Inside Cybersecurity

April 16, 2024

Home Page

Home Page

By Sara Friedman

Leadership on the House Energy and Commerce Committee have sent a letter to UnitedHealth Group asking for information on the February cyber attack on subsidiary Change Healthcare including details on the impact, system restoration, response efforts and cybersecurity protocols.

By Sara Friedman

MITRE raises issues with potential costs for contractors who want to do business with the Defense Department in addressing assessment gaps and accommodating for potential future changes in the maturity model for the upcoming Pentagon cyber certification program, in response to a proposed rule to implement the program.

By Jacob Livesay

Ransomware attacks in the food and agriculture sector are impacting the operations of production facilities in the U.S., according to a report from the sector’s information sharing and analysis center.

By Sara Friedman

A new report from the Congressional Research Service provides an overview of CISA’s notice of proposed rulemaking published on April 4 to establish a mandatory cyber incident reporting regime for critical infrastructure.

By Sara Friedman

FCC Chairwoman Jessica Rosenworcel’s net neutrality rulemaking to be considered at an April 25 meeting strikes the right balance between addressing national security concerns and signaling opportunities for further action, according to former security bureau chief David Simpson.

By Brett Fortnam

The Treasury Department wants to expand the authority of the Committee on Foreign Investment in the U.S. to demand information from companies in its reviews of transactions for national security implications and hike penalties on companies found to have misrepresented themselves.

By Jacob Livesay

Two Republican lawmakers on the House Transportation and Infrastructure Committee have introduced a bill to establish a public-private “Water Risk and Resilience Organization” that would create and enforce cybersecurity standards in the water and wastewater sector.

RECENT NEWS

Tech group proposes ways to help organizations prepare for potential ransom payment ban
House Financial Services chair introduces bill to require Treasury Dept. notification before making ransom payments
NIST launches introductory ‘courses’ to help organizations understand security, privacy controls catalog
Industry-led 'GridEx' cyber exercise reveals need for improved system resilience, extensive cyber prep
CISA issues emergency directive to address email compromises by cyber actor Midnight Blizzard
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively

MORE NEWS ›

Topics

Biden's Executive Order
FAR Council establishes new section in acquisition rules for upcoming supply chain regulations
FCC kicks off comment period on ‘further notice’ for cyber labeling program to address national security
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
CISA seeks feedback on final common form for secure software self-attestation following launch of repository
Incident Reporting Law
Coast Guard extends comment period for proposed rulemaking to address maritime cyber threats
Cyber policy leaders weigh in on impact of CISA notice of proposed rulemaking for incident reporting
Industry coalition asks CISA for extension to respond to incident reporting rulemaking
CISA kicks off public comment period for incident reporting notice of proposed rulemaking
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Defense ISAC releases ‘shopping guide’ to assist small businesses with selecting assessor for CMMC certification
Canadian government urges DOD to establish reciprocity between CMMC and Canadian cyber certification program
Zero Trust
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
CISA requests $115.9 million in fiscal 2025 budget to support mandatory incident reporting regime
National Cyber Strategy
ONCD convenes legal symposium on developing software liability framework
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
Federal officials emphasize role of state-level investments in cybersecurity for fulfilling national cyber strategy
CISA, OMB release final secure software self-attestation form for procurement purposes
CSF 2.0
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
NIST launches update process for small business security publication with request for comment
Supply Chain
Cyber safety board report directs CISA to verify cloud security best practices for service providers
Financial Services ISAC predicts 2024 increase in geopolitically motivated cyber attacks
Cantwell, Rodgers release bipartisan privacy legislation to mandate data security standards, transparency requirements
CISA works to engage industry stakeholders on demonstrating demand for secure software products