Policy & Regulation

whyframestudio via Getty Images

Manufacturing cybersecurity at heart of new White House guidance

The increased priority on security comes as more clean energy supply chains face the threat of a cyberattack.
By Kate Magill • June 24, 2024
Drew Angerer via Getty Images

Microsoft president promises significant culture changes geared towards security

Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
By David Jones • June 14, 2024
Drew Angerer via Getty Images

Microsoft will take full ownership for security failures in House testimony

Brad Smith, the company’s vice chair and president, will acknowledge extensive security lapses while outlining steps the company, industry and nation need to move forward.
By David Jones • June 13, 2024
Mark Wilson / Getty Images via Getty Images

FCC approves $200M K-12 cybersecurity pilot

The three-year program will help schools begin to cover the costs of securing their networks from cyberattacks.
By Anna Merod • Updated June 7, 2024
Permission granted by Information Technology Industry Council

White House wants to harmonize the breadth of cybersecurity regulations

National Cyber Director Harry Coker Jr. detailed White House strategy to streamline the administrative burden and cost of cyber compliance.
By David Jones • June 5, 2024
Wirestock via Getty Images

NIST has a plan to clear the vulnerability analysis backlog

The Cyber Security and Infrastructure Security Agency and government contractor Analygence will help clear the National Vulnerability Database backlog.
By Matt Kapko • May 31, 2024
"U.S. Securities and Exchange Commission headquarters in Washington, D.C., near Union Station" by AgnosticPreachersKid is licensed under CC BY 3.0

SEC clarifies intent of cybersecurity breach disclosure rules after initial filings

The rules require notification of “material” breaches, but some early filers have reported incidents that appear to fall short of the regulatory threshold.
By Alexei Alexis • May 29, 2024
Courtesy of NIST

Critical CVEs are going under-analyzed as NIST falls behind

NIST has analyzed less than 1 in 10 vulnerabilities added to the National Vulnerability Database since mid-February, according to VulnCheck research.
By Matt Kapko • May 28, 2024
Mario Tama via Getty Images

HHS agency launches program to automate cybersecurity at hospitals

The program will invest more than $50 million to create a software suite that can automatically find potential vulnerabilities that hackers could exploit and deploy fixes.
By Emily Olsen • May 24, 2024
Drew Angerer via Getty Images

SEC fines NYSE’s parent $10M for failing to report cyberattack

The settlement sheds light on the costs of cyberattacks that can include penalties for non-compliance with timely disclosure requirements after the events occur.
By Maura Webber Sadovi • May 24, 2024
Permission granted by McCrary Institute

White House seeks critical cyber assistance for water utilities, healthcare

The DOJ will also work to deter teens from joining criminal hackers like Lapsus$.
By David Jones • May 23, 2024
Philipp Tur/Getty Images Plus via Getty Images

Cyberattacks are good for security vendors, and business is booming

More secure technology could stem the tide of cyberattacks, but digital threats are ever present.
By Matt Kapko • May 23, 2024
Jeenah Moon via Getty Images

Microsoft president set to testify before Congress on ‘security shortcomings’

After the tech giant asked for more time, Brad Smith will now testify before the House Committee on Homeland Security on June 13.
By Matt Kapko • May 22, 2024
Alex Wong / Staff via Getty Images

Providers urge HHS to clarify Change data breach reporting requirements

More than 50 provider groups are asking the federal government to publicly state that UnitedHealth should handle data breach reporting stemming from the cyberattack on its subsidiary.
By Emily Olsen • May 22, 2024
lnzyx for iStock via Getty Images

EPA to ramp up enforcement as most water utilities lack cyber safeguards

The agency may consider taking civil and criminal penalties against utilities following months of attacks against drinking and wastewater treatment facilities.
By David Jones • May 21, 2024
Chip Somodevilla via Getty Images

SEC requires financial firms to disclose data breaches within 30 days

The regulatory agency’s rule change comes less than a year after it required publicly traded companies to disclose material security incidents within four business days.
By Matt Kapko • May 20, 2024
Photo illustration by Danielle Ternes/Security Wall; photograph by yucelyilmaz via Getty Images

CISA senior official Goldstein to leave agency in June

The executive assistant director for cybersecurity at CISA often served as the voice of the agency and helped steer its secure-by-design efforts.
By Matt Kapko • May 16, 2024
Wirestock via Getty Images

Unsafe software development practices persist, despite CISA’s push

The industry isn’t making sufficient progress in cleaning up code despite recurring efforts from the agency to eliminate entire classes of vulnerabilities.
By Matt Kapko • May 15, 2024
Permission granted by Matthew Horwood

National Cyber Director echoes past warnings: Nation-state cyber threats are mounting

State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.
By David Jones • May 15, 2024
Stock Photo via Getty Images

How a CISA proposal could impact K-12 cyber incident reporting

Overall, the nonprofit K12 Security Information Exchange backed the requirement for schools, but it asked for clarification on how the sector should report cyber incidents students initiate.
By Anna Merod • May 14, 2024
Chip Somodevilla/Getty Images via Getty Images

Black Basta ransomware is toying with critical infrastructure providers, authorities say

The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors. Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.
By David Jones • May 13, 2024
David Ramos via Getty Images

Congress wants to question Microsoft exec over security defects

The committee wants to question Brad Smith, Microsoft’s president and vice chair, over the company’s security shortcomings and how it plans to strengthen security measures.
By Matt Kapko • May 13, 2024
TriggerPhoto via Getty Images

White House wants to hold the software sector accountable for security

Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.
By David Jones • May 10, 2024
Permission granted by Carnegie Mellon University

68 tech, security vendors commit to secure-by-design practices

CISA said companies ranging from Microsoft to Palo Alto Networks signed the voluntary pledge in an effort to boost resiliency and increase transparency around CVEs and cyberattacks.
By David Jones • May 9, 2024
Matt Kapko/Security Wall/Security Wall

CISA explains why it doesn’t call out tech vendors by name

Federal officials rarely criticize tech companies when their mistakes result in attacks. The stinging conclusions CSRB levied at Microsoft are an exception, not the norm.
By Matt Kapko • May 9, 2024