Inside Cybersecurity

April 23, 2024

Home Page

Home Page

By Sara Friedman

Six groups representing the water sector are seeking a 30-day comment period extension to respond to the Cybersecurity and Infrastructure Security Agency’s notice of proposed rulemaking to establish a mandatory incident reporting regime.

By Jacob Livesay

The latest iteration of the Cybersecurity and Infrastructure Security Agency’s biennial “Cyber Storm” exercise demonstrated how the federal government and the private sector can work together to deal with sensitive information in a crisis scenario, according to CISA cyber leader Eric Goldstein.

By Sara Friedman

UnitedHealth Group CEO Andrew Witty will appear on May 1 in front of the House Energy and Commerce Committee to respond to questions from lawmakers on the Change Healthcare cyber attack.

By Jacob Livesay

The Federal Communications Commission meets this week to consider and vote on reinstating net neutrality rules, while the Institute for Security and Technology holds an annual event to reflect on recommendations developed by the Ransomware Task Force in a 2021 report and review the state of play for the ransomware landscape.

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency’s work to promote best practices for secure software development will move forward with a focus on eliminating vulnerabilities that have plagued the software ecosystem for over 15 years, according to senior technical advisor Bob Lord.

By Sara Friedman

A new report from the Government Accountability Office evaluates federal efforts to implement President Biden’s 2021 cyber executive order, including requirements to determine critical software for procurement purposes and the work of the DHS-led-Cyber Safety Review Board.

By Sara Friedman

House Financial Services members sought to understand the role and costs of cyber insurance at a hearing this week on ransomware risks to the financial system.

RECENT NEWS

DHS and open source group release new tool for creating, translating Software Bill of Materials
Lawmakers back FCC net neutrality rulemaking as commission vote nears to restore Title II oversight
CISA outlines enforcement mechanisms for mandatory cyber incident reporting regime in proposed rulemaking
House lawmakers highlight data minimization as strength of Rodgers-Cantwell draft privacy bill
CISA, intelligence agencies release guidance on foreign influence operation tactics impacting elections
Key senators issue bipartisan call for Schumer’s AI working group to focus on ‘extreme risks’

MORE NEWS ›

Topics

Biden's Executive Order
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
FAR Council establishes new section in acquisition rules for upcoming supply chain regulations
FCC kicks off comment period on ‘further notice’ for cyber labeling program to address national security
Incident Reporting Law
Mayorkas addresses incident reporting harmonization at House fiscal 2025 budget hearing
Tech group calls for eliminating info-sharing federal agency silos to better combat ransomware
Congressional Research Service reviews CISA incident reporting notice of proposed rulemaking
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Defense ISAC releases ‘shopping guide’ to assist small businesses with selecting assessor for CMMC certification
Canadian government urges DOD to establish reciprocity between CMMC and Canadian cyber certification program
Zero Trust
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
CISA requests $115.9 million in fiscal 2025 budget to support mandatory incident reporting regime
National Cyber Strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
Federal officials emphasize role of state-level investments in cybersecurity for fulfilling national cyber strategy
CSF 2.0
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
NIST launches update process for small business security publication with request for comment
Supply Chain
House Energy and Commerce weighs need for establishing health sector cyber requirements with providing incentives
Information sharing group emphasizes consequences of ransomware on food, agriculture sector
Former FCC cyber chief highlights central role for national security in net neutrality rulemaking
Industry-led 'GridEx' cyber exercise reveals need for improved system resilience, extensive cyber prep