Executive Order (EO) 14117 is a national security rule intended to mitigate national security risks posed by threat countries’ access to sensitive personal data and government-related data.
The EO directed the U.S....more
2/3/2025
/ Biden Administration ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
Final Rules ,
National Security ,
Regulatory Requirements ,
Trump Administration
U.S. federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) (in coordination with similar agencies in Australia,...more
12/16/2024
/ Australia ,
Canada ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
FBI ,
FCC ,
National Security ,
National Security Agency (NSA) ,
New Zealand ,
Telecommunications ,
USTelecom
In October 2024, the U.S. Department of Justice (DOJ) issued a 420-page Notice of Proposed Rulemaking (NPRM) to implement Executive Order (EO) 14117, which directed DOJ to issue implementing regulations and directed the U.S....more
12/4/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Comment Period ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
Notice of Proposed Rulemaking (NOPR) ,
Privacy Laws ,
Public Comment ,
Sensitive Personal Information
As the holiday shopping season kicks into high gear, it also becomes a prime opportunity for cybercriminals to target retailers, their suppliers, and their customers. As The Hacker News reports, criminal use of artificial...more
11/22/2024
/ Artificial Intelligence ,
Bots ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Holidays ,
Incident Response Plans ,
Retail Market ,
Retailers ,
Risk Management ,
Scams ,
Suppliers ,
Technology Sector
The U.S. Securities and Exchange Commission (SEC) adopted final rules on July 26, 2023, requiring public companies to provide current disclosure, within what may be a short time window, about material cybersecurity incidents...more
8/8/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
XBRL Filing Requirements
The Biden Administration recently reaffirmed its continued focus on cybersecurity by announcing an Implementation Plan for the National Cybersecurity Strategy (the Plan). The Plan provides a roadmap covering the policies and...more
8/2/2023
/ Biden Administration ,
Cloud Service Providers (CSPs) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Domain Names ,
Environmental Protection Agency (EPA) ,
Internet of Things ,
National Security ,
Personal Data ,
Reporting Requirements ,
TSA
Following the release of President Biden’s National Cybersecurity Strategy, Acting National Cyber Director Kemba Walden explained that the Biden Administration is “expecting more” from owners and operators in critical...more
3/24/2023
/ Aviation Industry ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Environmental Protection Agency (EPA) ,
Government Entities ,
NIST ,
Private Sector ,
Risk Assessment ,
Risk Management ,
Technology ,
TSA ,
Water
In late January, the Federal Energy Regulatory Commission (FERC) published a final rule directing the North American Electric Reliability Corporation (NERC) to develop and submit modified reliability standards for internal...more
3/8/2023
/ Bulk Electric System ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Electricity ,
Energy Policy ,
FERC ,
Final Rules ,
NERC ,
Regulatory Agenda ,
Risk Management
“Continued disruptions of critical infrastructure and thefts of personal data make clear that market forces alone have not been enough to drive broad adoption of best practices in cybersecurity and resilience.”
National...more
3/3/2023
/ Biden Administration ,
Cloud Service Providers (CSPs) ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Environmental Protection Agency (EPA) ,
Legislative Agendas ,
National Security ,
New Legislation ,
Private Sector ,
Regulatory Authority ,
TSA
Background Critical infrastructure providers confront unique cyber threats. The use of operational technology (OT) introduces risks that arise from, for example, legacy equipment that cannot readily be patched, updated, or...more
2/10/2023
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Railroad Administration ,
Mitigation ,
Owner-Operators ,
Popular ,
Railways ,
Regulatory Authority ,
Regulatory Requirements ,
TSA
President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities. It also establishes a redress mechanism for residents of qualifying states who...more
10/11/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Critical Infrastructure Sectors ,
Cybersecurity ,
EU ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
National Security ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Surveillance
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more
9/13/2022
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Joe Biden ,
National Security ,
New Legislation ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
Rulemaking Process
As cybersecurity threats to the private and public sectors increase, the government has continued its efforts to enhance cybersecurity outside of government-controlled systems. On March 9, 2022, the U.S. Securities and...more
4/15/2022
/ Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
The U.S. government has steadily increased its warnings about malicious cyber activity by Russia and other sophisticated persistent adversaries. Following several warnings from the Federal Bureau of Investigation (FBI) and...more
3/30/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
FBI ,
Incident Response Plans ,
Popular ,
Risk Management ,
Russia ,
Securities and Exchange Commission (SEC) ,
Technology ,
Threat Management