Inside Cybersecurity

December 2, 2023

Home Page

Home Page

By Sara Friedman

The U.S. Environmental Protection Agency is highlighting the importance of water utilities investing in basic cybersecurity measures, following a hack earlier this week to programmable logic controllers used by the Municipal Water Authority of Aliquippa in Pennsylvania.

By Sara Friedman

The Defense Department’s work to prepare the proposed rule for its Cybersecurity Maturity Model Certification program is nearing completion, according to a Pentagon spokesperson, with publication in the Federal Register expected as soon as next week.

By Jacob Livesay

The Foundation for Defense of Democracies has published a visual tool mapping how a Software Bill of Materials can fit into the National Institute of Standards and Technology’s risk management framework to better address software supply chain risks.

By Sara Friedman

GOP leaders on the House Energy and Commerce Committee criticized FCC Chairwoman Jessica Rosenworcel’s decision to move forward with reinstating broadband as a common carrier service under Title II of the Communications Act and other actions taken in the first two months of her tenure with a full set of five commissioners in place.

By Jacob Livesay

The House Science Committee has advanced a bill requiring the National Institute of Standards and Technology to work with agencies on post-quantum cryptography adoption, as part of a larger legislative package to reauthorize the National Quantum Initiative Act.

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency has published guidance on securing web management interfaces against cyber attacks, as the first entry in the agency’s secure by design alert series.

RECENT NEWS

CMMC accreditation body triples certified assessor count in 2023 ahead of formal launch period
House panel offers measures to secure federal software supply chain, address international threats
Telecommunications Industry Association updates standard aimed at measuring supply chain security
Cybersecurity Coalition urges NIST to simplify online informative reference tools
NIST schedules December forum to discuss next steps for consumer router security profile
FIDO Alliance emphasizes need for agency feedback on implementing authentication standard
Cloudflare emphasizes need for ‘agility’ in post-quantum cryptography migration

MORE NEWS ›

Topics

Biden's Executive Order
Cloud Security Alliance develops zero trust certificate for security professionals
CISA updates draft software self-attestation form to allow opportunities for revisions, address FedRAMP
FAR Council approves 60-day extension to allow more time for comments on 2021 cyber executive order rules
SEC charges SolarWinds with fraud, internal control failures in response to 2020 supply chain compromise
Incident Reporting Law
FCC schedules December vote on updating data breach notification rules
CISA revamps data analysis working group to assess effectiveness of security controls for ransomware mitigation
CISA-FBI advisory details schemes of malicious cyber group engaging in data theft, extortion
Electric sector group calls for strengthening info-sharing capabilities to address regulatory conflicts
SEC CYBER RULES
SEC corporate finance chief says cyber incident disclosure rule is focused on helping investors understand company risks
NEMA backs House bill to revoke SEC final rule on cyber incident disclosure reporting
House lawmakers introduce legislation to roll back controversial SEC cyber incident disclosure rule
Marsh McLennan details increasing compliance costs associated with regulatory overload in response to ONCD request for information
FTC Cyber Rules
FTC provides recommendations to Congress on options for combatting ransomware
Hunton law firm group details considerations for FTC proposal on ‘commercial surveillance’
California AG pushes FTC for ambitious approach to regulating ‘commercial surveillance,’ emphasizes health data
U.S. Chamber of Commerce takes aim at FTC ‘commercial surveillance’ proposal, says agency exceeds authority
Zero Trust
NIST releases draft guidance for data classification best practices
House panel considers impacts of potential government shutdown on CISA
CISA cyber leader identifies top priorities for protecting federal networks in House Homeland Security testimony
BSA prioritizes security needs for AI, addresses SBOM in cyber agenda for 2024
National Cyber Strategy
Senate panel advances Coker nomination for national cyber director to floor vote
FDD’s Montgomery calls for legislation to support cyber workforce data collection, analysis
ONCD emphasizes importance of skills-based hiring for broader workforce efforts
ONCD nominee Coker emphasizes need for collaboration in front of Senate panel
CSF 2.0
Industry coalition urges NIST to move forward with its approach to addressing supply chain in final CSF 2.0 publication
ITI suggests tweaks in CSF 2.0 update to incorporate supply chain outside of new ‘Govern’ function
Cyber Risk Institute continues to push for NIST supply chain function in comments on CSF 2.0 final draft
NIST enters new era with online-focused update to foundational catalog for security, privacy controls
Supply Chain
FAR Council extends comment period for Federal Acquisition Security Council rulemaking
Defense ISAC working group publishes reference architecture to enable ‘cross-cloud’ collaboration based on Microsoft offerings
Defense Dept.’s CMMC rulemaking clears OIRA review process
GSA sets up ecosystem on SAM.gov for contractors to review FASC removal, exclusion orders