If you follow government cybersecurity activity, you recognize that this October has been more than just Cybersecurity Awareness Month; it has been Cybersecurity Policy Proposal Month. Most prominently, the Deputy National Security Adviser for Cyber & Emerging Tech Anne Neuberger made significant waves in mid-October when she announced the administration’s aims to use existing regulatory frameworks to raise the level of cybersecurity requirements for the Rail, Aviation, Health and Water sectors as well as aspects of early warning communications. Neuberger also indicated desire to place increased requirements on critical manufacturing, emergency services, and information technology critical infrastructure companies in the future.
Neuberger’s proposals, echoed by department and agency leaders with regulatory authority, arrive at the same time that the Cybersecurity and Infrastructure Security Agency (CISA) is hosting listening sessions related to implementing new incident reporting authorities passed by Congress earlier this year. At the same time, CISA is asking for feedback on a list of proposed performance goals (
