Policy & Regulation: Page 6
-
Permission granted by Information Technology Industry Council
White House details $11M plan to help secure open source
National Cyber Director Harry Coker Jr., speaking at Def Con in Las Vegas, says federal assistance must be bolstered by more ownership among the community.
By David Jones • Aug. 14, 2024 -
Matt Kapko/Cybersecurity Dive
CISA director: Cybersecurity is ‘not an impossible problem’
In Jen Easterly's view, the solution to the industry's pains lies in secure by design. “We got ourselves into this, we have to get ourselves out,” she said during a media briefing at Black Hat.
By Matt Kapko • Aug. 13, 2024 -
Andrew Harnik via Getty Images
Delta expects $380M revenue hit due to CrowdStrike outage
The company said it canceled 7,000 flights in five days due to the IT outage, according to a Thursday filing with the Securities and Exchange Commission.
By Roberto Torres • Aug. 9, 2024 -
Brendan Smialowski via Getty Images
Progress Software says SEC declines to pursue action related to MOVEit exploitation spree
The decision comes just weeks after a federal court dismissed most of the SEC’s civil fraud case against SolarWinds.
By David Jones • Aug. 8, 2024 -
Win McNamee via Getty Images
Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems
The report comes amid a rise in malicious cyberthreats from state-linked and criminal hackers targeting U.S. drinking water and water treatment facilities.
By David Jones • Aug. 6, 2024 -
Jack Taylor via Getty Images
CrowdStrike outage renews supply chain concerns, federal officials say
The White House and the U.S. Government Accountability Office are raising questions about the resilience of the software supply chain and memory safety vulnerabilities.
By David Jones • Aug. 2, 2024 -
Chip Somodevilla via Getty Images
SolarWinds legal ruling expected to narrow, but maintain SEC oversight on cyber transparency
The dismissal of most charges in a closely watched civil fraud case will test the ability of federal authorities to regulate risk disclosure.
By David Jones • July 29, 2024 -
Joe Raedle via Getty Images
CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds
A report from Parametrix estimates cyber insurance will cover only about 10% to 20% of losses.
By David Jones • July 25, 2024 -
Joe Raedle via Getty Images
CrowdStrike, Microsoft scramble to contain fallout from global IT outage
Cybersecurity and IT experts said users are having major difficulties in recovery efforts, despite workarounds and guidance the vendors released.
By David Jones • July 22, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
Majority of SEC civil fraud case against SolarWinds dismissed, but core remains
The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.
By David Jones • Updated July 18, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA calls for elimination of OS command injection vulnerabilities
Threat groups target vulnerabilities in widely used network devices. CISA’s latest advisory urges software makers to eliminate them at the source.
By Matt Kapko • July 11, 2024 -
Chip Somodevilla via Getty Images
MOVEit legal liabilities, expenses pile up for Progress Software
The prospective financial hit from a widely exploited vulnerability in the file-transfer service is growing. Progress confronts lawsuits, regulator scrutiny and government investigations.
By Matt Kapko • July 10, 2024 -
Drew Angerer via Getty Images
Critical infrastructure providers seek guardrails on scope, timeline for CIRCIA rules
In a last-minute push, critical infrastructure stakeholders urged federal officials to give more flexibility on the detail required during the first 72 hours of covered cyber incidents.
By David Jones • July 8, 2024 -
Kevin Dietsch / Staff via Getty Images
Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation
Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.
By David Jones • Updated July 8, 2024 -
whyframestudio via Getty Images
Manufacturing cybersecurity at heart of new White House guidance
The increased priority on security comes as more clean energy supply chains face the threat of a cyberattack.
By Kate Magill • June 24, 2024 -
Drew Angerer via Getty Images
Microsoft president promises significant culture changes geared towards security
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
By David Jones • June 14, 2024 -
Drew Angerer via Getty Images
Microsoft will take full ownership for security failures in House testimony
Brad Smith, the company’s vice chair and president, will acknowledge extensive security lapses while outlining steps the company, industry and nation need to move forward.
By David Jones • June 13, 2024 -
Mark Wilson / Getty Images via Getty Images
FCC approves $200M K-12 cybersecurity pilot
The three-year program will help schools begin to cover the costs of securing their networks from cyberattacks.
By Anna Merod • Updated June 7, 2024 -
Permission granted by Information Technology Industry Council
White House wants to harmonize the breadth of cybersecurity regulations
National Cyber Director Harry Coker Jr. detailed White House strategy to streamline the administrative burden and cost of cyber compliance.
By David Jones • June 5, 2024 -
Wirestock via Getty Images
NIST has a plan to clear the vulnerability analysis backlog
The Cybersecurity and Infrastructure Security Agency and government contractor Analygence will help clear the National Vulnerability Database backlog.
By Matt Kapko • May 31, 2024 -
"U.S. Securities and Exchange Commission headquarters in Washington, D.C., near Union Station" by AgnosticPreachersKid is licensed under CC BY 3.0
SEC clarifies intent of cybersecurity breach disclosure rules after initial filings
The rules require notification of “material” breaches, but some early filers have reported incidents that appear to fall short of the regulatory threshold.
By Alexei Alexis • May 29, 2024 -
Courtesy of NIST
Critical CVEs are going under-analyzed as NIST falls behind
NIST has analyzed less than 1 in 10 vulnerabilities added to the National Vulnerability Database since mid-February, according to VulnCheck research.
By Matt Kapko • May 28, 2024 -
Mario Tama via Getty Images
HHS agency launches program to automate cybersecurity at hospitals
The program will invest more than $50 million to create a software suite that can automatically find potential vulnerabilities that hackers could exploit and deploy fixes.
By Emily Olsen • May 24, 2024 -
Drew Angerer via Getty Images
SEC fines NYSE’s parent $10M for failing to report cyberattack
The settlement sheds light on the costs of cyberattacks that can include penalties for non-compliance with timely disclosure requirements after the events occur.
By Maura Webber Sadovi • May 24, 2024 -
Permission granted by McCrary Institute
White House seeks critical cyber assistance for water utilities, healthcare
The DOJ will also work to deter teens from joining criminal hackers like Lapsus$.
By David Jones • May 23, 2024
Previous
