BSA-The Software Alliance is asking the Commerce Department to make changes to its proposed customer identification program where U.S. infrastructure-as-a-service providers will need to provide information on their foreign customers to fulfill an obligation in an upcoming federal regulation.
Commerce issued a notice of proposed rulemaking on Jan. 29 outlining a proposal where U.S. IaaS providers would need to verify the identity of their foreign customers, based on a Trump-era executive order, and take “special measures to deter...
The Office of Personnel Management is working with the Office of the National Cyber Director to leverage skills-based hiring practices across a wide range of federal agency technical roles, according to OPM deputy director Rob Shriver, as part of the Biden administration’s efforts to grow the nation’s cyber workforce.
Shriver announced the project at a White House event on Monday, explaining how OPM’s Information Technology Series, known as the “2210 series,” will focus on assessing the skills of job applicants,...
The National Institute of Standards and Technology will release in May a highly anticipated update to Special Publication 800-171, which establishes requirements for protecting controlled unclassified information, and its accompanying assessment procedures in SP 800-171A, according to co-author and NIST fellow Ron Ross.
Ross explained how NIST reached a “critical milestone point” on April 24 in the development for revision three of NIST 800-171 and 800-171A, in a LinkedIn post, highlighting how the publications “cleared the Editorial Review Board...
The Cybersecurity and Infrastructure Security Agency should better harmonize the required data elements under its critical infrastructure incident reporting rule to reduce the compliance burden on covered entities, according to Wiley Rein partner Megan Brown.
The agency published a 447-page NPRM on April 4 to fulfill a requirement in the 2022 Cyber Incident Reporting for Critical Infrastructure Act. The expansive NPRM provides definitions for key terms, how to determine applicability, a proposal for establishing agreements between CISA and other...
The Department of Homeland Security has named 22 members to a new Artificial Intelligence Safety and Security Board mandated by President Biden’s executive order on AI, with a diverse roster including OpenAI’s Sam Altman, Arati Prabhakar of the White House Office of Science and Technology Policy, Maya Wiley of the Leadership Conference on Civil and Human Rights and other industry leaders and government officials.
“The Board will develop recommendations to help critical infrastructure stakeholders, such as transportation service providers, pipeline...
The Cybersecurity and Infrastructure Security Agency is shifting its focus for the secure by design initiative to creating economic demand for secure software, as the agency enters the second year of its efforts to promote software development best practices.
“If customers can better make these demands [and] asks of their vendors for specific security considerations built in from the start, we think we can see dramatic improvements,” CISA senior technical advisor Jack Cable said Thursday in a virtual event...
FCC Commissioner Brendan Carr strongly criticized the commission’s vote to move forward with reclassifying broadband internet access service under Title II of the Communications Act, questioning arguments made by Democrats and asserting that the FCC already has the authorities it needs to address national security.
The declaratory ruling and report and order approved by the FCC in a 3-2 vote on Thursday reinstates net neutrality rules established under former FCC Chairman Tom Wheeler and rolled back by Trump’s FCC...
Incident preparation planning and exercises should be expanded to include community leaders and emergency responders who are not only focused on technical cybersecurity concerns, according to a former National Security Council official.
“A lot of our tabletops are done with people with technical expertise and people in the cyber community that are going to be responding, but that is not how it works in the real world,” Advocacy Blueprints founder Nicole Tisdale said on a Wednesday panel discussion.
The health sector is making significant investments in cybersecurity from a budgeting and staffing standpoint, according to a report from Moody’s Ratings.
“As cyberattacks become more sophisticated, continued investments will be needed to thwart hackers and mitigate the impact of successful attacks,” the ratings firm says in an April 24 report.
Moody’s says, “Cyber spending as a share of IT reached 7% in 2023 up from 5% in 2019, while cyber headcount is up by 30%.”
The Federal Communications Commission approved in a 3-2 vote a declaratory rulemaking and report and order to reinstate net neutrality regulations, backed up by the need to address national security concerns and public safety.
“I think in a modern digital economy we should have a national net neutrality policy and make clear the Nation’s expert on communications has the ability to act when it comes to broadband. This is good for consumers, good for public safety, and good for national...
A ransomware warning program stood up by the Cybersecurity and Infrastructure Security Agency under a mandate in the 2022 cyber incident reporting law is key to minimizing the impacts of ransomware on critical infrastructure owners and operators, according to CISA Director Jen Easterly.
CISA’s Ransomware Vulnerability Warning Pilot program is “focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” Easterly said in a...
The Justice Department is focused on scaling up efforts with private sector and international partners to disrupt and deter ransomware threats, according to stakeholders involved in global disruption efforts.
“When it comes to disruption and deterrence, it's not just the U.S. government that has a stake,” FBI’s Brett Leatherman said in a panel discussion at a Wednesday event hosted by the Institute for Security and Technology.
Leatherman argued the federal government has “room to grow” in terms of offensive...
GOP members of the House and Senate commerce committees are urging the Federal Communications Commission to stop its plan to reclassify broadband providers under Title II of the Communications Act, ahead of a meeting today where commissioners will consider and vote on the net neutrality rulemaking from Chairwoman Jessica Rosenworcel.
Rosenworcel’s proposal would reinstate rules put in place in 2015 by former FCC Chairman Tom Wheeler, with a new focus on the need for national security and public safety....
The House Homeland Security cyber subcommittee will hold a May 1 hearing on CISA’s notice of proposed rulemaking to establish a mandatory incident reporting regime, featuring private sector stakeholders.
“Just two years after CIRCIA was signed into law, the cyber threat landscape has become even more dynamic with ever-increasing risk to our critical infrastructure from cyber adversaries, such as China and Russia, and opportunistic cybercriminals. Addressing these complex threats to the homeland demands effective implementation of CIRCIA,” subcommittee Chairman Andrew...
The Institute for Security and Technology’s Ransomware Task Force is calling for increased attention on international disruption efforts and strengthening public-private partnerships, in a report reviewing the group's progress since 2021 to implement key recommendations for government, industry and civil society organizations.
The new report calls on "governments, industry, and civil society...to step up resource allocation and prioritize implementing existing mechanisms” for threat disruption and information-sharing.
The task force is launching the report today at a day-long event...
The National Institute of Standards and Technology is exploring opportunities to help organizations develop “community" profiles based on the NIST cybersecurity framework update, known as "CSF 2.0," through working with stakeholders who have common interests and promoting guidance on how profiles are created.
The agency hopes "to inspire” organizations to join forces with partners that have shared objectives and build out community-specific guidance, said Cheri Pascoe, director of the NIST National Cybersecurity Center of Excellence, during a Tuesday webinar.
The Defense Department is launching a cyber vulnerability disclosure program for the defense industrial base, following a 12-month pilot conducted in partnership with HackerOne.
The program is a “strategic partnership” between the Department of Defense Cyber Crime Center (DC3) and the Defense Counterintelligence and Security Agency known as DIB-VDP, according to an April 19 release.
The release says, “This free and voluntary DIB-VDP aims to bring vulnerability disclosure capabilities to the DIB, and the strategic alignment will further enhance...
The Cybersecurity and Infrastructure Security Agency goes into detail on expected costs to implement its upcoming mandatory incident reporting regime for critical infrastructure in a required regulatory impact analysis report and also explores alternatives to the agency’s proposed rule published on April 4.
“This Preliminary RIA estimates the costs of complying with the proposed requirements for an affected population of 316,244 Covered Entities over the period of analysis. The main cost drivers of this proposed rule are the initial costs...
Two nonprofits focused on securing the internet say potential mandates by the Federal Communications Commission over Border Gateway Protocol could be harmful and slow down progress by other stakeholders, in a filing submitted ahead of the FCC’s vote on Thursday to restore net neutrality regulations.
The FCC will consider and vote on a rulemaking that would reclassify internet service providers under Title II of the Communications Act. In a declaratory ruling, the FCC provides details on what the new...
The Justice Department must ensure that its process for identifying “countries of concern” under an ongoing rulemaking process focused on limiting foreign adversary access to personal and government data is both transparent and predictable, according to three telecom groups who responded to an advance notice of proposed rulemaking.
DOJ published an ANPRM on March 5 outlining its approach to prohibiting data broker transactions and human genomic data transfers “between U.S. persons and countries of concern (or covered persons).”
