Congress has directed the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to create broad new rules for mandatory cyber incident reporting to be imposed on critical...more
On August 11, 2022, the Consumer Financial Protection Bureau (CFPB) published a Circular stating that the failure of financial institutions, including nonbank financial firms such as fintech companies and credit reporting...more
Public comments in an ongoing cybersecurity proceeding at the National Institute of Standards and Technology (NIST) highlight the utility of a foundational cybersecurity document while also providing suggestions for its...more
In March 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requiring critical infrastructure to report significant cyber incidents and ransomware payments to the Cybersecurity...more
Late 2021 and early 2022 have been full of federal government activity related to cybersecurity incident reporting. Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 to require mandatory...more
3/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Department of Homeland Security (DHS) ,
Popular ,
Securities and Exchange Commission (SEC) ,
TSA
What: On February 23, 2022, the National Security Telecommunications Advisory Committee (NSTAC) approved a final draft of its forthcoming report to the President on Zero Trust and Trusted Identity Management. ...more
2/28/2022
/ Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Multi-Factor Authentication ,
National Security ,
NIST ,
NSTAC ,
OMB ,
Popular ,
Risk Management ,
Telecommunications
What: Cleared Defense Contractors (CDCs) are being actively targeted by Russian state-sponsored cyber activity, according to a Joint Cybersecurity Advisory from the Federal Bureau of Investigation (FBI), National Security...more
2/17/2022
/ Bad Actors ,
Controlled Unclassified Information (CUI) ,
Critical Infrastructure Sectors ,
Cyber Weapons ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Information Sharing Act (CISA) ,
Defense Sector ,
Department of Defense (DOD) ,
FBI ,
Federal Contractors ,
Information Technology ,
Intelligence Services ,
Multi-Factor Authentication ,
NIST ,
Passwords ,
Popular ,
Russia ,
Sensitive Business Information ,
Subcontractors ,
Technology Sector
Federal agencies have been actively looking at cyber threats to critical infrastructure. In a January 27 announcement the White House said: “it will extend the Industrial Control Systems (ICS) Cybersecurity Initiative to the...more
1/28/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Environmental Protection Agency (EPA) ,
Information Technology ,
Joe Biden ,
NDAA ,
Pipelines ,
Popular ,
Railways ,
Ransomware ,
Wastewater ,
Water ,
Wiretap Act
What: The Transportation Security Administration (TSA) has issued two Security Directives aimed at passenger and freight railroad cybersecurity, continuing the government’s move to an increasingly regulatory approach to...more
12/6/2021
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Enforcement Actions ,
Espionage ,
National Security ,
NIST ,
Owner-Operators ,
Popular ,
Railroads ,
Risk Assessment ,
Transportation Security Administration ,
TSA ,
Unauthorized Access
What: On November 16, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released Federal Government Cybersecurity Incident and Vulnerability Playbooks as part of the Biden Administration’s efforts to improve...more
11/18/2021
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Popular ,
Private Sector ,
Technology Sector
The Cybersecurity and Infrastructure Security Agency (CISA) issued a sweeping binding directive to federal agencies to patch hundreds of cybersecurity vulnerabilities that are considered major risks for cyber actors to cause...more
11/9/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Hackers ,
National Security ,
Popular ,
Private Sector ,
Technology Sector
The U.S. Department of Homeland Security (DHS) has been central in federal cybersecurity policy for years, as an important non-regulatory body that convenes the private sector, works across agencies, and protects information...more
The old saying goes, personnel is policy. This may be particularly true at this point in federal cybersecurity policy, where multiple agencies and Congressional committees play changing roles, including expanding capacities...more
On January 19, 2021 the Senate Homeland Security and Government Affairs Committee (HSGAC) held a hearing on the nomination of Alejandro N. Mayorkas to be the Secretary of the Department of Homeland Security (the Department or...more
On December 17, 2020, the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force (“the Task Force”)—a public-private partnership whose membership includes industry representatives from...more
As we all look forward to closing the book on 2020 and await the promise of a new year, we can see the coming landscape in cybersecurity and cyber policy will be heavily influenced by developments and events from this past...more
Last month, the Department of Homeland Security’s (DHS), Cybersecurity and Infrastructure Security Agency (CISA), issued a comprehensive Insider Threat Mitigation Guide to help organizations establish or enhance insider...more
Megan Brown sits down with one of Wiley’s newest attorneys, Sam Kaplan, former Assistant Secretary for Cyber, Infrastructure, Risk and Resilience Policy at the U.S. Department of Homeland Security (DHS), to discuss the...more
11/17/2020
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Hackers ,
National Security ,
Private Sector ,
Technology Sector