Author Archive

Mariam Baksh

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
Cybersecurity

DOD recommends NIST align frameworks for cybersecurity risk management

An effort to update the framework for securing critical infrastructure from cyberattack is coming face to face with issues that have plagued the Commerce agency from the beginning.

Cybersecurity

Why Commerce went against Microsoft on rule to control cyber exploits

The rule aims to prevent certain countries—most notably China—from receiving U.S. exports that could advance their intrusion and surveillance technology.

Cybersecurity

New DOJ guidance on enforcing hacking laws carves out safe space for security research

Nearly a decade after the death of open-access advocate Aaron Schwartz, his legacy is still playing out in cybersecurity policy.

Cybersecurity

CISA orders agencies to mitigate VMware vulnerabilities under deadline

Advanced adversaries appear to be exploiting the vulnerabilities to get around multifactor authentication.

Cybersecurity

U.S., allied cybersecurity agencies, advise reviewing contracts with tech vendors

A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.

Cybersecurity

NIST's supply chain security guidance tells agencies to look to FedRAMP

The agency has spent years revising guidance for organizations to address vulnerabilities presented by vendors of software and other enterprise suppliers.

Cybersecurity

NSA chief: Cyber Command did 9 international missions last year

Gen. Paul Nakasone acknowledged proactive missions to diffuse cyber threats to U.S. elections and other critical infrastructure and stressed the importance of artificial intelligence to advance such efforts.

Cybersecurity

CISA seeks comment on visibility effort being piloted with cloud service providers

The agency is starting to spend the $690 million it got through the American Rescue Act to monitor security and respond to incidents across federal civilian networks.

Cybersecurity

Joint alert warns advanced hackers have developed tool targeting industrial control systems

The design of the tool, which allows full system access to certain operational technology in environments such as power plants and water treatment facilities, can also be used by less sophisticated attackers.

Acquisition

Google surveys feds in fight with Microsoft for government market

The survey report tried to associate heavy reliance on Microsoft’s products with greater susceptibility to cyberattacks.

Cybersecurity

6 takeaways on cybersecurity policy from the president’s FY 2023 budget

The administration expects CISA to grow by just under 300 full-time employees over the next year, for example.

Cybersecurity

Citing 'evolving intelligence,' White House flags risks of Russian cyberattacks on critical infrastructure

Officials, distressed by the continued lack of cybersecurity basics implemented in the private sector, issued “a call to action.”

Cybersecurity

CISA, FBI warn of Russian threat to satellite networks

Organizations are asked to report incidents they might ordinarily consider inconsequential to the government.

Cybersecurity

Insurance policies may tighten amid U.S.-Russia tensions, cyber pros warn

What a recent court decision means for insurers’ attempts to avoid payouts associated with “acts of war” and breaches where nation-state actors may have played a role.

Cybersecurity

Russia-Ukraine conflict could speed passage of major cybersecurity legislation

The threat of Russian retaliation against the west is front-of-mind with Senate passage of key bills to require reports of ransomware payments and other cybersecurity incidents to the government, overhaul FISMA and codify FedRAMP. 

Cybersecurity

NIST refreshing voluntary cybersecurity framework amid push for mandates

The agency is soliciting comments to update a core document that lets entities pick and choose which technical standards they want to apply to their systems based on their own risk assessment.

Cybersecurity

DHS official to chair Biden-ordered cyber safety review board

Cybersecurity professionals say the board needs subpoena authority in order to be effective.

Cybersecurity

EPA leading White House effort to secure the water sector against cyberattacks

This is the third in a series of 100-day sprints to shore up industrial control systems used in critical infrastructure.

People

Congress losing a heavy hitter on cybersecurity

Rep. Jim Langevin, co-chair and founder of the House Cybersecurity Caucus, will not seek re-election.