Inside Cybersecurity

May 13, 2024

Home Page

Home Page

By Sara Friedman

SAN FRANCISCO. Stakeholders who participated in a panel here at the RSA conference emphasized the importance of CISA gaining visibility into cyber incidents through its upcoming mandatory reporting regime, and noted how it will change the agency’s voluntary work with critical infrastructure and the rest of the private sector.

By Charlie Mitchell

Senate Banking Chairman Sherrod Brown (D-OH) wants the Biden administration to issue a proposed rulemaking banning the import of Chinese-made connected vehicles that could transmit sensitive data back to China and pose both cybersecurity and artificial intelligence-related national security risks.

By Jacob Livesay

Global regulatory harmonization efforts should be built on a foundation of interoperability and mutual recognition, according to a report from Aspen Digital’s Global Cybersecurity Group.

By Jacob Livesay

A House Oversight and Accountability subcommittee examines cyber threats from China in a hearing this week, while CISA Director Jen Easterly, State Department cyber leader Nate Fick and National Telecommunications and Information Administration chief Alan Davidson discuss the newly unveiled international cyber strategy at an Atlantic Council event.

By Sara Friedman

House Homeland Security Chairman Mark Green (R-TN) and ranking member Bennie Thompson (D-MS) are asking Microsoft vice chair and president Brad Smith to testify at a May 22 hearing on the company’s “security shortcomings,” following the release of a report from the Cyber Safety Review Board offering a scathing review of Microsoft’s security culture.

By Sara Friedman

SAN FRANCISCO. Former senior cyber officials Michael Daniel and Suzanne Spaulding argued for more transparency in disclosing vulnerabilities in the private sector, as part of the effort to make connections and encourage more secure software development, during a panel here at the RSA conference.

By Sara Friedman

SAN FRANCISCO. Cybersecurity and Infrastructure Security Agency officials provided details here on how they are evaluating the effectiveness of efforts over the past year to work with target rich, resource poor entities on raising their level of security.

RECENT NEWS

Center for Internet Security offers definition for often ambiguous standards on ‘reasonable’ cyber efforts
Cyber Readiness Institute identifies need for incentives aimed at small business best practices
Neuberger expects July publication of FCC rules to start internet of things labeling program due to paperwork requirements
NCD Coker previews upcoming minimum security requirements for government space systems
CISA secure by design pledge provides goals for tech providers to improve security of their products
Wales addresses scoping definitions under CISA’s upcoming incident reporting final rule

MORE NEWS ›

Topics

Biden's Executive Order
Government Accountability Office calls on CISA to produce list of critical software identified in response to cyber EO
House Energy and Commerce leaders ask UnitedHealth Group for details on cyber attack timeline, restoration efforts
FAR Council issues request for information on potential supply chain regulations to include in new acquisition section
Sen. Wyden proposes legislation to require federal procurement of secure software following CSRB report
Incident Reporting Law
Cyber incident reporting, software security initiatives among hot topics at RSA as agency leaders, policy vets convene in San Francisco
CISA grants 30-day extension for input on incident reporting rule
House panel addresses need for harmonization in upcoming CISA incident reporting regime, scoping key definitions
Industry leaders to question scope of proposed CISA mandatory reporting requirements at House hearing
SEC CYBER RULES
Biden pushes back on GOP SEC resolution; Easterly calls for incident reports to CISA, FBI while rulemaking process continues
House Financial Services GOP leaders request information on SEC social media account breach
Wiley law firm highlights major cyber policy issues to watch in 2024
Bank Policy Institute questions SEC process to consider national security in granting delays on four-day incident requirement
CMMC
Pentagon issues ‘class deviation’ to address anticipated May update for NIST CUI publication
NIST plans May release of updated controlled unclassified information guides foundational to CMMC program
MITRE raises concerns over CMMC program costs to address assessment gaps, accommodate maturity model changes
Pentagon releases cyber strategy for defense industrial base designed to enhance security posture, build resiliency
Zero Trust
Mayorkas pushes for full funding to implement upcoming CISA mandatory incident reporting structure effectively
National Security Agency offers guidance for maturing data security practices used in zero trust
OMB explores addressing MFA needs for applications, operational technology in federal agencies
NIST works to update testing tools used for validating security of encryption solutions prior to implementation
National Cyber Strategy
Former ONCD official outlines evolving priorities for implementation of national cyber strategy
Office of Personnel Management commits to skills-based hiring for IT roles as part of national cyber workforce strategy
ONCD convenes legal symposium on developing software liability framework
CISA releases user guide to assist with uploading secure software self-attestation letters in online repository
CSF 2.0
Rural broadband organization updates cyber resources to reflect changes in NIST CSF 2.0
NIST explores ways to support creation of ‘community' profiles based on CSF 2.0 update
NIST asks for feedback on online mapping of CSF 2.0 and security, privacy controls catalog
NIST releases incident reporting profile for comment aligned with cybersecurity framework update
Supply Chain
NTIA announces second funding opportunity under Open RAN grant to support supply chain security
ONCD determines potential approaches to address software liability, launches work with manufacturers
CISA’s Friedman: Managing risks related to unsupported software starts in the ‘data layer’
CISA-facilitated community group offers guidance on SBOM sharing use cases