On December 18, the Securities and Exchange Commission's (SEC) new disclosure requirements go into effect and will require public companies to publicly report material cybersecurity incidents within four days of making a...more
12/12/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Governance Standards ,
National Security ,
Public Safety ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
The Black Cat/ALPHV ransomware group filed a complaint with the U.S. Securities and Exchange Commission (SEC) to allege that one of their victims failed to disclose a cyberattack to the SEC within four days, reports Bleeping...more
Information sharing has seemed like the “holy grail” of federal cyber policy: sought after but elusive, especially to those who think it will solve their problems. At a time of increased regulation and looming mandates for...more
Wiley’s cyber team talks about cyber incident reporting after a new report from DHS advising Congress on duplication of reporting regimes. With over 50 reporting requirements spread over 20 agencies, federal agencies and the...more
Cybersecurity continues to be top of mind for federal and state policymakers. This advisory identifies and analyzes some major recent developments that present opportunities and challenges in the coming months for a broad...more
8/4/2023
/ Biden Administration ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Department of Defense (DOD) ,
Disclosure Requirements ,
FCC ,
Federal Agency Taskforce ,
Oil & Gas ,
OIRA ,
Pipelines ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
TSA
Public companies will soon face new cybersecurity disclosure requirements from the Securities and Exchange Commission (SEC), which voted last week to approve a controversial new cybersecurity rule. The final rule—which is...more
8/2/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On March 2, 2023, the White House Office of the National Cyber Director (ONCD) released the National Cybersecurity Strategy (“Strategy”). The Strategy outlines the Administration’s priorities for cyber regulations and policy....more
The White House released the long-anticipated National Cybersecurity Strategy on March 2, 2023 setting out five (5) pillars articulating key themes and Administration priorities. Coming more than two years into the Biden...more
3/2/2023
/ Biden Administration ,
CIRC ,
Corporate Counsel ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Justice (DOJ) ,
Executive Orders ,
FBI ,
IaaS ,
Information Technology ,
National Security ,
NIST ,
Popular ,
Ransomware
Most of the world’s popular telecommunications services, like social media platforms and message services, operate within the United States, but many operate overseas as well. Law enforcement in the United States and...more
Join us for a webinar where we will focus on the details of the recently finalised and published Executive Order to Implement the European Union-U.S. Data Privacy Framework. Alongside Alex Brown of UK-headquartered...more
10/25/2022
/ Biden Administration ,
Binding Corporate Rules ,
Data Collection ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
Webinars
On October 7, 2022, President Biden signed the Enhancing Safeguards for United States Signals Intelligence Activities Executive Order (Executive Order or EO), which implements the EU-U.S. Data Privacy Framework (EU-U.S. DPF)....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Transfers ,
Department of Justice (DOJ) ,
EDPS ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
Joe Biden ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
U.S. Commerce Department
On August 29, 2022, the Maryland Court of Appeals issued its opinion in Richardson v. Maryland, expanding the protection of the Fourth Amendment for subjects of criminal investigations whose cell phones are subject to a...more
Congress has directed the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to create broad new rules for mandatory cyber incident reporting to be imposed on critical...more
Lyn Brown sits down with Kristina Walter, Chief of the Defense Industrial Base Cybersecurity within the National Security Agency’s Cybersecurity Collaboration Center, and Ben Kastan who is the Associate General Counsel for...more
Director of National Intelligence (DNI) Avril Haines was interviewed by Michele Flournoy, Co-Founder and Managing Partner at WestExec Advisors and former Under Secretary of Defense for Policy, on the first day of the RSA...more
Day 3 at RSA Conference 2022 was filled with fascinating discussions on enhancing our cyber defenses to defeat the ever-proliferating spate of increasingly common and expensive ransomware attacks....more
Day 2 at the RSA Conference brought us an interesting discussion of fighting covert foreign influence while protecting free expression in the United States with panelists from U.S. Central Command, U.S. Cyber Command, and Red...more
I am at the RSA Conference 2022 in San Francisco, my first time as a member of the private sector, since retiring from the FBI last year. I attended one of the keynotes on the first day of the conference, in between panels on...more
6/7/2022
/ Coronavirus/COVID-19 ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Hackers ,
Information Technology ,
Multi-Factor Authentication ,
Oil & Gas ,
Popular ,
Ransomware ,
Russia ,
Ukraine
The headlines scream: “FBI made 3.4M warrantless U.S. data searches,” claiming that the FBI carried out nearly 3.4 million warrantless searches of Americans’ electronic data that was collected as part of the government’s...more
Public comments in an ongoing cybersecurity proceeding at the National Institute of Standards and Technology (NIST) highlight the utility of a foundational cybersecurity document while also providing suggestions for its...more
In March 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requiring critical infrastructure to report significant cyber incidents and ransomware payments to the Cybersecurity...more
Public comments on updating the National Institute of Standards and Technology’s (NIST), the Framework for Improving Critical Infrastructure Cybersecurity (CSF), highlight private and public sector interest in this core...more
Late 2021 and early 2022 have been full of federal government activity related to cybersecurity incident reporting. Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 to require mandatory...more
3/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Department of Homeland Security (DHS) ,
Popular ,
Securities and Exchange Commission (SEC) ,
TSA
What: On March 9, 2022 President Biden signed an Executive Order (EO) on digital assets, including cryptocurrencies, and the possible creation of Central Bank Digital Currencies (CBDC) for a digital form of the country’s...more
What: Publicly traded companies may soon be subject to additional cybersecurity reporting requirements. On March 9, 2022, the Securities and Exchange Commission (SEC) proposed rules and amendments to enhance and standardize...more