Inside Cybersecurity

May 1, 2024

Home Page

Home Page

By Jacob Livesay

The Department of Homeland Security will take a central role in President Biden's update to a decade-old policy directive outlining the government's new approach to addressing critical infrastructure resilience, including the development of a nationwide plan for risk management informed by work at the Cybersecurity and Infrastructure Agency and sector-specific agencies.

By Sara Friedman

Stakeholders from the financial, telecom and electricity sectors will share their views today on CISA’s proposed rule to establish mandatory cyber incident reporting requirements for critical infrastructure at a House hearing.

By Sara Friedman

CISA Director Jen Easterly provided three priorities for the upcoming fiscal year to House appropriators at a Tuesday hearing, including protecting the federal enterprise, addressing threats from China and providing resources to help under resourced entities.

By Jacob Livesay

UnitedHeath Group is pushing for a collaborative approach to creating mandatory minimum cyber controls for healthcare organizations following a February cyber attack on its subsidiary Change Healthcare, according to CEO Andrew Witty, who is set to testify today at two hearings.

By Sara Friedman

President Biden has signed a long-awaited national security memorandum to update the government’s work to address critical infrastructure resilience and security at the interagency level, within the intelligence community and in partnership with key sectors.

By Sara Friedman

The Cybersecurity and Infrastructure Security Agency is providing guidance to critical infrastructure owners and operators on how to secure their systems against cross-sector impacts from the use of artificial intelligence.

By Jacob Livesay

The National Institute of Standards and Technology is asking for input on a draft generative artificial intelligence companion profile to the NIST Secure Software Development framework, as part of the agency’s work to meet requirements from President Biden’s Oct. 30 AI executive order.

RECENT NEWS

Software group urges Commerce Dept. to scope foreign reporting requirements under proposed rule for infrastructure-as-a-service providers
Office of Personnel Management commits to skills-based hiring for IT roles as part of national cyber workforce strategy
NIST plans May release of updated controlled unclassified information guides foundational to CMMC program
Cyber attorney Brown: CISA should harmonize data elements required under upcoming mandatory reporting regime
DHS announces artificial intelligence safety board under executive order, names diverse membership
CISA enters new stage of secure by design efforts targeted at addressing economic demand, consumer awareness

MORE NEWS ›

Topics

Biden's Executive Order
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
Incident Reporting Law
CISA considers alternatives to proposed mandatory incident reporting rule through regulatory impact analysis report
Water groups ask CISA for extension on incident reporting rulemaking comment period
CISA outlines enforcement mechanisms for mandatory cyber incident reporting regime in proposed rulemaking
House lawmakers highlight data minimization as strength of Rodgers-Cantwell draft privacy bill
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Defense ISAC releases ‘shopping guide’ to assist small businesses with selecting assessor for CMMC certification
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
Federal officials emphasize role of state-level investments in cybersecurity for fulfilling national cyber strategy
CSF 2.0
NIST explores ways to support creation of ‘community' profiles based on CSF 2.0 update
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
Supply Chain
Internet-focused nonprofits raise concerns to FCC over potential regulation of routing protocol ahead of net neutrality vote
Telecom groups seek transparency from Justice Dept. in identifying of ‘countries of concern’ under upcoming data transfer rule
Security research firm identifies cyber threats impacting autonomous vehicles
CISA official illuminates path forward for eliminating recurring software vulnerabilities