Author Archive

Mariam Baksh

Senior Correspondent

Mariam Baksh
Mariam Baksh reports on the development of federal cybersecurity policy for Nextgov. She started covering technology governance in 2014, during the heat of the Net Neutrality debate, and focused her graduate studies at American University on investigative journalism.
IT Infrastructure

National Cyber Director: Mandates coming to secure commercial information technology

An event hosted by the leading trade association for major tech vendors highlighted what has so far been an impasse between government and industry on cybersecurity policy.


DOD recommends NIST align frameworks for cybersecurity risk management

An effort to update the framework for securing critical infrastructure from cyberattack is coming face to face with issues that have plagued the Commerce agency from the beginning.

Emerging Tech

CISA, DOD report gaps for agencies assessing 5G security risks

Agency officials identified a lack of guiding standards for determining and mitigating risk from certain implementations of the technology and advised agencies to proceed with caution, employing penetration tests accordingly.


CISA wants feedback on upcoming software transparency requirement

The agency has identified four topics—including considerations for cloud and online applications—it wants to hear more about from stakeholders. 


State Secretary makes case for tech-centered strategy to counter China

The secretary delivered a speech outlining the administration’s policy toward Beijing as Congress tries to reconcile legislation that would provide at least $50 billion to increase domestic production of semiconductors.


CISA orders agencies to mitigate VMWare vulnerabilities under deadline

Advanced adversaries appear to be exploiting the vulnerabilities to get around multifactor authentication.


Key convener releases plan for securing open source software with White House

A crucial entity within the open source ecosystem is urging prioritization of libraries that support widespread applications like internet routing, among other things.


US and allies attribute attack on U.S. satellite provider in Ukraine to Russia

Officials are highlighting significant spillover effects from the attack—including damage to infrastructure supporting wind farms—into Central Europe.


NSA chief: Cyber Command did 9 international missions last year

The dual-hatted head of the spy agency and military command has been conducting proactive missions to diffuse cyber threats to U.S. elections and other critical infrastructure and stressed the importance of artificial intelligence to advance those efforts.

Emerging Tech

Microsoft, DOD partners celebrate cooperative research and development agreement

The company may have the chance to negotiate exclusive intellectual property rights—with an exception for the government—to innovations emerging from the collaboration.


CISA add industrial control specialists to Joint Cyber Defense Collaborative

Companies in the space are trying to shape public policy and push for money agencies can use to—among other things—track their devices and other assets.


What CISA wants critical infrastructure partners to report on cyber incidents

A new guide provides clues into how the agency might be thinking of crucial details, such as what should count as an “incident” under a new law.

Emerging Tech

Private sector player urges DOD to screen 5G technology for cybersecurity

The Pentagon is offering cash prizes for hardware or software ideas to make various components of fifth-generation networking technology interoperable across various manufacturers.


CISA director details growing threat to maritime transportation sector 

Cybersecurity professionals are noting the possibility of Russia reprising a watershed attack on the shipping industry to hit back against the U.S. economy.


White House warns of potential Russian cyberattack based on new intel

Officials, distressed by the continued lack of cybersecurity basics implemented in the private sector, issued “a call to action.”


Cyber-incident reporting legislation clears House in bipartisan spending bill

The bill, attached to government funding legislation, now moves to the Senate, which recently passed the same incident reporting provisions separately by unanimous consent.


CISA warns of ransomware gang, issues indicators of compromise

Processes spurring from the Ragnar Locker Ransomware have affected at least 52 critical infrastructure victims since January, but will terminate if it encounters systems in certain Russian and near-Russian locations.


NSA stresses vendor diversification in network segmentation guidance

Robust firewalls within and around a network are especially important in environments incorporating industrial control systems, which have been targeted in Russian state-sponsored operations.


Russia-Ukraine conflict could push major cybersecurity legislation past finish line

The threat of Russian retaliation against the west is front-of-mind with Senate passage of key bills to require reports of ransomware payments and other cybersecurity incidents to the government, overhaul FISMA and codify FedRAMP.