Policy & Regulation: Page 3


  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA launches cyber incident reporting portal to streamline breach disclosure

    The secure portal is designed to encourage faster and more robust information sharing about malicious attacks and critical vulnerabilities.

    By Aug. 30, 2024
  • data privacy, FTC
    Image attribution tooltip
    champpixs via Getty Images
    Image attribution tooltip

    Automakers meet growing data privacy challenges, experts say

    A Federal Trade Commission crackdown and lawsuit against GM show automakers are navigating legal risks.

    By Michael Brady • Aug. 28, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA officials credit Microsoft security log expansion for improved threat visibility

    CISA officials say they plan to hold Microsoft accountable to ensure the company lives up to its commitments.

    By Aug. 27, 2024
  • SEC no-action requests on 2024 shareholder proxy vote proposals
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    SEC settles cyber case with Equiniti Trust as oversight questions linger

    The firm, formerly known as American Stock Transfer, will pay $850,000 to settle civil fraud charges involving the theft of $6.6 million in client funds.

    By Aug. 26, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA’s $524M headquarters slated for DHS campus in 2027

    Construction for the agency’s centralized facility is expected to break ground in the fall. CISA staffers are currently spread out across five office rentals.

    By Aug. 23, 2024
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images
    Image attribution tooltip

    US, Australian authorities lead international push to adopt event logging

    State-linked and criminal threat groups are using living-off-the-land techniques to hide their hacking activities behind regular security tools.

    By Aug. 22, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    White House details $11M plan to help secure open source

    National Cyber Director Harry Coker Jr., speaking at Def Con in Las Vegas, says federal assistance must be bolstered by more ownership among the community.

    By Aug. 14, 2024
  • Keynote stage for Black Hat 2024 at Michelob Ultra Arena in Las Vegas on August 7, 2024.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    CISA director: Cybersecurity is ‘not an impossible problem’

    In Jen Easterly's view, the solution to the industry's pains lies in secure by design. “We got ourselves into this, we have to get ourselves out,” she said during a media briefing at Black Hat.

    By Aug. 13, 2024
  • a row of Delta planes on an airport tarmac
    Image attribution tooltip
    Andrew Harnik via Getty Images
    Image attribution tooltip

    Delta expects $380M revenue hit due to CrowdStrike outage

    The company said it canceled 7,000 flights in five days due to the IT outage, according to a Thursday filing with the Securities and Exchange Commission.

    By Roberto Torres • Aug. 9, 2024
  • Guard stands in front of Securities and Exchange Commission building.
    Image attribution tooltip
    Brendan Smialowski via Getty Images
    Image attribution tooltip

    Progress Software says SEC declines to pursue action related to MOVEit exploitation spree

    The decision comes just weeks after a federal court dismissed most of the SEC’s civil fraud case against SolarWinds.

    By Aug. 8, 2024
  • A close up of Michael Regan
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip

    Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems

    The report comes amid a rise in malicious cyberthreats from state-linked and criminal hackers targeting U.S. drinking water and water treatment facilities.

    By Aug. 6, 2024
  • A screen showing a technical error message in an airport hallway
    Image attribution tooltip
    Jack Taylor via Getty Images
    Image attribution tooltip

    CrowdStrike outage renews supply chain concerns, federal officials say

    The White House and the U.S. Government Accountability Office are raising questions about the resilience of the software supply chain and memory safety vulnerabilities.

    By Aug. 2, 2024
  • SEC seal outside Washington D.C. building
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    SolarWinds legal ruling expected to narrow, but maintain SEC oversight on cyber transparency

    The dismissal of most charges in a closely watched civil fraud case will test the ability of federal authorities to regulate risk disclosure.

    By July 29, 2024
  • Customers stand in line at an airport.
    Image attribution tooltip
    Joe Raedle via Getty Images
    Image attribution tooltip

    CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds

    A report from Parametrix estimates cyber insurance will cover only about 10% to 20% of losses.

    By July 25, 2024
  • A massive IT outage stranded Delta Air Lines passengers at the Detroit Metropolitan Wayne County Airport on July 20.
    Image attribution tooltip
    Joe Raedle via Getty Images
    Image attribution tooltip

    CrowdStrike, Microsoft scramble to contain fallout from global IT outage

    Cybersecurity and IT experts said users are having major difficulties in recovery efforts, despite workarounds and guidance the vendors released.

    By July 22, 2024
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Image attribution tooltip

    Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

    The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

    By Updated July 18, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA calls for elimination of OS command injection vulnerabilities

    Threat groups target vulnerabilities in widely used network devices. CISA’s latest advisory urges software makers to eliminate them at the source.

    By July 11, 2024
  • SEC logo is on display outside its building in Washington, D.C.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    MOVEit legal liabilities, expenses pile up for Progress Software

    The prospective financial hit from a widely exploited vulnerability in the file-transfer service is growing. Progress confronts lawsuits, regulator scrutiny and government investigations.

    By July 10, 2024
  • Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Critical infrastructure providers seek guardrails on scope, timeline for CIRCIA rules

    In a last-minute push, critical infrastructure stakeholders urged federal officials to give more flexibility on the detail required during the first 72 hours of covered cyber incidents.

    By July 8, 2024
  • Macquarie v Moab
    Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images
    Image attribution tooltip

    Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

    Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.

    By Updated July 8, 2024
  • Two technicians work on a solar panel as a drone flies overhead.
    Image attribution tooltip
    whyframestudio via Getty Images
    Image attribution tooltip

    Manufacturing cybersecurity at heart of new White House guidance

    The increased priority on security comes as more clean energy supply chains face the threat of a cyberattack.

    By Kate Magill • June 24, 2024
  • A close up of a man in a blue suit with a multicolored tie gesturing while seated at a desk.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft president promises significant culture changes geared towards security

    Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.

    By June 14, 2024
  • Microsoft President and Vice Chair Brad Smith speaks April 12, 2023, at the Semafor World Economy Summit in Washington D.C.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft will take full ownership for security failures in House testimony

    Brad Smith, the company’s vice chair and president, will acknowledge extensive security lapses while outlining steps the company, industry and nation need to move forward.

    By June 13, 2024
  • The seal of the Federal Communications Commission.
    Image attribution tooltip
    Mark Wilson / Getty Images via Getty Images
    Image attribution tooltip

    FCC approves $200M K-12 cybersecurity pilot

    The three-year program will help schools begin to cover the costs of securing their networks from cyberattacks.

    By Anna Merod • Updated June 7, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    White House wants to harmonize the breadth of cybersecurity regulations

    National Cyber Director Harry Coker Jr. detailed White House strategy to streamline the administrative burden and cost of cyber compliance.

    By June 5, 2024