Republican commissioners on the Securities and Exchange Commission are supportive of a final rule to establish cyber requirements for broker-dealers, investment companies and advisors, while expressing concern over the potential volume of breach reports and highlighting changes to the rulemaking.
The final rule amends the SEC’s so-called “Regulation S-P” which requires covered institutions to “develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access...
The federal government can effectively leverage its role as a procurer of software to produce positive security outcomes across the tech ecosystem, according to NIST Information Security and Privacy Advisory Board Chair Steve Lipner, who argues that the establishment of tort-based liability protections would impose unnecessary costs on manufacturers.
Lipner highlights President Biden’s 2021 cyber executive order and its requirements for the government to develop secure software development processes for contractors. He says in a May 14 post, “The combination...
The Cybersecurity and Infrastructure Security Agency is providing federal agencies support to comply with zero trust requirements for encrypting web traffic through the Domain Name System, in a guide that contains an actionable checklist and recommendations for prioritizing implementation steps.
The Domain Name System, which routes internet traffic to specific IP addresses, “forms a cornerstone for supporting and enabling enterprise IT,” CISA says in the guide released on Thursday.
CISA says, “Traditionally, however, DNS has not supported methods for...
Eric Goldstein, executive assistant director for cybersecurity, is leaving the Cybersecurity and Infrastructure Security Agency next month, following three years leading the agency’s efforts under the cybersecurity division.
“I could not be prouder of the work that Eric Goldstein has done to move CISA forward as an agency. He has helped catalyze a shift across the agency to data-driven risk reduction and built an inclusive team that has enabled CISA and our partners to confront the serious cyber threats facing...
House Oversight cyber subcommittee leaders sought to get a big picture view of cyber attacks sponsored by China-based nation state actors from former intelligence community officials at a Wednesday hearing.
“Today’s hearing is a forum to discuss the challenge posed by China’s cyberwarfare -- and how we must meet that challenge. We know China is throwing massive money and manpower into its efforts,” Chairwoman Nancy Mace (R-SC) said at the start of the hearing.
The Federal Communications Commission will take up a proposal from Chairwoman Jessica Rosenworcel at a June meeting to require broadband providers to establish plans for implementing secure measures for Border Gateway Protocol, marking the FCC’s first attempt to use its new neutrality rules to address cybersecurity.
“The proposal aims to increase the security of the information routed across the internet by proposing certain reporting obligations on broadband internet access service (BIAS) providers on their progress towards secure internet routing. The...
NIST’s major update to the cybersecurity framework presents an opportunity for continued and renewed investments improving the security of internal systems and working with partners, according to stakeholders who participated in a Venable event.
“We have realized that CSF is like continuous monitoring. You have to continuously adopt this framework. And so for us, it's really making sure that that ‘Govern’ piece is solidified,” Anjelica Dortch of SAP said at a May 6 event hosted by Venable in San...
Lawmakers on the Senate Intelligence Committee identified a need to more clearly define the roles of the Cybersecurity and Infrastructure Security Agency and intelligence community in responding to election threats, in a Wednesday hearing.
Chairman Mark Warner (D-VA) said there is a concerning trend of “barriers to entry for foreign malign influence” decreasing since 2016, allowing for the threat landscape to become “more sophisticated and more aggressive” as the 2024 election cycle approaches.
The National Institute of Standards and Technology needs to modernize the operations of the National Vulnerability Database to ensure organizations maintain access to a key source of risk management information, according to a paper from the Hacking Policy Council.
“The NVD suffers from several longstanding administrative and technological challenges that have recently led to a serious degradation in NVD’s operations,” the May 12 paper says.
HPC argues, “The unsustainable path of this widely used tool creates substantial risks for...
The Senate Homeland Security Committee has sent legislation to the floor that makes changes to the federal contracting process to allow more businesses to participate and remove certain requirements that regarding the bidding process and procurement methods.
The measure, S. 4066, Federal Improvement in Technology (FIT) Procurement Act, would “remove obstacles to acquiring products and services in a timely and cost-effective way, increase competition for contracts, and open additional opportunities for more businesses to enter federal contracting,” according to...
The House Oversight Committee has unanimously approved a bill that would make changes to federal acquisition regulations to require contractors to have a vulnerability disclosure policy in line with the 2020 Internet of Things Cybersecurity Act.
“Federal agencies must act quickly when dealing with a cyber attack. The sooner a federal agency knows it may have a problem the sooner it can take steps to protect its systems and data, including personal data of millions of Americans. It’s reasonable to...
NIST’s final update to two publications focused on controlled unclassified information puts in place “organization-defined parameters” and the ability for agencies to make determinations on what meets their needs.
“Organization-defined parameters are used in the SP 800-53 controls to provide flexibility to federal agencies in tailoring controls to support specific organizational missions or business functions and to manage risk,” NIST says in a FAQ released Tuesday in conjunction with revision three of NIST 800-171 and 800-171A.
The recently released update to national cyber strategy implementation plan contains specific tasks for agencies aimed at bolstering the security of the water and health sectors, targeting critical infrastructure that has been described as "target rich, resource poor" by government officials.
“Sector Risk Management Agencies like the Environmental Protection Agency and the Department of Health and Human Services are rapidly maturing in their capabilities, and the Implementation Plan highlights significant work they will accomplish to protect their sectors,” the Office...
Federal CISO Chris DeRusha is leaving the Office of Management and Budget, following three and a half years leading government efforts to implement the 2021 cyber executive order to secure federal networks and other cybersecurity initiatives.
“Since day one of the Biden Administration, Chris has been instrumental in strengthening our nation’s cybersecurity, protecting America’s critical infrastructure, and improving the digital defenses of the Federal government. I wish him the best, and know he will continue to serve as a leading...
The Cybersecurity and Infrastructure Security Agency provides recommendations for civil society organizations to implement specific security controls for preventing cyber attacks from nation-state actors, in a new guide released with the FBI and international partners.
The guide “provides civil society organizations with recommended actions and mitigations to reduce their risk of cyber intrusions, particularly from state-sponsored cyber actors,” according to a Tuesday release.
CISA Director Jen Easterly said, “State-sponsored actors seek to undermine fundamental democratic and humanitarian values...
SAN FRANCISCO. Getting the funding that the Cybersecurity and Infrastructure Security Agency needs to implement its upcoming incident reporting regime is important when it comes to hiring personnel and building the necessary tech infrastructure, according to CISA executive director Brandon Wales.
“Right now, the funding constraints are primarily impacting in our ability to begin to hire personnel that we believe will be [needed] for full implementation of the Act and it has forced us to slow down some of the...
Efforts underway at the National Telecommunications and Information Administration are already supporting the broader goals of the State Department under the recently unveiled international cyber strategy, according to NTIA Administrator Alan Davidson and State cyber leader Nate Fick.
“Almost everything that we do in the policy space is touched on in this strategy,” Davidson said Monday at an Atlantic Council event focused on the international cyber strategy.
The strategy was published on May 6 at the RSA conference...
The Cybersecurity and Infrastructure Security Agency will hold its first annual conference on June 12 for the supply chain risk management task force, which brings together stakeholders from government and the information technology and communications sectors to address complex policy issues.
The conference from CISA’s Information and Communications Technology Supply Chain Risk Management Task Force will explore supply chain transparency, the impacts of cyber incidents on supply chains, the role of technology in SCRM and supply chain issues faced by...
The Consumer Technology Association is urging the Commerce Department to use a "narrowly tailored" approach to oversee foreign transactions for companies who produce connected vehicles, in response to an advance notice of proposed rulemaking asking for feedback on efforts to secure the information and communications technology supply chain.
Cyber threats associated with connected vehicle technology “can be separated into three categories: (1) the national security risk that a foreign adversary would have access to or control over sensitive and personal...
Senate Banking Chairman Sherrod Brown (D-OH) wants the Biden administration to issue a proposed rulemaking banning the import of Chinese-made connected vehicles that could transmit sensitive data back to China and pose both cybersecurity and artificial intelligence-related national security risks.
“Given the access and information that connected vehicles have regarding both Americans’ sensitive personal data and U.S. infrastructure, I encourage you to issue a notice of proposed rulemaking that includes prohibitions on finished vehicles and technology that is designed, developed,...