Posts tagged Public Policy

4 min Government

An update on trade

In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.

3 min Public Policy

What Is Texas Senate Bill 820, and How Will It Affect Your School District?

In this post, we share how SB 820 will affect your school and district, and how you can respond by selecting a framework to improve your security program.

6 min Public Policy

How to Join in on the Cybersecurity Policy Conversation at DEF CON

In a recent episode of Security Nation, Meg King and Beau Woods talked about how to build better collaboration between the security community and policymakers on the Hill.

8 min Public Policy

The IoT Cybersecurity Improvement Act of 2019

In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.

3 min Cloud Security

Automation You Can Trust: Remediating Cloud Misconfigurations and Policy Violations in Real Time

Automated remediation can be an effective tool for ensuring system security. There are few things more distressing than having a remediation tool that’s intended to avoid disaster inadvertently create one.

4 min Public Policy

Expanded Protections for Security Researchers Under DMCA Sec. 1201

The Library of Congress announced that it would renew and expand legal protections for security testing under Section 1201 of the Digital Millennium Copyright Act (DMCA).

6 min Public Policy

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

In this post, we aim to distinguish between three broad flavors of CVD processes based on authorization, incentives, and resources required. We also urge wider adoption of foundational processes before moving to more advanced and resource-intensive processes.

5 min Public Policy

Communicating IoT Security Update Capability

What is the essential information that manufacturers should communicate to consumers about security updates for Internet of Things (IoT) devices?

6 min Public Policy

Updating Data Security Laws - A Starting Point

A baseline requirement for commercial data security is often part of discussions on privacy and breach notification regulations. This issue deserves close attention to ensure any security regulation is both effective at protecting users while staying flexible enough to be practicable.

3 min Public Policy

Georgia should not authorize "hack back"

[Update 05/09/18: Georgia Governor Deal vetoed SB 315. In a thoughtful veto statement [https://gov.georgia.gov/press-releases/2018-05-08/deal-issues-2018-veto-statements] , the Governor noted that the legislation raised "concerns regarding national security implications and other potential ramifications," and that "SB 315 may inadvertently hinder the ability of government and private industries" to protect against breaches. The statement expressed interest in working with the cybersecurity and l

6 min Public Policy

UK NCSC's "Active Cyber Defence" Brings New Hope To Our Combined Fight Against Cybercrime

This week the UK National Cyber Security Centre (NCSC) released their first report [https://www.ncsc.gov.uk/information/active-cyber-defence-one-year] on the year one results of their "Active Cyber Defence" (ACD) initiative. And, they're amazing. The ACD program came out of an 2016 effort to re-think, re-imagine and re-tool cybersecurity efforts across the UK. The ACD “aspires to protect the majority of people in the UK from the majority of the harm, caused by the majority of the attacks, for

3 min Public Policy

NIST Cyber Framework Updated With Coordinated Vuln Disclosure Processes

A key guideline for cybersecurity risk management now includes coordinated vulnerability disclosure and handling processes. This revision will help boost adoption of processes for receiving and analyzing vulnerabilities disclosed from external sources, such as researchers.

2 min Public Policy

FCC Repeals Net Neutrality: What Now?

[Update 05/16/18: The US Senate passed a resolution [https://www.markey.senate.gov/imo/media/doc/CRA%20Net%20Neutrality%20.pdf], led by Sen. Ed Markey, to reject the FCC rule that repealed net neutrality. Rapid7 supports the resolution and other efforts to effectively reinstate net neutrality safeguards.] This week, Rapid7 hosted an event [https://www.rapid7.com/lp/net-neutrality/index.html] with Massachusetts’ Edward J. Markey and a number of Boston’s technology and business leaders to protest

2 min Public Policy

Welcome transparency on US government's process for disclosing vulnerabilities

The White House recently released details on the US government's process for disclosing - or retaining - zero-day vulnerabilities. The new VEP charter provides answers to several key questions, but it remains to be seen how it will operate in practice.

4 min Public Policy

Cybersecurity for NAFTA

When the North American Free Trade Agreement (NAFTA) was originally negotiated, cybersecurity was not a central focus. NAFTA came into force – removing obstacles to commercial trade activity between the US, Canada, and Mexico – in 1994, well before most digital services existed. Today, cybersecurity is a major economic force – itself a large industry and important source of jobs, as well as an enabler of broader economic health by reducing risk and uncertainty for businesses. Going forward, cybe