Inside Cybersecurity

April 26, 2024

Home Page

Home Page

By Jacob Livesay

The Cybersecurity and Infrastructure Security Agency is shifting its focus for the secure by design initiative to creating economic demand for secure software, as the agency enters the second year of its efforts to promote software development best practices.

By Sara Friedman

FCC Commissioner Brendan Carr strongly criticized the commission’s vote to move forward with reclassifying broadband internet access service under Title II of the Communications Act, questioning arguments made by Democrats and asserting that the FCC already has the authorities it needs to address national security.

By Jacob Livesay

Incident preparation planning and exercises should be expanded to include community leaders and emergency responders who are not only focused on technical cybersecurity concerns, according to a former National Security Council official.

By Jacob Livesay

The health sector is making significant investments in cybersecurity from a budgeting and staffing standpoint, according to a report from Moody’s Ratings.

By Sara Friedman

The Federal Communications Commission approved in a 3-2 vote a declaratory rulemaking and report and order to reinstate net neutrality regulations, backed up by the need to address national security concerns and public safety.

By Jacob Livesay

A ransomware warning program stood up by the Cybersecurity and Infrastructure Security Agency under a mandate in the 2022 cyber incident reporting law is key to minimizing the impacts of ransomware on critical infrastructure owners and operators, according to CISA Director Jen Easterly.

By Jacob Livesay

The Justice Department is focused on scaling up efforts with private sector and international partners to disrupt and deter ransomware threats, according to stakeholders involved in global disruption efforts.

RECENT NEWS

Republican lawmakers urge FCC to pull back net neutrality rulemaking ahead of commission meeting
House Homeland Security sets up incident reporting hearing to gather feedback on CISA rulemaking
Nonprofit-led ransomware task force highlights need to advance international disruption efforts, build partnerships
Pentagon formally launches vulnerability disclosure program for defense companies
CISA considers alternatives to proposed mandatory incident reporting rule through regulatory impact analysis report
Internet-focused nonprofits raise concerns to FCC over potential regulation of routing protocol ahead of net neutrality vote

MORE NEWS ›

Topics

Biden's Executive Order
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
Incident Reporting Law
CISA outlines enforcement mechanisms for mandatory cyber incident reporting regime in proposed rulemaking
House lawmakers highlight data minimization as strength of Rodgers-Cantwell draft privacy bill
DHS official urges implementation of cyber-incident reporting rules amid AI EO taskings
Mayorkas addresses incident reporting harmonization at House fiscal 2025 budget hearing
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Procurement coalition raises questions over DOD treatment of external service providers in CMMC proposed rule
Defense ISAC releases ‘shopping guide’ to assist small businesses with selecting assessor for CMMC certification
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
House-Senate budget agreement features $73.9 million for CISA incident reporting regime
Federal officials emphasize role of state-level investments in cybersecurity for fulfilling national cyber strategy
CSF 2.0
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
NIST engages with small business community to highlight changes in cybersecurity framework update
NIST launches update process for small business security publication with request for comment
Supply Chain
DHS and open source group release new tool for creating, translating Software Bill of Materials
Lawmakers back FCC net neutrality rulemaking as commission vote nears to restore Title II oversight
NIST seeks public comment on initial draft of consumer router profile
House Energy and Commerce weighs need for establishing health sector cyber requirements with providing incentives