Global regulatory harmonization efforts should be built on a foundation of interoperability and mutual recognition, according to a report from Aspen Digital’s Global Cybersecurity Group.

“The global cybersecurity regulatory environment is deeply fragmented, inefficient, and often ineffective,” the May 8 report says.

The report proposes three principles “to help policymakers align regulatory frameworks worldwide, and to develop regulations that drive good cyber.”

The first principle is centered on interoperability and transparency.

A focus on interoperability “reflects the horizontal, interconnected...

House Homeland Security Chairman Mark Green (R-TN) and ranking member Bennie Thompson (D-MS) are asking Microsoft vice chair and president Brad Smith to testify at a May 22 hearing on the company’s “security shortcomings,” following the release of a report from the Cyber Safety Review Board offering a scathing review of Microsoft’s security culture.

The hearing is intended to allow Microsoft “to present its perspective on the CSRB report” and “will examine Microsoft’s views regarding the company’s security shortcomings,...

SAN FRANCISCO. Former senior cyber officials Michael Daniel and Suzanne Spaulding argued for more transparency in disclosing vulnerabilities in the private sector, as part of the effort to make connections and encourage more secure software development, during a panel here at the RSA conference.

Daniel said there is a need for “humility” where the community understands “that there are vulnerabilities in all software products and all hardware products. No one actually has discovered a way to write bug free software...

SAN FRANCISCO. Cybersecurity and Infrastructure Security Agency officials provided details here on how they are evaluating the effectiveness of efforts over the past year to work with target rich, resource poor entities on raising their level of security.

“One of the things that I've asked my team to do is to lay out what are the measurements of effectiveness that tell us we are actually driving down risk. And it has to be more than 'Well, we engaged with these...

The Center for Internet Security is offering organizations guidance on how to meet the standard of “reasonable cybersecurity” that state laws and court cases suggest should be the measuring stick for cyber efforts without spelling out what that means in practice.

“Several prominent data breaches, court cases, and state data privacy laws have placed the concept of ‘reasonable’ cybersecurity in the public discourse, but there has been no real definition of what ‘reasonable’ cybersecurity is…until now,” CIS said in a...

Small and medium-sized businesses are not adequately protecting themselves from cyber threats and require greater incentives from the federal government and insurance companies to boost their security posture, according to a report from the Cyber Readiness Institute.

“SMBs are highly vulnerable to the threat of cyber intrusion and tempting gateways to bigger prizes such as large enterprises, global supply chains, and critical infrastructure, representing the prime targets of bad actors,” CRI managing director Karen Evans said in an April 30...

SAN FRANCISCO. Deputy National Security Advisor for Cyber Anne Neuberger says publication of the Federal Communications Commission’s rulemaking to establish an Internet of Things cyber labeling program is expected in July, following paperwork requirements that are in process.

“We are required to file something under the Paperwork Reduction Act,” Neuberger said, which adds 60 days and then 30 days, meaning that by “mid-July we are issuing the next round. … There was three months in the process we have to...

SAN FRANCISCO. National Cyber Director Harry Coker provided an update on work through his office to establish minimum requirements for federal space systems, in a Tuesday keynote here at the RSA conference, as part of a larger strategy to secure critical infrastructure sectors.

Coker took a step back from the Biden administration’s decision in National Security Memorandum 22 to not create a new critical infrastructure for space systems, arguing that “regardless of how it is characterized in any document...

SAN FRANCISCO. The Cybersecurity and Infrastructure Security Agency’s secure by design pledge offers a roadmap for how the technology sector will work to develop and retrofit software products to achieve seven security goals in the next year.

“I fundamentally believe the only way to catalyze more secure critical infrastructure, the only way to make ransomware a shocking anomaly, is to ensure that the technology that we rely upon every hour of every day is built, tested, designed, deployed and delivered...

SAN FRANCISCO. CISA executive director Brandon Wales says the cyber agency will respond to feedback in the final rule on defining and scoping what is a “covered entity” and “covered cyber incident” for its upcoming cyber incident reporting regime, on a panel here at the RSA conference.

“The most critical questions that we will get feedback on are the definition of covered entity, the definition of covered incident and what is reportable, what is required to be recorded. And we...

SAN FRANCISCO. Former Rep. Jim Langevin (D-RI), a long-time cyber policymaker on Capitol Hill, is continuing to push for the creation of a Bureau of Cyber Statistics as a way to provide “sufficient” data on outcomes and fulfill a major recommendation from the Cyberspace Solarium Commission that has not gotten much traction in Congress.

The Bureau of Cyber Statistics would be an entity that collects “anonymized” data that everyone can use and helps CISOs make the “business case” to their...

A draft data privacy and security bill from the leaders of the House and Senate commerce committees represents a potential solution to longstanding concerns about America’s lack of a federal privacy standard, according to Sen. John Hickenlooper (D-CO), who chairs a Senate Commerce subcommittee on consumer protection, product safety and data security.

“We're at a pivotal moment in the age of technologies that rely on increasing amounts of consumer data,” Hickenlooper said in opening remarks at a Wednesday subcommittee...

NTCA-The Rural Broadband Association has updated its six-part series on cybersecurity for small broadband providers to reflect changes made by the National Institute of Standards and Technology in the latest version of the NIST cybersecurity framework.

“[I]ndustry resources are expansive and can be overwhelming and difficult to apply to the unique needs of a small communications company. Our sector-specific guide to the NIST Framework 2.0 provides targeted, actionable strategies for implementation of the framework in a small-company setting,” NTCA’s Jill...

The Cybersecurity and Infrastructure Security Agency has released a second installment in its “Secure Our World” public awareness campaign, while reporting on visibility metrics from its first PSA.

“Basic cyber hygiene prevents 98% of cyber attacks—why we’re on a mission to make cyber hygiene as common as brushing our teeth and washing our hands,” CISA Director Jen Easterly said in a Wednesday press release.

CISA is also “on a mission” to ensure that cybersecurity best practices are “accessible” to...

The National Telecommunications and Information Administration has announced a $420 million notice of funding opportunity focused on supporting the buildout of Open Radio Access Networks to boost wireless service cybersecurity and trustworthiness by promoting supply chain diversity.

“By supporting the development of open radio units, this second round of funding will help to ensure that wireless technology is built by the U.S. and its global allies and partners – not vendors from nations that threaten our national security,” NTIA explained...

The Department of Defense should have a more clearly delineated role to play in international capacity-building under the State Department’s new cybersecurity strategy, according to retired Rear Adm. Mark Montgomery of the Foundation for Defense of Democracies.

The State Department published the international cyber strategy on Monday, outlining four focus areas with specific lines of effort for advancing each, prior to Secretary Antony Blinken’s keynote at the RSA Security conference in San Francisco.

Montgomery said in a statement...

SAN FRANCISCO. The first meeting of the DHS Artificial Intelligence Safety and Security Board focused on principles that will shape their work moving forward with the end goal of developing guidelines for secure and trustworthy AI, according to Homeland Security Secretary Alejandro Mayorkas.

The board is tasked through the Oct. 30 artificial intelligence executive order with focusing on the “safe, secure [and] responsible implementation of AI in our nation's critical infrastructure,” Mayorkas said, referring to “the systems and services upon...

SAN FRANCISCO. The Office of the National Cyber Director has published version two of its implementation plan for the national cyber strategy, providing updates on initiatives launched over the past year and new projects that are underway in 2024.

“We are in the midst of a fundamental transformation in our Nation’s cybersecurity. We have made progress in realizing an affirmative vision for a safe, prosperous, and equitable digital future, but the threats we face remain daunting. That’s why I’m pleased...

SAN FRANCISCO. The Defense Department will continue to direct contractors to follow requirements in the current version of NIST Special Publication 800-171 under a “class deviation,” amid the anticipated release this month of an update to the foundational controlled unclassified information publication.

The class deviation was put out on May 2 to “alleviate some of the stresses” of NIST updating 800-171, according to Stacy Bostjanick, chief of defense industrial base cybersecurity at the Office of the DoD Chief Information Officer....

Managing the risks posed by software that is no longer supported by its manufacturer requires a data-centric approach to address the wide range of software types and open source components, according to the Cybersecurity and Infrastructure Security Agency’s Allan Friedman.

CISA is pushing for “an infrastructure where we have better data around end-of-life and end-of-support” to meet an objective in President Biden’s national cyber strategy, Friedman explained to Inside Cybersecurity.

Friedman, a senior advisor and strategist at CISA, spoke with...