Responsible development of autonomous vehicles requires a keen understanding of the cybersecurity risks that could impact their systems, according to a new report from the ASIS Foundation.
“From logistical and operational benefits to the technical prowess they offer, AV technologies promise unprecedented advancements. However, they also introduce a plethora of vulnerabilities and implications that demand careful consideration from security practitioners,” ASIS says in a Monday release.
The report says, “Key threats to the safety and security of AVs relate...
Six groups representing the water sector are seeking a 30-day comment period extension to respond to the Cybersecurity and Infrastructure Security Agency’s notice of proposed rulemaking to establish a mandatory incident reporting regime.
“The proposed rule is extensive, spanning nearly 500 pages. The regulatory impact assessment is another 142 pages of details on expected burdens associated with the NPRM. This is an intricate proposal, reflecting the complexities inherent in addressing cybersecurity within critical infrastructure sectors,” the groups said in an...
The latest iteration of the Cybersecurity and Infrastructure Security Agency’s biennial “Cyber Storm” exercise demonstrated how the federal government and the private sector can work together to deal with sensitive information in a crisis scenario, according to CISA cyber leader Eric Goldstein.
“The Cyber Storm exercise is so essential in helping not only [the] U.S. government, but our partners at the state and local level and across critical infrastructure, to build the relationships, the practices and the muscle memories so...
UnitedHealth Group CEO Andrew Witty will appear on May 1 in front of the House Energy and Commerce Committee to respond to questions from lawmakers on the Change Healthcare cyber attack.
“"Americans are still dealing with the fallout of the Change Healthcare hack. Individuals and smaller providers, in particular, have struggled financially following the cyberattack, threatening critical access for patients,” Chair Cathy McMorris Rodgers (R-WA) and oversight subcommittee Chair Morgan Griffith (R-VA) said in a hearing announcement.
The Cybersecurity and Infrastructure Security Agency’s work to promote best practices for secure software development will move forward with a focus on eliminating vulnerabilities that have plagued the software ecosystem for over 15 years, according to senior technical advisor Bob Lord.
“One of the things we have to do is get out of the world of thinking about things as ‘Whack-a-Mole’ – just swatting down the individual defect as customers report it – and figure out how to eliminate entire...
A new report from the Government Accountability Office evaluates federal efforts to implement President Biden’s 2021 cyber executive order, including requirements to determine critical software for procurement purposes and the work of the DHS-led-Cyber Safety Review Board.
The report breaks down the EO into 55 leadership and oversight requirements to determine implementation. CISA, NIST and the Office of Management and Budget are primarily responsible for implementation and the Office of the National Cyber Director took over oversight of the...
House Financial Services members sought to understand the role and costs of cyber insurance at a hearing this week on ransomware risks to the financial system.
“Although companies have the option to purchase cybersecurity insurance to cover financial losses to businesses’ interruption costs stemming from ransomware attacks, these policies are becoming increasingly more expensive and harder to maintain,” national security subcommittee ranking member Joyce Beatty (D-OH) said in her opening statement at the April 16 hearing.
The Cybersecurity and Infrastructure Security Agency and DHS Science and Technology Directorate have launched a tool with the Open Source Security Foundation to allow for the creation and translation of Software Bill of Materials across multiple formats.
The new “Protobom” tool is an “innovative open source software supply chain tool,” OpenSSF said in a Tuesday announcement.
Allan Friedman, who manages CISA’s SBOM workstreams, said, “Protobom is a step towards greater efficiency and interoperability by translating across the widely used...
A group of Democratic lawmakers led by Sen. Ed Markey (D-MA) are throwing their support behind FCC Chairwoman Jessica Rosenworcel’s net neutrality proposal and its focus on national security and public safety, ahead of a commission vote next week to restore oversight over broadband internet access service.
The FCC rulemaking scheduled for an April 25 vote would reinstate the commission’s Title II authority over internet service providers that was rolled back under former FCC Chairman Ajit Pai in 2018....
The Cybersecurity and Infrastructure Security Agency provides an overview of how it will enforce upcoming mandatory reporting for critical infrastructure requirements in a notice of proposed rulemaking.
CISA was tasked with creating a regime for mandatory reporting in the 2022 Cyber Incident Reporting for Critical Infrastructure Act. The agency published the NPRM on April 4, with a comment period closing June 3.
“CIRCIA provides a variety of mechanisms for CISA to use if CISA believes that a covered entity...
Data minimization requirements are a notable strength of the recently released Cantwell-Rodgers bill to establish a national privacy and data security standard, according to lawmakers on a House Energy and Commerce subcommittee.
Senate Commerce Chair Maria Cantwell (D-WA) and House Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) on April 7 released draft text of the American Privacy Rights Act, with mandates for covered entities and service providers to meet security standards and exercise transparency with regard to security...
The National Institute of Standards and Technology is asking for feedback on the initial public draft of its consumer-grade router profile, as part of the agency’s broader work to ensure the cybersecurity of Internet of Things products and fulfill an assignment from the White House.
“Routers serve as the gatekeepers of our networks, managing the flow of data between devices in the home or office and the internet. A compromised router opens the door to a host of potential exploited...
CISA, the FBI and the Office of the Director of National Intelligence have published guidance targeted at election infrastructure stakeholders on tactics used by foreign malign influence operations and mitigation steps.
The guidance document goes into detail on tactics “employed in foreign malign influence operations to shape U.S. policies, decisions, and discourse and could be used to target America’s election infrastructure,” CISA says in a Wednesday release.
CISA says, “The product discusses popular tactics used in foreign malign...
Four veteran senators are calling on Senate Majority Leader Charles Schumer (D-NY) and his AI working group to develop a framework for addressing extreme risks posed by artificial intelligence, “including biological, chemical, cyber, and nuclear threats,” while offering several options for oversight of AI frontier models.
“Congress should consider a permanent framework to mitigate extreme risks. This framework should also serve as the basis for international coordination to mitigate extreme risks posed by AI. This letter is an attempt to...
Entities potentially covered by the 2022 Cyber Incident Reporting for the Critical Infrastructure Act should be figuring out whether new rules under the law will apply to them and review the Department of Homeland Security’s proposal with an eye toward implementation, said a DHS official also in charge of the department’s AI responsibilities under executive order.
“I think the first thing we hear is we want more time because it is about 400 and something pages. I fully acknowledge it...
The House Energy and Commerce Committee sought to get a big picture of how the healthcare sector is implementing cyber best practices voluntarily and whether requirements or incentives are needed in the wake of the Change Healthcare cyber attack.
President Biden’s national cyber strategy culminated in the Department of Health and Human Services “issuing a four-step plan to strengthen our health care cyber defenses in December of last year,” health subcommittee Chair Brett Guthrie (R-KY) said in his opening...
Homeland Security Secretary Alejandro Mayorkas responded to concerns from current and former House cyber leaders on plans for harmonizing cyber incident reporting requirements, at a hearing to review the department’s fiscal 2025 budget proposal.
“Last month, CISA issued the notice of proposed rulemaking for mandatory cyber incident reporting, and I congratulate the department on this important milestone. Now that the NPRM is out, DHS must redouble its efforts to harmonize incident report rules across government,” Rep. Yvette Clarke (D-NY) said...
The federal government must work to improve information-sharing arrangements at the interagency level to prevent actionable data from being siloed at one agency or department, according to a new report from the Institute for Security and Technology.
“Shortcomings in existing information sharing practices lead to information silos that result in a murky information environment, making it difficult for governments and industry to work together to combat ransomware at scale,” IST’s Zoë Brammer says in a report released today.
A new best practices guide for secure artificial intelligence has been released by the National Security Agency and its partners, aiming to improve the “confidentiality, integrity, and availability” of AI systems while providing deployers with “methodologies and controls” for countering malicious activity.
The NSA on April 15 released the new guidance, “Deploying AI Systems Securely: Best practices for deploying secure and resilient AI systems,” along with the FBI, the Cybersecurity and Infrastructure Security Agency and “Five Eyes” security partners...
Cybersecurity should be part of trade agreements negotiated between the United States and other countries, according to a white paper from the Coalition to Reduce Cyber Risk, which reviews cyber components in different international negotiations and how they fit into the broader landscape.
“Cybersecurity itself is a fundamentally global issue with cyber-attacks being launched across borders, often leveraging infrastructure in multiple jurisdictions to conduct a single attack. To respond to these threats effectively, organizations must be able to move certain...
