Insights & Research

The Center conducted a multi-stakeholder tabletop exercise in April to explore a form of concentration risk where a single software, configuration, service, or hardware becomes dominant in an ecosystem.

IT concentration risk is a relatively new term but due to recent cyberattacks it has been front and center. To examine the issue the Center conducted an exercise to look at the threats of IT concentration risk and offer recommendations.

In our latest podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by John Banghart, Venable LLP, and Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) Program.

In our latest Distilling Cyber Policy podcast episode, our hosts are joined by John Banghart and Kent Landfield to discuss the latest developments and ongoing debate around the National Vulnerability Database.

Industry, government, and civil society stakeholders from across Latin America, the EU, and U.S. convened in Colombia last month for a roundtable discussion "Towards a Common AI and Cyber Vision in LATAM," hosted by the Digi Americas Alliance.

U.S. State Department releases International Cyberspace & Digital Policy Strategy, building off the U.S. National Cybersecurity Strategy.

The CCPL hosted a half-day event during the RSA Conference in San Francisco featuring speakers from the NIST and the NCCoE to talk about the Cybersecurity, Privacy, and AI risk management frameworks.

CISA announced its “Secure by Design Pledge,” a voluntary commitment by software manufacturers to work towards implementing several cybersecurity best practices.

The Biden Administration released a new National Security Memorandum that aims to strengthen the U.S. critical infrastructure.

In the wake of the Change Healthcare breach – caused by compromised credentials and no multifactor authentication (MFA) on a remote access server – is it time for government to mandate MFA for critical infrastructure organizations?