TSA revises cybersecurity requirements for oil and gas pipelines

The agency released performance-based requirements after extensive industry debate following the May 2021 Colonial Pipeline ransomware attack.

By David Jones • July 22, 2022

California privacy rules target dark patterns through technology design

California Privacy Rights Act provisions that will go into effect in January will provide more control to consumers over how companies use their data. 

By Robert Freedman • July 21, 2022

White House takes on cyber workforce gap through 120-day apprenticeship sprint

A cyber workforce and education summit at the White House Tuesday was designed to address the long-standing shortage of qualified and diverse candidates for security operations teams. 

By David Jones • July 20, 2022

Google deal to buy Mandiant clears key antitrust hurdle

The Department of Justice cleared the deal last week, but the $5.4 billion agreement remains subject to approval by foreign regulators.

By David Jones • July 19, 2022

US effort to rip and replace hardware made in China is ballooning in cost

A yearslong push to remove telecom equipment deemed a national security threat continues to vex regulators.

By Matt Kapko • July 18, 2022

CISA eyes cross-pond cyber cooperation with London office

Federal agencies have worked closely with allies to combat malicious cyber activity and illicit use of cryptocurrency.

By David Jones • July 18, 2022

The US is losing the cyberspace race

Decades-old policies have failed to stem a growing threat, the Council of Foreign Relations said. What if the U.S. embraced a more limited and realistic strategy?

By Matt Kapko • July 15, 2022

Log4j is far from over, cyber review board says

Exploitation of Log4j occurred at lower levels than experts predicted, yet it remains an "endemic vulnerability," the Cyber Safety Review Board said.

By Naomi Eide • July 14, 2022

What to watch with 5G network security

For wireless network carriers, 5G is a model of what’s next. But it also introduces features and services that dramatically expand the threat surface.

By Matt Kapko • July 8, 2022

Lawmakers amplify calls for federal agencies to increase data privacy after Dobbs decision

Seventy-two Democratic members of Congress want the FTC to use its full power to guard patients from data brokers collecting and selling data that could be used to prosecute pregnancy-related crimes.

By Rebecca Pifer • July 7, 2022

Cash-strapped Main Street organizations face global cyberthreats

A House subcommittee hearing in Michigan helped show the persistent risks faced by local schools, government agencies and Main Street businesses.

By David Jones • June 29, 2022

Carnival to pay $5M for cyber violations to NY financial regulator

The cruise line failed to implement multifactor authentication and took 10 months to report the first of four data incidents.

By David Jones • June 27, 2022

Department of Energy rethinks cyber resilience in strategy to secure the grid

The agency wants to help the energy sector incorporate more cybersecurity safeguards during the design phase and better withstand attacks. 

By David Jones • June 23, 2022

5 takeaways from the RSA Conference

The event tried to pick up where it left off 28 months ago. Can defenders keep up with the accelerated pace and scale of the cyber threat?

By Matt Kapko • June 13, 2022

America's cyber chiefs have a long to-do list

The federal government wants to lead by example and communicate the urgency of the moment. First, it needs to get its security affairs in order. 

By Matt Kapko • June 9, 2022

Russia, backed by ransomware gangs, actively targeting US, FBI director says

The FBI is laser focused on preventing a destructive attack, FBI Director Christopher Wray said. The agency previously, helped to disrupt a 2021 Iran-backed attack on Boston Children’s Hospital. 

By David Jones • June 2, 2022

Feds remain in the dark as ransomware disclosure lags

The government's lack of ransomware data makes it more difficult to prevent, mitigate and recover from attacks, said Sen. Gary Peters, D-MI.

By David Jones • May 25, 2022

Feds release grim reminder: Threat actors prey on basic security mishaps

Federal authorities and U.S. allies admonished companies to tighten weak controls and configurations.

By David Jones • May 20, 2022

Biden administration makes inroads amid zero trust rollout

More than 50 federal agencies expect to have EDR technology by the end of fiscal year.

By David Jones • May 19, 2022

How the Colonial Pipeline attack instilled urgency in cybersecurity

The federal government and private sector are still coming to terms with how to protect operational technology in an increasingly volatile threat environment.

By David Jones • May 17, 2022

Companies need to align cyber and disclosure efforts: SEC attorney

The SEC aims to protect investors from cyber-related risks by cracking down on companies that release misleading disclosures about cyberattacks. 

By Jim Tyson • May 13, 2022

Tech giants pledge multimillion down payment to secure open source

Top technology companies offered $30 million toward a two-year goal to bolster software supply chain security.

By David Jones • May 13, 2022

White House cyber executive order still has unfinished business

The Biden administration is up against key hurdles in its effort to raise software security standards and establish zero trust across federal agencies.

By David Jones • May 12, 2022

US, allies blame Russia for Viasat cyberattack

The Five Eyes and other EU authorities linked Russia to a series of web defacement, DDoS and destructive wiper attacks in the weeks leading up to the Ukraine invasion.

By David Jones • May 11, 2022

Vet software security as part of enterprise procurement, NIST says

The guidance, an answer to last year's executive order, examines where and when potential supply chain vulnerabilities can surface.

By Matt Kapko • May 9, 2022