It’s been a remarkable run at influencing cyber policy for the Cyberspace Solarium Commission, the Congressionally-mandated advisory group that offered 82 recommendations in 2020 – 48 have been implemented or are nearing completion
The U.S. Food and Drug Administration (FDA) recently proposed a rule that would require the “medical device system” to conduct risk analyses to manage cybersecurity risk throughout the lifecycle of a medical device and its connected network.
The Securities and Exchange Commission recently proposed amendments to its rules that would require reporting on cyber risk in a fast, “consistent, comparable and decision-useful manner,” as SEC Chair Gary Gensler said – a goal that effectively calls for regulated public companies to run a cyber risk management program based on risk quantification
Attention federal agencies looking to implement risk-based spending for cybersecurity: At the first quarterly event in the 2022 FAIR Conference series, Ignatius Liberto, Director, Cybersecurity Compliance and Oversight (IM-32), Office of the CIO, U. S. Department of Energy, presented a successful model
The Senate recently passed the Strengthening American Cybersecurity Act that directs the Office of Management and Budget to “develop a standard model for informing a risk-based budget for cybersecurity spending.”
In a speech this week, Securities and Exchange Commission Chair Gary Gensler said he has asked SEC staff for recommendations to update requirements for cybersecurity practices and cyber risk disclosure by public companies, as well as financial sector companies and their third-party vendors.
Rep. Jim Langevin (D-RI), a pioneer of cybersecurity legislation and oversight in Congress and an advocate for FAIR™, announced that he won’t seek re-election this year after 11 terms.
The board of the FAIR Institute sent a letter to Gary Gensler, Chairman of the Securities and Exchange Commission, calling for the SEC to direct disclosure of top cyber risks in financial terms as a “critical means to better understand the impact of cybersecurity events
The Senate has confirmed the nomination of Chris Inglis as the new national cyber director, coordinating cybersecurity across civilian agencies from the White House.
I’m thrilled with many of the provisions in the President’s recent Executive Order on Improving the Nation’s Cybersecurity. The tiered software security ratings system, the IoT consumer labeling, the cybersecurity review board, and the emphasis on sharing information on breaches and other cyber incidents, are all bold initiatives