Policy & Regulation: Page 16
-
Mario Tama via Getty Images
Morgan Stanley fined $35M by SEC over improper data disposal
The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.
By Gabrielle Saulsbery • Sept. 21, 2022 -
Mark Wilson via Getty Images
Capital One freed from consent order tied to 2019 breach
The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.
By Gabrielle Saulsbery • Sept. 20, 2022 -
Vacclav/iStock via Getty Images
White House guidance on third-party software seen as a major test of cyber risk strategy
The U.S. hopes that by forcing software producers to meet a set of minimum security standards for federal use, a new baseline strategy will be adopted industrywide.
By David Jones • Sept. 19, 2022 -
Cat Eye Perspective via Getty Images
Industrial control systems face more cyber risks than IT, expert testifies
Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said.
By David Jones • Sept. 16, 2022 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA can’t definitively say if ransomware is getting better or worse
Organizations can be unwilling to notify government officials when ransomware intrusions occur, but that simple act might prevent the next attack.
By Matt Kapko • Sept. 15, 2022 -
PorqueNoStudios/iStock via Getty Images
White House sets minimum security standards for federal software use
The Office of Management and Budget is requiring agencies to get a self-attestation from software producers showing compliance with NIST guidance.
By David Jones • Sept. 14, 2022 -
Courtesy of Billington CyberSecurity Summit
US is shoring up gaps in cyber policy, but critical goals remain unfulfilled
Legislators say the Cyberspace Solarium Commission led to significant national security enhancements, but analysts are calling for urgent momentum on a federal law on data privacy and security.
By David Jones • Sept. 13, 2022 -
Chip Somodevilla via Getty Images
US Treasury sanctions Iran intelligence agency following Albanian government attack
The Treasury Department said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007.
By David Jones • Sept. 12, 2022 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA announces RFI for critical infrastructure cyber reporting mandate
The agency plans to publish the information request in the Federal Register on Monday and will kick off a national listening tour.
By David Jones • Sept. 9, 2022 -
Brendan Hoffman via Getty Images
OpinionHow the US government’s cyber priorities will impact businesses
There is a high probability that enterprise leaders will need to comply with some level of federal cybersecurity requirements or guidance.
By Tim Mackey • Sept. 9, 2022 -
Permission granted by Billington CyberSecurity
CISA Director: Tech industry should infuse security at product design stage
Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.
By David Jones • Sept. 7, 2022 -
NicoElNino via Getty Images
Feds push for developers to take lead in securing software supply chain
The guidelines from CISA and the NSA come amid a growing movement to “shift left” and evaluate software security earlier in the development cycle.
By David Jones • Sept. 2, 2022 -
Carol Highsmith. (2005). "The Apex Building" [Photo]. Retrieved from Wikimedia Commons.
Twitter whistleblower claims may bolster federal privacy push
Bipartisan efforts to protect consumer information may gain momentum following allegations that Twitter failed to safeguard private data.
By Jim Tyson • Aug. 23, 2022 -
Getty
DOE to support development of ‘next-generation cyber tools’ to protect grid
The agency announced $45 million will be available for up to 15 “next-generation” cybersecurity research, development and demonstration projects.
By Robert Walton • Aug. 19, 2022 -
Yudram_TA via Getty Images
Zero trust adoption skyrockets, nearing universal adoption
A report from Okta shows organizations fully embracing zero-trust principles, as hybrid work requires long-term changes to identity management.
By David Jones • Aug. 16, 2022 -
Matt Kapko/Cybersecurity Dive
CISA director lauds first-year efforts of public-private cyber collaborative
One year into the Joint Cyber Defense Collaborative, Jen Easterly says the partnership has helped limit the scale of threats.
By David Jones • Aug. 15, 2022 -
Tasos Katopodis via Getty Images
US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says
A dizzying array of agencies and disorganized efforts bolsters Chris Krebs’ call for a cybersecurity governance overhaul.
By Matt Kapko • Aug. 12, 2022 -
Drew Angerer/Getty Images via Getty Images
Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says
The state of cybersecurity is bad and it’s going to get worse, Chris Krebs said at Black Hat. But somehow things might eventually get better.
By Matt Kapko • Aug. 10, 2022 -
da-kuk via Getty Images
Blockchain, privacy advocates push back on Tornado Cash sanctions
Groups are decrying the Treasury Department's virtual currency mixer sanctions, saying they harm the ability of crypto users to conduct secure and private transactions.
By David Jones • Aug. 10, 2022 -
Chip Somodevilla / Staff via Getty Images
White House to incorporate performance metrics into national cybersecurity strategy
The Office of the National Cyber Director is working across multiple federal agencies and private sector partners to set priorities and assess effectiveness.
By David Jones • Aug. 5, 2022 -
Stefan Zaklin via Getty Images
US must take a lead role in cyber diplomacy, State Dept. nominee says
Nathaniel Fick told lawmakers the U.S. should promote international cyber norms to protect national security from authoritarian threats.
By David Jones • Aug. 4, 2022 -
Retrieved from Jen Easterly/CISA.
CISA expands cyber relationship with Ukraine authorities
The agreement formalizes closer ties between Ukraine and the key U.S. cybersecurity agency after the war with Russia led to increased threat activity.
By David Jones • July 28, 2022 -
Drew Angerer via Getty Images
Uber reaches non-prosecution deal with feds after concealing data breach
The ride-sharing firm had been under investigation by the Federal Trade Commission, when the 2016 data breach occurred, an event undisclosed until new management entered the picture.
By David Jones • July 26, 2022 -
marchmeena29 via Getty Images
Breach rule would give credit unions longer reporting window than banks
The 72-hour timeframe falls in line with the Critical Infrastructure Act that President Joe Biden signed in March, but is twice as long as the reporting window banks have had to comply with since May.
By Anna Hrushka • July 26, 2022 -
Justin Sullivan/Getty Images via Getty Images
T-Mobile agrees to $500M settlement for 2021 cyberattack
The wireless carrier suffered a massive data breach in the summer of 2021, the fifth publicly acknowledged incident of its type in three years.
By Matt Kapko • July 25, 2022
Previous
