Inside Cybersecurity

July 2, 2022

Home Page

Home Page

By Sara Friedman

House appropriators are investing in helping agencies address supply chain threats across government and fulfill requirements from President Biden’s 2021 cyber executive order including cloud migrations.

By Sara Friedman

The Department of Energy has updated its Cybersecurity Capability Maturity Model, a self-evaluation tool designed to determine priority areas to address vulnerabilities, following real-world testing with industry players from the electric, oil and natural gas sectors.

By Charlie Mitchell

Global insurance broker Marsh McLennan sees cybersecurity insurance premium rates leveling off after two years of “persistently high claims rates” pushed up the cost of coverage, while highlighting “twelve key controls” to reduce ransomware and other cyber risks.

By Charlie Mitchell

An advisory from CISA, the FBI and Treasury Department warns that MedusaLocker ransomware threat actors continue to target victims through vulnerabilities in Remote Desktop Protocol, and offers details on mitigations as part of the federal government’s #StopRansomware initiative

By Sara Friedman

The Pentagon is planning to issue a final rule in December establishing a regime for DOD acquisition officials to conduct assessments of a contractor’s compliance with NIST Special Publication 800-171.

By Charlie Mitchell

The Transportation Security Administration is renewing and revising two cybersecurity directives for pipeline operators issued after the 2021 Colonial Pipeline ransomware attack, lengthening the timeline for reporting cyber incidents in one of the orders, while promising a formal rulemaking process over the next year covering “pipelines and other surface transportation systems.”

RECENT NEWS

Federal open source initiative to focus on risk mitigation, significant vulnerabilities
Elections ISAC initiates campaign urging officials to focus on cyber basics
NIST seeks comments on revisions to cyber guidance for positioning, navigation and timing services
USTelecom, major companies announce international CISO council to coordinate on cyber
SEC expects final action on cyber rule for publicly traded companies by spring 2023, according to regulatory update
Pentagon memorandum directs acquisition officials to ensure contractor compliance with cyber standard
FedRAMP updates assessment gap plan documentation to include details on patching known vulnerabilities

MORE NEWS ›

Working Remotely?

If you are unable to access this service in the usual way because you are working remotely, let us know and we’ll provide you with temporary access credentials. Contact us at access@iwpnews.com.

Topics

Biden's Executive Order
House appropriators approve CISA spending bill with investments for incident reporting regime, shared services
CISA releases update to cloud security architecture designed to help agency migrations
NIST plans to focus on addressing risk in next stage of Internet of Things cyber program
NIST releases draft baseline publication for consumer Internet of Things products
Incident Reporting Law
U.S. health officials to seek input on improving data breach reporting process
Major industry groups urge SEC to hold off on finalizing cyber proposal, allow for more input
GAO urges CISA, Treasury Dept. to analyze critical infrastructure attacks to determine need for federal insurance program
CISA aims to drive ‘benefit over burden’ for stakeholders in upcoming incident reporting regime
SEC CYBER RULES
Rep. Clarke emphasizes importance of CISA as lead agency on incident reporting, in response to SEC and TSA proposals
CrowdStrike leader: More focus needed on security side of data privacy requirements
Restaurant group urges SEC to rescind cyber proposal, disputes premise of incidents affecting stock price
Corporate governance body urges more flexibility in SEC cyber rulemaking, questions mandates on boards
Ukraine Crisis
Moody’s: Ukraine conflict raises cyber insurance premiums, questions over coverage
Easterly: CISA’s move to ‘operational collaboration’ relies on joint effort with critical infrastructure partners
CISA says rulemaking work is underway on incident reporting requirements, urges industry engagement
Peters report: More data, collaboration is needed in support of Biden ransomware initiatives
Zero Trust
Zero trust report urges government to establish tracking metrics to measure implementation
Stakeholders: Biden EO shows administration’s cyber priorities, offers a map for corporate boards
NIST launches stakeholder forum to accompany zero trust implementation project
General Services Administration outlines efforts to help acquisition officials understand cyber EO requirements
Info-Sharing
CISA advisory group looks to build on critical infrastructure work started under Solarium Commission
Operator of Multi-State ISAC hails benefits of new federal cybersecurity assistance to states
House Armed Services advances NDAA with provisions on joint collaborative environment, incident reporting
CISA advisory committee approves recommendations on information sharing, workforce challenges
Framework
NIST seeks comment on guidance for ‘validating integrity’ of computing devices, says don’t assume trustworthiness
NIST highlights broad international efforts on cyber, including under ‘CSF 2.0’ initiative
NIST offers ways to use business impact analysis for setting cybersecurity priorities
Corporate leaders, industry groups pledge support for international cyber standards
Supply Chain
CISA task force industry co-chairs see value-add in collaborative nature of supply chain security work
EU’s latest steps on cyber will improve security, Moody’s says, but also increase business costs
House panel approves additional funding for FCC rip-and-replace program
Pentagon cyber chief: DOD plan to meet CUI controls goes 'above and beyond CMMC'