Inside Cybersecurity

May 29, 2024

Home Page

Home Page

By Sara Friedman

Amazon Web Services is urging the Commerce Department to clarify its proposed rulemaking to establish a regime where cloud service providers would be required to share information on the identity of their foreign customers.

By Sara Friedman

CISA Director Jen Easterly provided an update on progress to implement December recommendations from the agency’s advisory committee in a recent memorandum responding to individual proposals.

By Jacob Livesay

An Environmental Protection Agency loan program created in 2014 for water infrastructure represents a potentially underutilized source of funding for improving the cyber posture of systems and facilities across the United States amid the agency’s announcement of plans to step up cyber enforcement efforts, according to Norma Krayem of Van Scoyoc Associates.

By Jacob Livesay

A massive shortfall in available vulnerability information resulting from the slowdown of a key service offered by the National Institute of Standards and Technology has left organizations susceptible to cyber attacks that could have been avoided, according to research from vulnerability intelligence company VulnCheck.

By Jacob Livesay

Former White House cyber coordinator Michael Daniel says the implementation plan for President Biden's national cyber strategy could be improved by clarifying desired outcomes and setting benchmark metrics for success.

By Sara Friedman

A proposal on certification bodies and test labs considered at the Federal Communications Commission’s May meeting provides a look into how the regulatory agency for the communications sector will address national security concerns in 2024 over untrustworthy equipment on U.S. networks.

By Sara Friedman

A research agency under the Department of Health and Human Services is starting a $50 million grant program to help hospitals figure out where to make investments in bolstering their cybersecurity.

RECENT NEWS

The Week Ahead: Hack the Capitol returns to DC; Aspen Digital event on civil society cyber efforts
ONCD leads efforts to secure Border Gateway Protocol used by federal government
House panel reviews updated Cantwell-Rodgers privacy bill with changes to address data minimization
House NDAA advances through committee with measures addressing vulnerability disclosure, critical infrastructure
FCC approves proposed rule providing national security oversight for certification bodies under equipment authorization program
NCD Coker emphasizes need for ‘coherence’ across federal cyber initiatives, update on implementation plan

MORE NEWS ›

Topics

Biden's Executive Order
NIST advisory board chair raises issues with establishing liability regime for software security
Federal CISO DeRusha to leave Office of Management and Budget
Former CISA Director Krebs, other policy vets join reshuffled Cyber Safety Review Board
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
Incident Reporting Law
House panel advances resolution to roll back controversial SEC cyber disclosure rule
Wales: CISA budget shortfall could impact hiring needs to implement mandatory cyber incident reporting law
Stakeholders see goal of CISA’s incident reporting rule as focused on gaining visibility, not enforcement
Wales addresses scoping definitions under CISA’s upcoming incident reporting final rule
SEC CYBER RULES
GOP commissioners express concerns, highlight changes in SEC investment firm rule for customer breaches
SEC issues final rule to establish cyber requirements for investment firms
Cyber incident reporting, software security initiatives among hot topics at RSA as agency leaders, policy vets convene in San Francisco
Industry leaders to question scope of proposed CISA mandatory reporting requirements at House hearing
CMMC
CMMC proposed rule with changes to defense acquisition regulations enters OMB review process
Final update to NIST CUI publications features ‘organization-defined parameters’ for agencies to adjust security requirements
NIST releases final update to controlled unclassified information publication, assessment procedures
Pentagon issues ‘class deviation’ to address anticipated May update for NIST CUI publication
Zero Trust
CISA releases guidance for agencies on encrypting web traffic under zero trust strategy
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
National Cyber Strategy
NIST annual report highlights cybersecurity, privacy efforts in fiscal 2023
FCC proposes establishing requirements to develop plans addressing internet routing risks for broadband providers
House panel considers impact of China-backed cyber operations on federal agencies, critical infrastructure
Updated implementation plan aims to improve cybersecurity for water, health sectors with specific initiatives
CSF 2.0
Stakeholders see opportunities for continued investment in adopting NIST cybersecurity framework update
Rural broadband organization updates cyber resources to reflect changes in NIST CSF 2.0
NIST explores ways to support creation of ‘community' profiles based on CSF 2.0 update
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
Supply Chain
House Homeland Security sets June date to hear from Microsoft’s Brad Smith on security issues following CSRB report
House Armed Services considers defense policy bill with measures on mobile device security, artificial intelligence
NTIA seeks feedback on cybersecurity risks posed by sixth generation network buildout
FCC outlines plans to establish cyber grant pilot program for K-12 schools