Inside Cybersecurity

May 8, 2024

Home Page

Home Page

By Sara Friedman

SAN FRANCISCO. CISA Director Jen Easterly called for “radical transparency” from technology manufacturers on measures they are taking to ensure their products are “as safe and secure as possible,” during a keynote here at the RSA conference where she participated in a discussion with former CISA Director Chris Krebs.

By Sara Friedman

SAN FRANCISCO. The Cybersecurity and Infrastructure Security Agency is working with individual agencies to set up agreements on sharing incident reports, as efforts get underway to establish mechanisms for the “substantially similar reporting” exception under the agency’s upcoming mandatory requirements, according to CISA executive director Brandon Wales.

By Jacob Livesay

The National Telecommunications and Information Administration has announced a $420 million notice of funding opportunity focused on supporting the buildout of Open Radio Access Networks to boost wireless service cybersecurity and trustworthiness by promoting supply chain diversity.

By Jacob Livesay

The Department of Defense should have a more clearly delineated role to play in international capacity-building under the State Department’s new cybersecurity strategy, according to retired Rear Adm. Mark Montgomery of the Foundation for Defense of Democracies.

By Sara Friedman

SAN FRANCISCO. The first meeting of the DHS Artificial Intelligence Safety and Security Board focused on principles that will shape their work moving forward with the end goal of developing guidelines for secure and trustworthy AI, according to Homeland Security Secretary Alejandro Mayorkas.

By Sara Friedman

SAN FRANCISCO. The Office of the National Cyber Director has published version two of its implementation plan for the national cyber strategy, providing updates on initiatives launched over the past year and new projects that are underway in 2024.

By Sara Friedman

SAN FRANCISCO. The Defense Department will continue to direct contractors to follow requirements in the current version of NIST Special Publication 800-171 under a “class deviation,” amid the anticipated release this month of an update to the foundational controlled unclassified information publication.

RECENT NEWS

CISA’s Friedman: Managing risks related to unsupported software starts in the ‘data layer’
Former CISA Director Krebs, other policy vets join reshuffled Cyber Safety Review Board
Cyber incident reporting, software security initiatives among hot topics at RSA as agency leaders, policy vets convene in San Francisco
CISA-facilitated community group offers guidance on SBOM sharing use cases
CISA grants 30-day extension for input on incident reporting rule
DHS chief Mayorkas highlights Microsoft cyber commitments following critical CSRB report

MORE NEWS ›

Topics

Biden's Executive Order
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
Incident Reporting Law
Industry leaders to question scope of proposed CISA mandatory reporting requirements at House hearing
Easterly highlights CISA efforts to support agencies, address threats at fiscal 2025 budget hearing
UnitedHealth Group CEO calls for collaboration to create minimum cybersecurity controls in healthcare sector
Cyber attorney Brown: CISA should harmonize data elements required under upcoming mandatory reporting regime
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
NIST plans May release of updated controlled unclassified information guides foundational to CMMC program
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
Office of Personnel Management commits to skills-based hiring for IT roles as part of national cyber workforce strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
CSF 2.0
NIST explores ways to support creation of ‘community' profiles based on CSF 2.0 update
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
Supply Chain
CISA, FBI publish secure by design alert on class of vulnerability affecting health, education sectors
CISA and partners issue alert on Russian ‘hacktivist’ activity targeting water systems
Former CISA risk management leader sees opportunity for prioritizing cloud providers under national security memo
DHS receives duties to produce national risk management plan under critical infrastructure memo