Posts tagged Public Policy

6 min Public Policy

Overview of the EU’s draft NIS 2 Directive

The EU Commission proposed revisions to its NIS Directive that would enhance cybersecurity requirements on critical infrastructure-like organizations in the EU. This post provides an overview of the proposed revisions.

4 min Public Policy

Principles for personal information security legislation

Rapid7's principles for laws to protect personal information: 1) Strong but flexible security requirements; 2) Security exemptions from privacy restrictions; 3) State preemption without undermining cybersecurity.

2 min Public Policy

Congress unanimously passes federal IoT security law

Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.

3 min Ransomware

Ransomware Payments and Sanctions - U.S. Treasury Advisory

The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.

5 min Public Policy

A step closer to stronger federal IoT security

The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.

6 min Public Policy

Internet of Things Cybersecurity Regulation and Rapid7

Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.

3 min Public Policy

Rapid7 statement on privacy and status of EU-US data transfers post-Schrems II

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in the Schrems II case (also known as Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems). Here is our response.

2 min Public Policy

Rapid7 joins CFAA brief to the Supreme Court

Should it be a federal hacking crime to disobey your workplace computer use policy, or a website's terms of service? A broad interpretation of the CFAA would have far-reaching legal implications for beneficial security research and even ordinary internet behavior.

4 min Public Policy

Cybersecurity Vulnerability Disclosure in Trade Agreements

Modern trade agreements should incorporate cybersecurity vulnerability disclosure. Here are Rapid7’s thoughts on how to do that and why.

5 min Public Policy

Hackers On The Hill - Slides and recap on cybersecurity policy

Recap of a presentation on the state of public policy related to cybersecurity and hacking from Hackers On The Hill 2020.

4 min Government

An update on trade

In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.

3 min Public Policy

What Is Texas Senate Bill 820, and How Will It Affect Your School District?

In this post, we share how SB 820 will affect your school and district, and how you can respond by selecting a framework to improve your security program.

6 min Public Policy

How to Join in on the Cybersecurity Policy Conversation at DEF CON

In a recent episode of Security Nation, Meg King and Beau Woods talked about how to build better collaboration between the security community and policymakers on the Hill.

8 min Public Policy

The IoT Cybersecurity Improvement Act of 2019

In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.

3 min Cloud Security

Automation You Can Trust: Remediating Cloud Misconfigurations and Policy Violations in Real Time

Automated remediation can be an effective tool for ensuring system security. There are few things more distressing than having a remediation tool that’s intended to avoid disaster inadvertently create one.