The Chairwoman of the Federal Communications Commission recently articulated a new vision of that agency’s role in the nation’s cybersecurity. The FCC, as an independent agency with a relatively discrete set of regulatory...more
For years, federal cyber policy has been based on successful public-private partnerships, collaboration, and the promotion of voluntary standards that can be tailored to sector and organization-specific risk and needs....more
1/16/2023
/ Critical Infrastructure Sectors ,
Customer Proprietary Network Information (CPNI) ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Disclosure Requirements ,
Emerging Technology Companies ,
Federal Trade Commission (FTC) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
NDAA ,
Popular ,
Regulatory Agencies ,
Risk Management ,
Securities and Exchange Commission (SEC)
On August 29, 2022, the Maryland Court of Appeals issued its opinion in Richardson v. Maryland, expanding the protection of the Fourth Amendment for subjects of criminal investigations whose cell phones are subject to a...more
NIST continues to work on several cybersecurity and privacy workstreams of interest to the private sector. While NIST has traditionally supported federal agencies’ IT security, over the past several years it has taken on (and...more
On July 29, 2022, the New York Department of Financial Services (DFS) released Draft Amendments to its Part 500 Cybersecurity Rules. These changes are open for a preliminary public comment until August 18, and then an...more
8/17/2022
/ Chief Information Security Officer (CISO) ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Financial Institutions ,
Financial Services Industry ,
Multi-Factor Authentication ,
New York ,
Popular ,
Proposed Amendments ,
Securities and Exchange Commission (SEC)
This term, in West Virginia v. EPA, the U.S. Supreme Court held that the U.S. Environmental Protection Agency (EPA) could not compel a nationwide shift away from coal-powered electricity generation. The Court reasoned that it...more
Public comments in an ongoing cybersecurity proceeding at the National Institute of Standards and Technology (NIST) highlight the utility of a foundational cybersecurity document while also providing suggestions for its...more
In March 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requiring critical infrastructure to report significant cyber incidents and ransomware payments to the Cybersecurity...more
Join us to discuss effective approaches to managing due diligence on privacy and cybersecurity issues across transactions. Companies considering acquisitions or joint ventures will need to engage in effective management of...more
5/9/2022
/ Acquisitions ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Due Diligence ,
Information Governance ,
Joint Venture ,
Popular ,
Risk Management ,
Webinars
Wiley Partner Megan Brown sits down with Tatyana Bolton, the Policy Director, Cyber Security and Threats at the R Street Institute, to discuss mandatory cyber incident reporting. They discuss how recent legislation and...more
The National Institute of Standards and Technology (NIST) has kicked off the process for revamping its flagship cybersecurity guidance document – the Framework for Improving Critical Infrastructure Cybersecurity (CSF), which...more
Late 2021 and early 2022 have been full of federal government activity related to cybersecurity incident reporting. Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 to require mandatory...more
3/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Department of Homeland Security (DHS) ,
Popular ,
Securities and Exchange Commission (SEC) ,
TSA
What: Publicly traded companies may soon be subject to additional cybersecurity reporting requirements. On March 9, 2022, the Securities and Exchange Commission (SEC) proposed rules and amendments to enhance and standardize...more
What: On February 23, 2022, the National Security Telecommunications Advisory Committee (NSTAC) approved a final draft of its forthcoming report to the President on Zero Trust and Trusted Identity Management. ...more
2/28/2022
/ Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Multi-Factor Authentication ,
National Security ,
NIST ,
NSTAC ,
OMB ,
Popular ,
Risk Management ,
Telecommunications
What: Cleared Defense Contractors (CDCs) are being actively targeted by Russian state-sponsored cyber activity, according to a Joint Cybersecurity Advisory from the Federal Bureau of Investigation (FBI), National Security...more
2/17/2022
/ Bad Actors ,
Controlled Unclassified Information (CUI) ,
Critical Infrastructure Sectors ,
Cyber Weapons ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Information Sharing Act (CISA) ,
Defense Sector ,
Department of Defense (DOD) ,
FBI ,
Federal Contractors ,
Information Technology ,
Intelligence Services ,
Multi-Factor Authentication ,
NIST ,
Passwords ,
Popular ,
Russia ,
Sensitive Business Information ,
Subcontractors ,
Technology Sector
Federal agencies have been actively looking at cyber threats to critical infrastructure. In a January 27 announcement the White House said: “it will extend the Industrial Control Systems (ICS) Cybersecurity Initiative to the...more
1/28/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Environmental Protection Agency (EPA) ,
Information Technology ,
Joe Biden ,
NDAA ,
Pipelines ,
Popular ,
Railways ,
Ransomware ,
Wastewater ,
Water ,
Wiretap Act
What: The Transportation Security Administration (TSA) has issued two Security Directives aimed at passenger and freight railroad cybersecurity, continuing the government’s move to an increasingly regulatory approach to...more
12/6/2021
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Enforcement Actions ,
Espionage ,
National Security ,
NIST ,
Owner-Operators ,
Popular ,
Railroads ,
Risk Assessment ,
Transportation Security Administration ,
TSA ,
Unauthorized Access
What: On November 16, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released Federal Government Cybersecurity Incident and Vulnerability Playbooks as part of the Biden Administration’s efforts to improve...more
11/18/2021
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Popular ,
Private Sector ,
Technology Sector
The Cybersecurity and Infrastructure Security Agency (CISA) issued a sweeping binding directive to federal agencies to patch hundreds of cybersecurity vulnerabilities that are considered major risks for cyber actors to cause...more
11/9/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Hackers ,
National Security ,
Popular ,
Private Sector ,
Technology Sector
WHAT: On November 4, 2021, the U.S. Department of Defense (DOD) announced the completion of a months-long internal review and significant changes to the strategic direction of its Cybersecurity Maturity Model Certification...more
11/8/2021
/ Controlled Unclassified Information (CUI) ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
NIST ,
Popular
On May 12, the Biden Administration issued an Executive Order (EO) setting in motion an ambitious plan to rapidly strengthen the cybersecurity posture of the Federal government and its contractors, service providers, and...more
There is a growing clamor in Congress and the Executive Branch to do something after the Colonial Pipeline incident and other high-profile cyber-attacks. Rushing to impose broad new obligations is perilous. Policymakers...more
In the last few years, thousands of businesses, hospitals, school districts, local governments, and other entities have fallen victim to ransomware. Several government and quasi-government groups are looking to take action....more
Utah has become the second state to establish a legal safe harbor for private-sector entities that follow certain cybersecurity best practices. On March 11, 2021, Utah’s Governor Spencer Cox signed into law the Cybersecurity...more
The National Institute of Standards and Technology (NIST) has been an active driver of Internet of Things (IoT) cybersecurity efforts for several years, convening stakeholders from the federal government and the private...more