Inside Cybersecurity

October 10, 2025

Home Page

Home Page

By Sara Friedman

Senate Homeland Security ranking member Gary Peters (D-MI) is offering a new bill in his attempt to reauthorize the Cybersecurity Information Sharing Act of 2015 that includes a provision to retroactively provide info-sharing protections for the length of the current lapse.

By Jaden Beard

The Institute for Security and Technology is outlining a proposed plan in a new report to shift a widely used vulnerability disclosure program funded by the Cybersecurity and Infrastructure Agency into a multistakeholder global governance structure with stable funding.

By Jaden Beard

Nick Leiserson of the Institute for Security and Technology says the Office of the National Cyber Director should take the lead on transitioning of the Common Vulnerabilities and Exposures program to an international governance model, arguing the move would be in alignment with a Trump administration priority to offset U.S. global security spending.

By Sara Friedman

A new report from the Foundation for Defense of Democracies details keys to creating a successful policy commission based on the work of the Cyberspace Solarium Commission and describes a five-stage process that led to 58 percent of their original recommendations being implemented in some form.

By Sara Friedman

A prolonged lapse of the Cybersecurity Information Sharing Act of 2015 could create challenges in the current info-sharing ecosystem, according to the Cybersecurity Coalition’s Ari Schwartz, who says the law has evolved over 10 years to address other large issues impacting the stakeholder community while providing certainty through its protections.

By Sara Friedman

Stakeholders in the open source community are providing advice on areas where more clarification would be helpful in a proposed update to a Software Bill of Materials minimum elements guide developed by the Cybersecurity and Infrastructure Security, in filings submitted in response to a request for information.

By Sara Friedman

The Federal Communications Commission will consider a report and order at an Oct. 28 meeting to add certain devices to the agency’s equipment authorization review process for prohibiting continued use in the United States over national security risks.

RECENT NEWS

Aspen Digital launches virtual training program to create cybersecurity advocates for driving community engagement
Lapse of CISA 2015 law brings up questions over remaining protections, as companies review existing info-sharing policies to determine next steps
Moody’s finds local governments at risk of sharing sensitive data to publicly available AI tools
NIST annual event to highlight evolving transformation of cybersecurity workforce
Trump executive order renews efforts under national security advisory committee run by DHS
Georgia Tech agrees to Justice Dept. settlement over alleged failure of implementing defense cyber standards

MORE NEWS ›

Topics

CMMC
NIST publishes final draft for advanced persistent threats publication update, accompanying assessment guide
DOD CIO nominee Davies identifies opportunities for realignment to meet zero trust goals
Pentagon considers costs for small businesses to comply with CMMC acquisition requirements in final rule
CMMC accreditation body expects to update assessment process guide in December
Incident Reporting Law
U.S. Chamber raises concerns to New York regulators over proposed cyber requirements for public utilities, cable television providers
Homeland Security lawmakers react to six-month delay of CISA mandatory incident reporting final rule
CISA moves deadline to May 2026 for issuing final rule implementing mandatory incident reporting regime
Tech group encourages reinstatement of critical infrastructure partnership in National Cyber Director recommendations for Cairncross
Supply Chain
Former CISA officials call for market incentives as next step for secure by design efforts
CISA emphasizes need for operational technology visibility in water, energy sectors
Shutdown plans: CISA, NIST expect one-third of employees to remain working without continuing resolution in place
NIST seeks feedback on draft update to cybersecurity framework profile for manufacturing sector
Zero Trust
Lawfare project poses research questions to guide future secure by design work
Arrington: Defense Dept. guidance on ‘blowing up’ risk management framework expected by Nov. 30
OMB’s Duffy discusses efforts to advance zero trust, find efficiencies across agencies
House appropriators advance fiscal 2026 budget bill for ONCD, OMB with requirement to conduct zero trust assessment
National Cyber Strategy
Stakeholders consider ‘systemic defense’ framework to address cyber infrastructure issues
Former NCD Inglis optimistic about opportunities for cyber under Trump administration
OMB memo for fiscal 2025 FISMA reporting builds on network visibility requirements, IoT responsibilities
NCD Coker: Chinese cyber threats require cross-sector engagements, partnership with OMB
CSF 2.0
NIST seeks input on guidance mapping post-quantum cryptography capabilities to key agency publications
Security pros eager for scoping in NIST’s cyber AI ‘profile’ as businesses press for deployment
NIST publishes draft quick start guide for managing emerging cyber risks using CSF 2.0
NIST releases white paper for public comment to inform creation of transit-focused cybersecurity framework profile
INTERNET OF THINGS
NIST finalizes IoT characterization report, supplementing MUD project
Former NSC cyber leader Neuberger joins tech-focused investment firm a16z
NIST finalizes lightweight cryptography standard for Internet of Things devices
CISA launches series to help agencies with implementing zero trust principles
Artificial Intelligence
Moody’s finds local governments at risk of sharing sensitive data to publicly available AI tools
Easterly emphasizes power of artificial intelligence for software security
Civil society group raises security concerns over General Services Administration’s AI contract announcements
Global cyber initiative explores launching AI tools for risk profile assessments