Posts by Harley Geiger

6 min Public Policy

Overview of the EU’s draft NIS 2 Directive

The EU Commission proposed revisions to its NIS Directive that would enhance cybersecurity requirements on critical infrastructure-like organizations in the EU. This post provides an overview of the proposed revisions.

4 min Public Policy

Principles for personal information security legislation

Rapid7's principles for laws to protect personal information: 1) Strong but flexible security requirements; 2) Security exemptions from privacy restrictions; 3) State preemption without undermining cybersecurity.

2 min Public Policy

Congress unanimously passes federal IoT security law

Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.

3 min Ransomware

Ransomware Payments and Sanctions - U.S. Treasury Advisory

The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.

5 min Public Policy

A step closer to stronger federal IoT security

The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.

2 min Public Policy

Rapid7 joins CFAA brief to the Supreme Court

Should it be a federal hacking crime to disobey your workplace computer use policy, or a website's terms of service? A broad interpretation of the CFAA would have far-reaching legal implications for beneficial security research and even ordinary internet behavior.

2 min COVID-19

Resources on the Main Street Lending Program to Support Small and Mid-Sized Businesses

The recent stimulus legislation - the “CARES Act” - allocated up to $600 billion for a new Main Street Lending Program to provide relief to small and mid-sized businesses impacted by the COVID-19 pandemic. Here are some resources on the program.

3 min COVID-19

Financial resources for small businesses grappling with COVID-19

Congress recently passed the CARES Act to help American businesses during the COVID-19 pandemic. The CARES Act established several assistance programs for small businesses. This post provides an overview of these programs, with links to additional information.

4 min Public Policy

Cybersecurity Vulnerability Disclosure in Trade Agreements

Modern trade agreements should incorporate cybersecurity vulnerability disclosure. Here are Rapid7’s thoughts on how to do that and why.

5 min Public Policy

Hackers On The Hill - Slides and recap on cybersecurity policy

Recap of a presentation on the state of public policy related to cybersecurity and hacking from Hackers On The Hill 2020.

4 min Government

An update on trade

In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.

3 min Public Policy

What Is Texas Senate Bill 820, and How Will It Affect Your School District?

In this post, we share how SB 820 will affect your school and district, and how you can respond by selecting a framework to improve your security program.

4 min Public Policy

Expanded Protections for Security Researchers Under DMCA Sec. 1201

The Library of Congress announced that it would renew and expand legal protections for security testing under Section 1201 of the Digital Millennium Copyright Act (DMCA).

6 min Public Policy

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

In this post, we aim to distinguish between three broad flavors of CVD processes based on authorization, incentives, and resources required. We also urge wider adoption of foundational processes before moving to more advanced and resource-intensive processes.

5 min Public Policy

Communicating IoT Security Update Capability

What is the essential information that manufacturers should communicate to consumers about security updates for Internet of Things (IoT) devices?