Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com.

NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks

NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks

The guidance seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes.

Biden memo, infrastructure deal deliver cybersecurity performance goals and money

Biden memo, infrastructure deal deliver cybersecurity performance goals and money

The White House initiatives and expected passage of the US infrastructure plan will set new cybersecurity standards for critical infrastructure, provide money to state and local governments.

18 new cybersecurity bills introduced as US congressional interest heats up

18 new cybersecurity bills introduced as US congressional interest heats up

The new bills, many with bi-partisan support, aim to increase cybersecurity funding, improve breach reporting, investigate cryptocurrencies, and more.

TSA issues second cybersecurity directive for pipeline companies

TSA issues second cybersecurity directive for pipeline companies

Experts applaud the agency's new, detailed security requirements for US pipeline operators but question how they will be enforced or monitored.

Biden administration, US allies condemn China's malicious hacking, espionage actions

Biden administration, US allies condemn China's malicious hacking, espionage actions

Global coalition calls on China to curtail its cyber activities. For the first time, the US blames China directly for ransomware attacks.

Biden Administration announces flurry of new anti-ransomware efforts

Biden Administration announces flurry of new anti-ransomware efforts

The defensive initiatives include a reward for information on nation-state actors and the formation of a new interagency ransomware task force.

NIST’s EO-mandated software security guidelines could be a game-changer

NIST’s EO-mandated software security guidelines could be a game-changer

While experts applaud the new security guidance, it's unclear whether software vendors will completely embrace and implement the needed security practices.

Ransomware talks: How Biden could push Putin to the table

Ransomware talks: How Biden could push Putin to the table

Under pressure to end the ransomware scourge, the White House faces strong headwinds. The problem: Putin has no motivation to change the status quo.

Proposed bill would create a new federal agency to protect consumer data

Proposed bill would create a new federal agency to protect consumer data

The Data Protection Act of 2021 has wide-ranging definitions of high-risk data practices and privacy harm.

NIST defines

NIST defines "critical software" with a broad range of security functions

The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order.

Four states propose laws to ban ransomware payments

Four states propose laws to ban ransomware payments

Some state legislatures are debating bills that could limit or ban ransom payments. A better option, experts say, is mandatory reporting of ransomware attacks.

Government-mandated SBOMs to throw light on software supply chain security

Government-mandated SBOMs to throw light on software supply chain security

The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.

US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks

US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks

Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.

Feds seize $2.3 million in cryptocurrency wallet reportedly used in Colonial Pipeline ransomware attack

Feds seize $2.3 million in cryptocurrency wallet reportedly used in Colonial Pipeline ransomware attack

The successful seizure could encourage other victims to better cooperate with federal agencies and cause ransomware gangs to rethink their operations.

TSA’s pipeline cybersecurity directive is just a first step experts say

TSA’s pipeline cybersecurity directive is just a first step experts say

The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.

How the post-pandemic world will challenge CISOs

How the post-pandemic world will challenge CISOs

More permanent remote workers, requirements for protecting health data, and a more dangerous threat landscape await security teams as the COVID crisis ends.

SolarWinds, Exchange attacks revive calls for mandatory breach notification, better information sharing

SolarWinds, Exchange attacks revive calls for mandatory breach notification, better information sharing

Strong two-way communication between government and the private sector combined with a clear national breach notification policy will put a dent in cybercrime, experts say.

Biden administration releases ambitious cybersecurity executive order

Biden administration releases ambitious cybersecurity executive order

Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial Pipeline attack.

Colonial Pipeline shutdown highlights need for better OT cybersecurity practices

Colonial Pipeline shutdown highlights need for better OT cybersecurity practices

Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.

Task force proposes framework for combatting ransomware

Task force proposes framework for combatting ransomware

A diverse coalition of experts from business and the public sector present 48 recommendations for solving the ransomware crisis, including international cooperation and regulating cryptocurrencies.

Load More