Latest in Cybersecurity regulation
After a yearlong inquiry, the European spyware committee calls for stronger regulation, improved export controls, and new initiatives to control the proliferation of spyware tools.
Fixing the app’s privacy issues may not address a larger problem—the Chinese government’s continued access to the algorithm.
Cybersecurity enforcement will likely require an expansion of government inspections of critical infrastructure.
While a valuable part of a cybersecurity program, “third-party audits” are too often not audits and not done by true third parties.
As government policy moves toward more binding rules for cybersecurity, how should they be enforced? Self-assessment and self-certification are not likely to suffice.
Legislation granting the FDA express regulatory authority over the cybersecurity of medical devices points the way to incremental improvements in other sectors and products.
A closer look at the TSA’s cybersecurity directive for pipelines casts doubt on the applicability of “performance-based” regulation to cybersecurity. For now, policymakers have to combine management-based controls and technology-specific prescriptions.
Four principles for U.S. lawmakers to keep in mind as they open the messy and unsatisfying Pandora’s box of tech regulation.
Legislation moving through Congress on medical devices suggests broader lessons for how to improve the cybersecurity of essential products and critical infrastructure. The bill’s proposed system of regulation and oversight holds promise for meeting the competing criteria of certainty and flexibility, stability and adaptability, mandate and innovation.