Senate Select Committee on Intelligence Chairman Mark R. Warner (D-VA) recently issued a white paper, “Cybersecurity Is Patient Safety,” suggesting policy initiatives for the federal government to incentivize better cybersecurity practices in the healthcare sector.
FAIR Institute Urges a Risk-based Approach to Healthcare Cybersecurity, in Response to Policy Options Paper by Sen. Warner
Can the Cyberspace Solarium Commission Keep the Legislative Momentum Going? Exec Director Mark Montgomery to Update 2022 FAIR Conference
It’s been a remarkable run at influencing cyber policy for the Cyberspace Solarium Commission, the Congressionally-mandated advisory group that offered 82 recommendations in 2020 – 48 have been implemented or are nearing completion
FDA Proposes a “Probabilistic,” Scenario-based Approach for Medical Device Cyber Risk
The U.S. Food and Drug Administration (FDA) recently proposed a rule that would require the “medical device system” to conduct risk analyses to manage cybersecurity risk throughout the lifecycle of a medical device and its connected network.
SEC Proposes Rules for Faster, More Defensible Cyber Risk Reporting. It Could Do Better Still
The Securities and Exchange Commission recently proposed amendments to its rules that would require reporting on cyber risk in a fast, “consistent, comparable and decision-useful manner,” as SEC Chair Gary Gensler said – a goal that effectively calls for regulated public companies to run a cyber risk management program based on risk quantification
Energy Department Presents a FAIR-based Risk Management Model for Federal Government
Attention federal agencies looking to implement risk-based spending for cybersecurity: At the first quarterly event in the 2022 FAIR Conference series, Ignatius Liberto, Director, Cybersecurity Compliance and Oversight (IM-32), Office of the CIO, U. S. Department of Energy, presented a successful model
Senate Passes 'Strengthening American Cybersecurity Act,' Requires a Federal Cyber Risk Model
The Senate recently passed the Strengthening American Cybersecurity Act that directs the Office of Management and Budget to “develop a standard model for informing a risk-based budget for cybersecurity spending.”
SEC Chair Gensler Signals Tighter Cybersecurity Reporting Coming, Opening the Way for Risk Quantification
In a speech this week, Securities and Exchange Commission Chair Gary Gensler said he has asked SEC staff for recommendations to update requirements for cybersecurity practices and cyber risk disclosure by public companies, as well as financial sector companies and their third-party vendors.
Leading Advocate for Cybersecurity Rep. Jim Langevin to Leave Congress
Rep. Jim Langevin (D-RI), a pioneer of cybersecurity legislation and oversight in Congress and an advocate for FAIR™, announced that he won’t seek re-election this year after 11 terms.
FAIR Institute Calls on SEC to Require Disclosure of Top Cyber Risks in Financial Terms
The board of the FAIR Institute sent a letter to Gary Gensler, Chairman of the Securities and Exchange Commission, calling for the SEC to direct disclosure of top cyber risks in financial terms as a “critical means to better understand the impact of cybersecurity events
Senate Confirms Chris Inglis, Former NSA Deputy Director and FAIR Conference Speaker, to Be National Cyber Director
The Senate has confirmed the nomination of Chris Inglis as the new national cyber director, coordinating cybersecurity across civilian agencies from the White House.