Today, the Department of Justice (“DOJ”) updated its policy regarding charging violations under the Computer Fraud and Abuse Act (“CFAA”). This is the first update to the DOJ’s policy since 2014, and it is effective...more
On February 9, 2022 the United States, United Kingdom, and Australia issued a joint Cybersecurity Advisory on the “Increased Globalized Threat of Ransomware” against critical infrastructure sectors (“Advisory”). The Advisory...more
As companies scramble to address the newly exploited, ubiquitous Log4j vulnerability, companies’ actions are now the potential source for government scrutiny. Our Privacy, Cyber & Data Security Team summarizes what the Log4j...more
Less than a month ago, a critical vulnerability was identified in the ubiquitous, open source Log4j tool prompting swift guidance from Cybersecurity and Infrastructure Security Agency (CISA) and other security practitioners. ...more
Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in...more
The Department of Defense (“DoD”) recently announced it will be revamping the nascent Cybersecurity Maturity Model Certification (“CMMC”) program pending two separate rulemaking processes. As detailed below, the DoD will be...more
Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams answer the questions government contractors will have about how to evaluate the False Claims Act risks signaled by the Department...more
On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the Department of Justice’s Civil Cyber-Fraud Initiative. The Department plans to use civil enforcement tools to “pursue…those who are...more
Yesterday, the Biden Administration issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems (“Memorandum”). A short summary is below. However, the primary take away is...more
On July 19, 2021, the Biden administration, along with a group of allies publicly accused the Chinese government of malicious cyber activities and irresponsible state behavior. The joint announcement states the U.S....more
7/21/2021
/ Biden Administration ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Espionage ,
FBI ,
Hackers ,
National Security Agency (NSA) ,
Popular ,
Risk Management
Our Privacy, Cyber & Data Strategy Team updates the slow progress of the Cybersecurity Maturity Model Certification and the slower progress of clearing assessment organizations that can actually certify contractors....more
Today, the Supreme Court issued a long-awaited decision in Van Buren v. United States interpreting the meaning of “exceeds authorized access” under the Computer Fraud and Abuse Act (“CFAA”)....more
In a lengthy Executive Order issued on May 12, 2021 (the “Order”), the Biden Administration has taken steps “to make bold changes and significant investments” in both public and private sector cybersecurity “in order to...more
On April 15, 2021, the Biden Administration took a significant step in announcing sanctions against the Russian Government and private Russian entities for multiple internationally-destabilizing activities, including the...more
Our Privacy, Cyber & Data Strategy Team delves into how a federal court decided that a data breach forensic report was discoverable despite efforts to protect it under attorney-client privilege and work product protections...more
As the Biden administration begins detailing its regulatory and enforcement priorities, it faces a new challenge on the health data privacy and security front. In University of Texas M.D. Anderson Cancer Center v. United...more
On January 12, 2021, Judge Boasberg (D.D.C.) ruled that a forensic report prepared for outside counsel following a cyber incident investigation was not protected under either attorney-client privilege or the work product...more
Businesses are facing long-term cybersecurity challenges as COVID-19 cases spike and remote work environments need to remain operational, scalable, and capable of flexing with cycles of coronavirus resurgence. Our...more
Most businesses are already familiar with the Fair Credit Reporting Act (“FCRA”) and the various requirements to protect the fairness, accuracy, and privacy of consumer credit information. However, a recent FTC enforcement...more
Data collection and analysis is becoming a key weapon in the fight against COVID-19 both here in the United States and around the globe. But as governments and tech companies roll out a variety of applications and contact...more
In the wake of stay-at-home orders stemming from the COVID-19 pandemic, companies have rushed to provide work-from-home options for many, if not all, of their employees. As exigency fades into the new normal, however, the...more
Governments are increasingly seeking to leverage consumer geolocation and other mobile device data to assist with fighting the spread of COVID-19, as cases continue to mount globally. Location data can be of significant...more
There’s more than a virus in the air – there’s malware and spyware too. Our Health Care and Cybersecurity Preparedness & Response Groups team up to list proactive steps HIPAA covered entities and business associates can take...more
The Cybersecurity Unit (“CsU”) of the Computer Crime and Intellectual Property Section of the Criminal Division of the United States Department of Justice (“CCIPS”) has released its guidance on “Legal Considerations when...more