Posts tagged Public Policy

4 min Public Policy

New US Law to Require Cyber Incident Reports

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. This post will walk through highlights from the new law.

4 min Public Policy

Prudent Cybersecurity Preparation for the Potential Russia-Ukraine Conflict

Fending off an attack from a well-resourced nation state is a nightmare scenario for cybersecurity teams. Here are some steps your organization can take to bolster its defenses.

6 min Ransomware

How Ransomware Is Changing US Federal Policy

The increased stakes of the ransomware threat are pushing regulators to take a harder look at whether regulatory requirements for cybersecurity safeguards are effective.

3 min 2022 Planning

2022 Planning: Simplifying Complex Cybersecurity Regulations

Cybersecurity regulations often require similar baseline security practices, even though the legislation may structure compliance requirements differently.

4 min Ransomware

3 Strategies That Are More Productive Than Hack Back

Hack back, as used by non-government entities, is problematic for many reasons. Here are 3 alternative strategies to thwart the attackers.

4 min Public Policy

Thawing Out the Chilling Effect Of DMCA Section 1201

The Copyright Office issued the latest rules on security research under DMCA Section 1201. Good news: researchers' legal protections have been strengthened with the removal of the "all other laws" requirement.

4 min Public Policy

Update to GLBA Security Requirements for Financial Institutions

The FTC updated cybersecurity requirements for financial institutions under GLBA. This includes access controls, regular penetration testing and vulnerability scanning, and incident response, among other things. Here we'll detail the changes in comparison to the previous rule.

10 min Ransomware

Ransomware: Is Critical Infrastructure in the Clear?

Is critical infrastructure in the clear, is it a specific target of ransomware attackers, or is it simply on the same footing as any other organization?

2 min Cybersecurity

Rapid7 Statement on the New Standard Contractual Clauses for International Transfers of Personal Data

Rapid7 is committed to upholding high standards of privacy and security for our customers, and we are pleased to be able to offer the New SCCs.

4 min Public Policy

Cybersecurity in the Infrastructure Bill

This post provides highlights on cybersecurity in recent infrastructure legislation. Cybersecurity is essential to ensure modern infrastructure is safe, and Rapid7 commends Congress and the Administration for including cybersecurity in the Infrastructure Investment and Jobs Act.

10 min Cybersecurity

Reforming the UK’s Computer Misuse Act

The CMA is the UK’s anti-hacking law, and we've ​provided feedback on the issues we see with the legislation.

11 min Public Policy

Hack Back Is Still Wack

The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.

3 min Public Policy

Rapid7 Joins Statement On DMCA Lawsuits Against Security Tools

Rapid7 joined a statement from cybersecurity community members urging against suppression of security tools and technologies using Section 1201 of the DMCA.

9 min Public Policy

Proposed security researcher protection under CFAA

Rapid7 views independent cybersecurity research and the security community as important drivers for advancing cybersecurity for all, a core value for Rapid7. One way we take action on this value is by supporting protection for security researchers acting in good faith.

2 min Public Policy

Supreme Court narrows CFAA

The Supreme Court interprets the CFAA narrowly. This avoids over-criminalizing cybersecurity research and commonplace internet activity, though may raise concerns about insider threats.