Author Archive

Mariam Baksh

Senior Correspondent

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
Cybersecurity

The federal government is moving on memory safety for cybersecurity

The issue of how coding languages might support software developers’ management of memory has recently gotten attention from the National Security Council, the Cybersecurity and Infrastructure Security Agency and Congress.

Cybersecurity

Agencies face interoperability challenges with zero trust, GAO says

Because there is no single zero-trust solution, agencies must integrate new and existing solutions, a challenge for those with large investments in traditional technologies, the watchdog agency said.

Cloud & Infrastructure

NTIA wants to know how best to spend $1.5B in grants for secure, open 5G

The money will be available to suppliers of information and communications technology in an effort to move away from Chinese companies like Huawei and ZTE.

Cybersecurity

CISA highlights space, bioeconomy as possible new critical infrastructure sectors

The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.

Cybersecurity

Securing IoT requires government, industry collaboration

As government looks to adopt procurement regulations for internet-connected devices, industry stakeholders are skeptical.

Cybersecurity

CISA director: Big tech shouldn’t charge extra for event logging

The agency has promised to measure the success of efforts to steer major software providers toward the inclusion of logging and other basic security features in their products “by default,” but has said little about how it actually intends to do that.

Cloud & Infrastructure

CISA seeks feedback on baseline measures to secure cloud configuration

Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next. 

Cybersecurity

CISA to focus on water, education and health sectors over the next year

The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.

Cybersecurity

CISA plans local events to discuss cyber incident reporting

The effort aims to give officials a greater understanding of cyber threats and the ability to defend U.S. critical infrastructure against cascading impacts when attacks occur.

Cybersecurity

Consumer cyber hygiene makes significant gains, report shows

Over the last three years, more consumers are using strong passwords, enabling multifactor authentication and blocking location-tracking services.

Cybersecurity

National cybersecurity review begins for all levels of government

The annual self-assessment asks all states and local agencies, tribal nations and territorial governments receiving DHS security grants to assess their cyber gaps and capabilities.

Cybersecurity

Guidance aims to help critical infrastructure protect against cyberattacks

A cybersecurity advisory will help critical infrastructure owners and operators simplify choices around the security of industrial control systems while allowing flexibility the companies say is needed to their operations.

Cybersecurity

Rule for vendors' secure software self-attestation in the works

Federal agencies will soon need vendors to attest that their products conform with NIST guidance on secure software development, OMB says.

Data & Analytics

Lax data privacy rules may expose consumer location information

With states now free to enforce their own data privacy laws, regulators have been on the lookout for mobile carriers sharing sensitive location information.

Emerging Tech

DHS commits to better intel sharing with law enforcement, points to mobile app

Whether the department has increased information sharing with government partners is unclear, but—either way—the quality is just not there, according to DHS’ Office of the Inspector General.

Cybersecurity

Locking down identity and access management post-SolarWinds

The epic intrusion campaign has turned up the brights on vendors providing authentication services, but agencies will still need to be actively engaged for effective implementation.

Cybersecurity

EPA to issue cybersecurity rule for water facilities

The EPA will extend its sanitary reviews of critical water facilities to include cybersecurity, an administration official said.

Emerging Tech

NIST selects 12 companies for implementing post-quantum cryptography  

Officials leading a standardization effort—based on four winning algorithms—are relying heavily on industry for success.

Cybersecurity

Diabetes patients flood FDA with comments on cybersecurity for medical devices

Commenters want the Food and Drug Administration to clarify that cybersecurity guidance intended to prevent unauthorized access to data and devices should not apply to patients.