Inside Cybersecurity

May 3, 2024

Home Page

Home Page

By Jacob Livesay

An updated version of the implementation plan for the national cybersecurity strategy should focus on near-term efforts to address supply chain issues with new authorities and build the cyber workforce, according to former Office of the National Cyber Director official Camille Stewart Gloster.

By Charlie Mitchell

Director of National Intelligence Avril Haines stressed the need to improve cybersecurity practices in critical infrastructure amid one of the “most pernicious transnational threats” facing the United States, at a Senate Armed Services Committee hearing on the intelligence community’s 2024 global threat assessment.

By Charlie Mitchell

Senate Intelligence Chairman Mark Warner (D-VA) and Sen. Thom Tillis (R-NC) have introduced a bill to leverage and supplement existing cybersecurity vulnerability disclosure and tracking programs for use in the artificial intelligence realm, with provisions including a new “voluntary database to record AI-related cybersecurity incidents including so-called ‘near miss’ events,” according to the senators.

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency and FBI are raising awareness of best practices to eliminate vulnerabilities in software directories, in the latest entry of the secure by design alert series.

By Sara Friedman

Lawmakers at a House hearing sought to get an understanding of how the Cybersecurity and Infrastructure Security Agency can implement an effective mandatory incident reporting regime that meets the intent of the 2022 law, including harmonizing requirements across agencies and scoping what information is needed to provide value to all stakeholders.

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency is urging industrial control system and operational technology owners to take actions to address threats from Russian “hacktivists” targeting water and wastewater systems and other critical infrastructure sectors, in a new alert with federal and international partners.

By Sara Friedman

Bob Kolasky, former chief of the CISA National Risk Management Center, says there are opportunities for more oversight over cloud service providers under President Biden’s national security memorandum updating the government’s decade-old policy for the resilience and security of critical infrastructure.

RECENT NEWS

Senate panel seeks transparency over sensitive health information exposed under Change Healthcare breach
DHS receives duties to produce national risk management plan under critical infrastructure memo
Industry leaders to question scope of proposed CISA mandatory reporting requirements at House hearing
Easterly highlights CISA efforts to support agencies, address threats at fiscal 2025 budget hearing
UnitedHealth Group CEO calls for collaboration to create minimum cybersecurity controls in healthcare sector
CISA issues guidelines for critical infrastructure operators to address artificial intelligence risk

MORE NEWS ›

Topics

Biden's Executive Order
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
Incident Reporting Law
House Homeland Security sets up incident reporting hearing to gather feedback on CISA rulemaking
CISA considers alternatives to proposed mandatory incident reporting rule through regulatory impact analysis report
Water groups ask CISA for extension on incident reporting rulemaking comment period
CISA outlines enforcement mechanisms for mandatory cyber incident reporting regime in proposed rulemaking
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Defense ISAC releases ‘shopping guide’ to assist small businesses with selecting assessor for CMMC certification
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
Federal officials emphasize role of state-level investments in cybersecurity for fulfilling national cyber strategy
CSF 2.0
NIST explores ways to support creation of ‘community' profiles based on CSF 2.0 update
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
Supply Chain
CISA enters new stage of secure by design efforts targeted at addressing economic demand, consumer awareness
Moody’s finds health sector increasingly focused on cybersecurity budgets, staffing
FCC approves rulemaking in split vote to reclassify broadband services under Title II, allows for future cyber actions
Republican lawmakers urge FCC to pull back net neutrality rulemaking ahead of commission meeting