Cyber

FCC chair Jessica Rosenworcel has floated a proposal to increase requirements for internet service providers to report their security breaches, to reflect the changing frequency and nature of these threats as well as new state reporting laws. The proposed rule would remove a current mandatory waiting period of seven business days for carriers to notify […]

As authorized by the Federal Information Security Modernization Act of 2014, GAO reviewed 23 federal civilian agencies, looking at their reports and other performance data to evaluate the effectiveness of their implementation of cybersecurity policies and practices, and the extent to which their officials consider FISMA effective at improving the security of their information systems. […]

The Department of Commerce has launched a pilot of the Government and Business Exchange, a program to improve the agency’s understanding of vendors’ cybersecurity and IT capabilities, and their understanding of its needs. GABE will consist of 30-minute sessions – held virtually for now – hosted by Commerce’s Enterprise Services–Acquisition office, in which they share […]

The Defense Department has launched the University Consortium for Cybersecurity (UC2), a hub to facilitate back-and-forth exchanges on strategic cybersecurity issues with colleges and historically Black universities and colleges, as well as larger research universities. UC2 stems from a section in the National Defense Authorization Act for fiscal 2020, which required DoD to develop consortia […]

The so-called “great resignation,” in which record numbers of people are quitting their jobs – with experienced leaders retiring early and middle managers seeking less stressful remote work – is starting to affect cybersecurity. In addition to the pandemic-related stresses across industries, among cyber professionals there is also exhaustion from simultaneously growing cyber threats. The […]

CISA, the FBI, and the NSA have released a joint Cybersecurity Advisory that provides an overview of Russian state-sponsored cyber operations, including commonly observed...

This week’s episode covers an update on the Cybersecurity Maturity Model Certification program, a GAO report on DHS’ controls to protect personally identifiable information, a Federal Circuit decision regarding prejudice in the bid protest context, and highlights from the National Defense Authorization Act for FY2022, and is hosted by Peter Eyre and Monica Sterling. Crowell […]

Although the response to the Log4j vulnerability by the cybersecurity community has been “exceptional,” CISA director Jen Easterly warns that the attack vector could be a sleeping bear, biding its time to act. Easterly has highlighted the work of the agency’s Joint Cyber Defense Collaborative, an effort to develop cyber defense operations in partnership with […]

The House Oversight and Reform Committee has released a “discussion draft” of a bill to reform the Federal Information Security Management Act of 2014, which largely aligns with a bill that passed the Senate Homeland Security and Governmental Affairs Committee last fall. At a hearing to review the draft, expert witnesses expressed the importance to […]

The Lloyd’s Market Association recently released four model clauses to exclude coverage for “war” from cyber insurance policies. The exclusions align with the requirement that all insurance policies written at Lloyd’s must exclude losses caused by war. Given the insurance industry’s weakening appetite for cyber risks, the issue for insureds is the extent to which […]