Author Archive

Mariam Baksh

Senior Correspondent

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
Cybersecurity

Rule for vendors' secure software self-attestation in the works

Federal agencies will soon need vendors to attest that their products conform with NIST guidance on secure software development, OMB says.

Data & Analytics

Lax data privacy rules may expose consumer location information

With states now free to enforce their own data privacy laws, regulators have been on the lookout for mobile carriers sharing sensitive location information.

Emerging Tech

DHS commits to better intel sharing with law enforcement, points to mobile app

Whether the department has increased information sharing with government partners is unclear, but—either way—the quality is just not there, according to DHS’ Office of the Inspector General.

Cybersecurity

Locking down identity and access management post-SolarWinds

The epic intrusion campaign has turned up the brights on vendors providing authentication services, but agencies will still need to be actively engaged for effective implementation.

Cybersecurity

EPA to issue cybersecurity rule for water facilities

The EPA will extend its sanitary reviews of critical water facilities to include cybersecurity, an administration official said.

Emerging Tech

NIST selects 12 companies for implementing post-quantum cryptography  

Officials leading a standardization effort—based on four winning algorithms—are relying heavily on industry for success.

Cybersecurity

Diabetes patients flood FDA with comments on cybersecurity for medical devices

Commenters want the Food and Drug Administration to clarify that cybersecurity guidance intended to prevent unauthorized access to data and devices should not apply to patients.

Cybersecurity

North Korea behind ransomware attacks on public health sector, advisory says

Because the state-sponsored cyber actors likely assume health care organization will pay ransoms, attacks will continue, federal cybersecurity agencies say.

Cybersecurity

Lawmaker says 'crypto driver's license' could deter use of digital currency in ransomware

Proposed legislation calls on federal agencies to harmonize national digital identity infrastructure by leveraging biometric databases states have been building to participate in REAL ID, a standard for accepting state-issued identification.

Cybersecurity

Lawmakers debate ROI on cyber insurance

The jury is still out on how using insurance policies to pay ransoms and re-establish systems after a cyberattack affects critical infrastructure organizations’ individual and collective resilience.

Cybersecurity

Allied cybersecurity agencies advise against disabling popular tool for cyberattackers

The Microsoft program – PowerShell – has granted malicious actors in major hacks remote command and control ability over victims, but, by the same token, it can improve cybersecurity management across an enterprise.

Cybersecurity

GAO calls for deeper analysis of federal cyber insurance option

The scope of coverage, financial implications to taxpayers and potentially counterproductive incentives must be considered while examining the need for a federal cyber insurance program, the government watchdog said.

Cloud & Infrastructure

Report details 5G security assessment process

With a uniform and flexible approach, agencies can evaluate, understand and address security and resilience gaps with their 5G assessment policies.

Cybersecurity

New DOJ guidance on key hacking law creates carve out for security researchers

Nearly a decade after the death of open-access advocate Aaron Schwartz, his legacy is still playing out in cybersecurity policy.

Cybersecurity

The plan to secure open source software

The open source community outlined key initiatives that can immediately address goals for hardening the software supply chain.

Cybersecurity

Managed service contracts deserve extra cyber scrutiny, intel agencies advise

A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.

Cloud & Infrastructure

NIST is building a 5G network to model cybersecurity for operators

NIST's draft publication is designed to clarify how cloud security capabilities can help protect a 5G network.

Cybersecurity

CISA points to water sector in seeking $80 million more for FEMA grants

CISA and FEMA are currently rolling out the first of $1 billion in Rescue Act funding to help target-rich, resource-poor state and local entities improve their cybersecurity.

Cybersecurity

Malware enables less skilled adversaries to attack industrial control systems

The sophisticated malware features a modular design that would make it more accessible to less skilled adversaries targeting operational technology in power plants and water treatment facilities, specialists say.