Inside Cybersecurity

April 17, 2024

Home Page

Home Page

By Mariam Baksh

Entities potentially covered by the 2022 Cyber Incident Reporting for the Critical Infrastructure Act should be figuring out whether new rules under the law will apply to them and review the Department of Homeland Security’s proposal with an eye toward implementation, said a DHS official also in charge of the department’s AI responsibilities under executive order.

By Sara Friedman

The House Energy and Commerce Committee sought to get a big picture of how the healthcare sector is implementing cyber best practices voluntarily and whether requirements or incentives are needed in the wake of the Change Healthcare cyber attack.

By Sara Friedman

Homeland Security Secretary Alejandro Mayorkas responded to concerns from current and former House cyber leaders on plans for harmonizing cyber incident reporting requirements, at a hearing to review the department’s fiscal 2025 budget proposal.

By Jacob Livesay

The federal government must work to improve information-sharing arrangements at the interagency level to prevent actionable data from being siloed at one agency or department, according to a new report from the Institute for Security and Technology.

By Charlie Mitchell

A new best practices guide for secure artificial intelligence has been released by the National Security Agency and its partners, aiming to improve the “confidentiality, integrity, and availability” of AI systems while providing deployers with “methodologies and controls” for countering malicious activity.

By Sara Friedman

Cybersecurity should be part of trade agreements negotiated between the United States and other countries, according to a white paper from the Coalition to Reduce Cyber Risk, which reviews cyber components in different international negotiations and how they fit into the broader landscape.

By Sara Friedman

Witnesses at a House Financial Services hearing outlined collaboration opportunities to respond to ransomware threats, highlighting the need for more organizations to institute best practices and improve coordination efforts to respond to attacks.

RECENT NEWS

Senate Intelligence postpones elections hearing set to feature CISA Director Easterly
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Information sharing group emphasizes consequences of ransomware on food, agriculture sector
Congressional Research Service reviews CISA incident reporting notice of proposed rulemaking
Former FCC cyber chief highlights central role for national security in net neutrality rulemaking
Treasury Dept. proposes stricter CFIUS penalties, expanded subpoena power

MORE NEWS ›

Topics

Biden's Executive Order
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
FAR Council establishes new section in acquisition rules for upcoming supply chain regulations
FCC kicks off comment period on ‘further notice’ for cyber labeling program to address national security
Incident Reporting Law
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
Coast Guard extends comment period for proposed rulemaking to address maritime cyber threats
Cyber policy leaders weigh in on impact of CISA notice of proposed rulemaking for incident reporting
Industry coalition asks CISA for extension to respond to incident reporting rulemaking
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Defense ISAC releases ‘shopping guide’ to assist small businesses with selecting assessor for CMMC certification
Canadian government urges DOD to establish reciprocity between CMMC and Canadian cyber certification program
Zero Trust
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
CISA requests $115.9 million in fiscal 2025 budget to support mandatory incident reporting regime
National Cyber Strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
Federal officials emphasize role of state-level investments in cybersecurity for fulfilling national cyber strategy
CSF 2.0
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
NIST launches update process for small business security publication with request for comment
Supply Chain
Industry-led 'GridEx' cyber exercise reveals need for improved system resilience, extensive cyber prep
Cyber safety board report directs CISA to verify cloud security best practices for service providers
Financial Services ISAC predicts 2024 increase in geopolitically motivated cyber attacks
Cantwell, Rodgers release bipartisan privacy legislation to mandate data security standards, transparency requirements