Insights & Research

In the latest Distilling Cyber Policy podcast episode, Lee Licata, from the Department of Justice, and Grant Dasher, from the Cybersecurity and Infrastructure Agency discuss the recent data privacy executive order with our hosts.

The federal government is one step closer to requiring approximately 315,000 businesses to report cyber incidents and ransomware payments. 

The NIST Privacy Framework is getting a little "Spring Cleaning." Officials from NIST's Privacy Engineering Program updated participants on updated to the Privacy Framework and other projects at an event last week.

The Cybersecurity Coalition, U.S. Chamber of Commerce, and 23 other organizations have requested a 30-day extension to the comment period for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) from CISA.

Two reports released by the U.S. government provide important insights into the state of the ransomware threat stating that it is still costly and impactful and a staple national security risk.

CISA published a final version of the Secure Software Development Attestation Common Form, which quires software vendors to sign the form, self-attesting that they comply with secure software practices.

In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Mark Montgomery, Senior Director and Senior Fellow at the Foundation for the Defense of Democracies.

After years of negotiating, the United Nations cybercrime treaty is stalled due to large scale disagreements on scope, terminology, and other details that lead to suspension of the Convention and the tentative decision to reconvene another session.

The Coalition to Reduce Cyber Risk held a briefing at the World Trade Organization in Geneva, Switzerland focused on forthcoming research around the inclusion of digital trade and cybersecurity components in trade agreements

A token with a six-digit code was the ultimate in MFA but with the rise of AI and other sophisticated attacks organizations need to look at phishing-resistant authentication.