Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations

The Transportation Department’s pipeline safety regulator scrutinized control room management, which may have contributed to the fuel disruptions from the 2021 ransomware attack.

By David Jones • May 6, 2022

Banks face 'tight deadline' under new cyber notification rule

The May 1 cutoff to comply with the rule comes as the Biden administration has warned U.S. businesses about the increasing risk of Russian cyberattacks.

By Anna Hrushka • April 22, 2022

Cyber agencies renew warnings of Russia-linked threats against industrial targets

Separately, the U.S. is expanding the Joint Cyber Defense Collaborative to include experts on industrial control systems.

By David Jones • April 21, 2022

DOJ disrupts Russia-backed Cyclops Blink botnet

The court-ordered operation is the latest effort to stop malicious cyber activity following the Russian invasion of Ukraine.

By David Jones • April 7, 2022

Federal authorities urged to bolster intel sharing amid nation-state threats

Current Russian cyber activity has been limited, but experts warn the threat may increase on short notice.

By David Jones • April 6, 2022

State Department launches cyber bureau amid rising global tensions

The long anticipated bureau aims to weave diplomacy into the global effort to combat ransomware and rogue nation-state activity.

By David Jones • April 5, 2022

Biden administration's FY 2023 budget includes 11% increase for cyber

The budget calls for additional hiring at CISA and money to modernize IT at federal agencies.

By David Jones • March 30, 2022

What cyber incident reporting rules mean for critical infrastructure

The goal of the legislation is to provide legal cover for companies to share threat intelligence with law enforcement and government agencies.

By David Jones • March 15, 2022

Kronos ransomware attack raises questions of vendor liability

A cyberattack with supply chain and legal consequences has stakeholders considering contract minutiae.

By Lance Whitney • March 14, 2022

Congress adds historic cyber incident reporting rule to massive $1.5 trillion package

Key members of Congress and CISA say the bill will help protect critical infrastructure against malicious attacks.

By David Jones • March 11, 2022

SEC pushes for tougher cybersecurity disclosure rules

Companies would need to report breaches within four days under the proposed rules. 

By Jim Tyson • March 10, 2022

Russian cyberattacks surprisingly limited in Ukraine, US officials say

U.S. Cyber Command Gen. Paul Nakasone said Russia-backed cyber activity has been much lower than expected.

By David Jones • March 9, 2022

Would a cyberattack on a NATO country trigger Article 5?

Few nations have sophisticated cyber capabilities and for operational security reasons, they are closely guarded, rarely shared, and carefully used.

By Mark Laity • March 2, 2022

New York rolls out statewide cyber command center

Russia's invasion of Ukraine should make local government leaders watchful of critical infrastructure risk, expert says.

By Cailin Crowe • Feb. 28, 2022

DHS to lead federal response to Russia-Ukraine crisis

Cyberattacks in Ukraine continue as Russian troops enter Kyiv.

By David Jones • Feb. 25, 2022

Apache tells US Senate committee the Log4j vulnerability could take years to resolve

While a software bill of materials could improve supply chain security, users still download vulnerable versions of software. 

By David Jones • Feb. 9, 2022

NIST targets software supply chain with guidance on security standards

Guidelines call for developers to attest they use secure software practices.

By David Jones • Feb. 7, 2022

DHS adds review board to advise federal response to major cyberattacks

The board, which follows President Biden's May 2021 executive order on cybersecurity, will start with a review of the Apache Log4j vulnerability. 

By David Jones • Feb. 3, 2022

Conflict over Ukraine raises cyber risk for US enterprises

A diplomatic standoff with Russia threatens to drag U.S. companies and critical infrastructure into wider security crisis that could echo NotPetya. 

By David Jones • Feb. 1, 2022

White House targets security 'paradigm shift' with federal zero-trust strategy

Agencies have 60 days to submit zero-trust plans to OMB and CISA. 

By Samantha Schwartz • Jan. 28, 2022

GDPR regulators crack down on data processing as companies struggle with privacy compliance

Almost four years into GDPR, it has taken regulators time to find their footing to pursue violations.

By Samantha Schwartz • Jan. 28, 2022

Industry responded to Treasury ransomware sanctions but full impact unknown

The list of sanctioned ransomware-related parties has made incident responders take a more "cautious approach," said OFAC's Michael Lieberman.

By Samantha Schwartz • Jan. 27, 2022

It's time to focus on critical infrastructure systems security

Cyber-physical systems running on legacy infrastructure are ideal attack surfaces for malicious actors. 

By Katell Thielemann • Jan. 24, 2022

Biden gives defense, intel agencies 180 days to apply MFA, encryption

The White House's memorandum builds on past requirements to bolster U.S. cyber standards. This time, the administration is targeting agencies that handle classified intelligence. 

By Samantha Schwartz • Jan. 20, 2022

Log4j raises cyber risk for public finance entities, Fitch warns

Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity. 

By David Jones • Jan. 19, 2022