones • March 3, 2023

White House releases national cyber strategy, shifting security burden

The long-anticipated policy will push the technology industry to shoulder more of the load for cyber risk, while promoting long-term investments and global cooperation against common threats. 

By David Jones • March 2, 2023

CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access

The voluntary assessment raises concerns as the unnamed organization with a mature security program was unable to detect simulated actors moving laterally across its systems for months.

By David Jones • March 1, 2023

3 CISA principles for secure by design

The Biden administration is expected to emphasize safer development practices when it rolls out the national security strategy for cyber. 

By David Jones • Feb. 28, 2023

CISA director urges tech industry to take responsibility for secure products

Industry can no longer blame and shame customers who are victims of sophisticated attacks, Jen Easterly said.

By David Jones • Feb. 27, 2023

Google backs federal push for tech to embrace ‘secure by design’

CISA has urged the technology industry to develop more resilient products before they reach customers.

By David Jones • Feb. 15, 2023

National cyber director to retire this month

Chris Inglis, the president’s top cyber policy advisor, is stepping down as the nation awaits the unveiling of the National Cyber Strategy.

By David Jones • Feb. 9, 2023

Corporate boards struggle to understand cybersecurity and digital transformation

Boards are trying to navigate the ever-evolving threat landscape as federal regulators plan additional breach disclosure rules.

By David Jones • Feb. 6, 2023

Companies face data privacy maze, skills gap

New state privacy laws coming into effect could add pressure for companies trying to navigate the changing regulatory landscape. 

By Alexei Alexis • Feb. 1, 2023

CISA’s public-private cyber collaborative to focus on energy, water

The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems. 

By David Jones • Jan. 27, 2023