Public Policy
Resource Center

Cybersecurity is central to today’s most important technology, privacy policy and regulatory developments. CrowdStrike informs decision makers around the globe based on what it sees in the field and how it thinks the trends it observes today will affect the security environment tomorrow. We are at the forefront of these issues globally. Learn how CrowdStrike can help.

Highlights

CrowdStrike’s Privacy and Public Policy practice engages on some of the key issues at the intersection of security and technology policy.

Data Protection Compliance

Cybersecurity is central to data protection compliance obligations.

Learn how

Election security


Interference in democratic processes is on the rise globally. Here’s what we’re doing to help. Learn more

Countering Adversaries

Adam Meyers, Cristian Rodriguez and Morgan Adamski, NSA Cybersecurity Collaboration Center Chief, Discuss Evolved Approaches for Countering Adversaries

Watch now

Artificial Intelligence

Drew Bagley and Eric Hysen, DHS CIO and Chief AI Officer, Discuss Leveraging AI for the Defenders’ Advantage

Watch now

Protecting Democracy

Shawn Henry and Senator Mark Warner, Chairman of the U.S. Senate Select Committee on Intelligence, Discuss Threats to Global Democracy in 2024

Watch now

Concentration Risk

Drew Bagley at Washington Post Live: Next Steps for Ecosystem-Level Cybersecurity

Learn more

Recent Testimonies, Comments & Blogs

CrowdStrike engages with policymakers globally to advance the causes of privacy and cybersecurity. Select examples include:

Testimonies

Rob Sheldon Testimony

on “Examining Health Sector Cybersecurity” before the U.S. House Committee on Energy and Commerce, Subcommittee on Health



Rob Sheldon Testimony

on "Intellectual Property and Strategic Competition with China: Part III - IP Theft, Cybersecurity, and AI” before the U.S. House Judiciary Subcommittee on Courts, Intellectual Property, and the Internet



Rob Sheldon Testimony

on “Evaluating CISA’s Federal Civilian Executive Branch Cybersecurity Programs” before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection

Drew Bagley Testimony

on “CISA 2025: The State of American Cybersecurity from a Stakeholder Perspective” before the U.S. House of Representatives Committee on Homeland Security, Subcommittee on Cybersecurity and Infrastructure Protection



Zeki Turedi Call for Evidence

on “Inquiry into Ransomware” before the UK Joint Committee on the National Security Strategy



Rob Sheldon Testimony

on “Protecting American Innovation” before the U.S. Senate Intelligence Committee


Adam Meyers Testimony

on “Mobilizing our Cyber Defenses and Securing Critical Infrastructure Against Russian Cyber Threats” before the U.S. House Committee on Homeland Security



George Kurtz Testimony

on “Cybersecurity and Supply Chain Threats” before the U.S. Senate Select Committee on Intelligence

Request for Comment Responses

Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) (July 2024)

Revised New York Hospital Cybersecurity Requirements (June 2024)

Department of Justice AI EO Comment (May 2024)

Cybersecurity in the Marine Transportation System (May 2024)

2023–2030 Australian Cyber Security Strategy: Legislative Reforms Consultation Paper (March 2024)

New York Hospital Cybersecurity Requirements (February 2024)

NIST AI EO Comment (February 2024)

Consumer Financial Protection Bureau Personal Financial Data Rights (December 2023)

OMB Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence Draft Memorandum (December 2023)

FCC Libraries Cybersecurity Pilot Program (December 2023)

Brazil ANDP International Data Transfer Regulation (September 2023)

Singapore Use of Personal Data in AI Systems (August 2023)

New York Financial Sector Cybersecurity Requirements (August 2023)

Kingdom of Saudi Arabia Data Transfer Law (July 2023)

Kingdom of Saudi Arabia Personal Data Protection Law (July 2023)

Safe and Responsible AI in Australia Discussion Paper (July 2023)

EU Cyber Solidarity Act (July 2023)

White House OSTP National Priorities for Artificial Intelligence (July 2023)

NIST Cybersecurity Framework 2.0 Core Discussion Draft (May 2023)

SEC Cybersecurity Risk Management Proposed Rule (May 2023)

Australia 2023-2030 Cyber Security Strategy (April 2023)

Australia Privacy Act Review Report (March 2023)

California CPPA Cyber Comments (March 2023)

NIST 2.0 Comments (March 2023)

FCC E-Rate Comments (February 2023)

FCC Data Breach Requirement Comments (February 2023)

TSA Enhancing Surface Cyber Risk Management (January 2023)

Proposed Second Amendment to 23 NYCRR Part 500: Cybersecurity Requirements for Financial Services Companies (January 2023)

India's Digital Personal Data Protection Bill 2022 (December 2022)

Cyber Incident Reporting for Critical Infrastructure Act of 2022 (November 2022)

Office of the National Cyber Director (ONCD) Cyber Workforce, Training, and Education (November 2022)

Brazil ANDP: International Transfers of Personal Data (June 2022)

CISA Secure Cloud Business Applications (SCuBA) Technical Reference Architecture (TRA) (May 2022)

European Union Data Act (May 2022)

Proposal for New Telecoms Security Regulations and Code of Practice (May 2022)

Securities and Exchange Commission (SEC): Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (May 2022)

Consultation on Draft Regulations to Saudi Arabia’s Personal Data Protection Law (March 2022)

Zero Trust Maturity Model (October 2021)

Cloud Security Technical Reference Architecture (October 2021)

Federal Zero Trust Strategy (September 2021)

Modernizing Privacy in Ontario, Canada (September 2021)

Strengthening Australia's Cybersecurity Regulations and Incentives (August 2021)

Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software (August 2021)

Software Bill Of Materials Elements & Considerations (June 2021)

Cybersecurity - Uniform Rules for EU institutions, bodies and agencies (January 2021)

Public Consultation on Data protection - standard contractual clauses for transferring personal data to non-EU countries (implementing act) (December 2020)

Public Consultation on the European Data Protection Board Guidelines (October 2020)

Cyber and Critical Technology International Engagement Strategy (CCTIES), Australia (June 2020)

Public Consultation on the EU’s General Data Protection Regulation (GDPR) (April 2020)

Blogs

Achieving Ecosystem-level Cybersecurity: A U.S. Policy Perspective

Data Protection Day 2024: As Technology and Threats Evolve, Data Protection Is Paramount

Embracing the Whole-of-State Approach to Cybersecurity

The Biden EO on AI: A Stepping Stone to the Cybersecurity Benefits of AI

Three Recommendations for a Next-Generation Cybersecurity Framework

Prevention Is the Best Preparation for the SEC’s New Breach Disclosure Rules

How to Establish Cross-Border Transfer Systems that Help Protect Privacy

CrowdStrike Congressional Testimony: 5 Recommendations to Secure the Public Sector

Data Protection Day 2023: Misaligned Policy Priorities Complicate Data Protection Compliance

Four Takeaways as the European Union's General Data Protection Regulation (GDPR) Turns 4

Data Protection 2022: New U.S. State Laws Reflect Convergence of Privacy and Security Requirements

Data Protection Day 2022: To Protect Privacy, Remember Security

Data Protection Does Not Exist Without Data Security

New Cybersecurity Executive Order: What It Means for the Public Sector

Videos, Webinars, Talks & Podcasts

We have additional resources covering specialized topics and issues. See here:





Rob Sheldon on CyberScoop to discuss zero trust implementation

CrowdStrike-American University-Wiley Rein LLP Joint Podcast: “Start Here: Cyber Public Policy Fundamentals” on cyber policy 101

Drew Bagley on the Adversary Universe Podcast to discuss the SEC’s new incident reporting regulations

Christoph Bausewein on "Data Protection - Minimizing Financial Risks with a Strong Security Concept" Podcast (in German)

Christoph Bausewein on German Data Protection Law Firm Härting Podcast (in German)

Drew Bagley on Cyber Security Connect Australia Podcast

CrowdCast: The SEC Has Spoken: Aligning to the New Rules on Cybersecurity

Drew Bagley on Securing Cyberspace- Next Generation of Threats, Washington Post Live

Rob Sheldon on Public-Private Collaboration at the 2023 US Cyber Command Legal Conference

Podcast: Adam Meyers on the Cyber Threat Landscape- Cipher Brief Open Source Report (Jan 16-20, 2023)

Talk: Adam Meyers on Securing Cyberspace - Global Cybersecurity Landscape, Washington Post Live

Webinar: Workshop on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software

Podcast: Data Protection & Data Security: Two Sides of the Same Coin

Webinar: Navigating Data Protection with a Newly Deployed Remote Workforce

Webinar: USAID Digitalization & Cybersecurity series

Data Sheet: Quick Start Guide To Securing Cloud-Native Apps

Committees & Memberships

CrowdStrike representatives serve on a number of boards and committees. CrowdStrike also belongs to a number of trade associations.
These include:





Alliance for Digital Innovation

American Chamber of Commerce in Germany

BITKOM

Bundesverband der Datenschutzbeauftragten Deutschlands (BvD) e.V.

Cross Border Data Forum

DNS Research Federation

European Data Protection Board (EDPB) Pool of Experts

Europol EC3 Advisory Group on Internet Security

European Federation of Data Protection Officers

German Bundesverband - Security in Industry and Commerce

Germany Economic Council (Wirtschaftsrat der CDU e.V.)

Germany Federal Office for Information Security-Alliance for Cyber Security

GovTech Campus Deutschland

Global Cyber Alliance

ICANN Competition, Consumer Choice, and Consumer Trust Review Team

Information Technology Industry Council

International Association of Privacy Professionals, KnowledgeNet

IAPP Privacy Engineering Section Advisory Board

IT Sector Coordinating Council

IT Security Association Germany (TeleTrust)

Japan Data Protection Officers Organization

Japan Electronics and Information Technology Industries Association (JEITA)

NASCIO Privacy & Data Protection Working Group

OneTrust PrivacyConnect Frankfurt Chapter

Partnership for a Secure America

The German Association for Data Protection and Data Security (GDD)

United States Artificial Intelligence Safety Institute

United States Department of State International Digital Economy and Telecommunication Advisory Committee

United States President’s National Security Telecommunications Advisory Committee’s (NSTAC) Addressing the Abuse of Domestic Infrastructure by Foreign Malicious Actors (Abuse of Domestic Infrastructure) Subcommittee

U.S Chamber of Commerce

Contact

POLICY@CROWDSTRIKE.COM

Start your free trial now.

Total protection has never been easier. Take advantage of our free 15-day trial and explore the most popular solutions for your business:

  • Protect against malware with next-gen antivirus.
  • Get unrivaled visibility with USB device control.
  • Simplify your host firewall management.
  • Receive real-time insights with automated threat intelligence.
Request free trial