Latest in CISA
The Justice Department should issue guidance to clarify the line between covering up a data breach and merely declining to disclose it.
Log4Shell remains a national concern because the open-source community cannot continue to shoulder the responsibility of securing this critical asset and vendors are not exercising due care in incorporating open-source components into their products. A comprehensive institutional response to the incentives problem is needed.
Last year, President Biden created the Cyber Safety Review Board, with the intention that (akin to the National Transportation Safety Board) the new organization would review cyber incidents, examine root causes and, where necessary, make recommendations.
In emergencies, federal agencies can avoid cumbersome rulemaking procedures. Uses of the “good cause” exception following 9/11 and the outbreak of the coronavirus offer insights relevant to the current cybersecurity threats to critical infrastructure.
Five Eyes Alliance cybersecurity advisory over Russian state-sponsored and criminal cyber threats to critical infrastructure.
The new appropriations bill is sound overall, but it addresses only half of the federal government’s cybersecurity mandate.
The new reporting mandate is designed to encourage compliance with the law and increase the quantity and quality of cyber incident reporting
Many federal agencies have existing authority that could be leveraged to improve the cybersecurity of private actors under their jurisdiction.
Over the past two years, Russian state-sponsored cyber actors have been targeting U.S. cleared defense contractors.
Attackers in cyberspace have had the systemwide advantage for decades. Reversing this requires both a more nuanced understanding of the offense-defense balance and innovations with leverage that works at scale across the internet.