On February 9, 2021, the Securities and Exchange Commission (SEC) announced new proposed cybersecurity rules (Proposed Rules) for registered investment advisors and investment companies (funds) addressing cybersecurity risk...more
Since first announced in December 2021, the critical Log4j vulnerability has stolen the attention of many cybersecurity professionals. The Federal Trade Commission (FTC) has taken notice too....more
Small and medium-sized business are prime targets for ransomware attacks. After breaching a business's computer network and encrypting the company's key files and systems, attackers will demand a ransom payment in exchange...more
The Department of Defense (DoD) has announced major changes to its Cybersecurity Maturity Model Certification (CMMC) program for defense industrial base (DIB) contractors and subcontractors. The revamped program, called "CMMC...more
On October 21, 2021, the Department of Commerce's Bureau of Industry and Security (BIS) published its long-awaited Interim Final Rule establishing export controls for tools and related technology that can be used for hacking...more
November 8, 2021, may have been the most significant single day in the United States' "whole of government" anti-ransomware campaign. The Department of Justice, Department of the Treasury, and Department of State all...more
Privacy and security diligence has become standard in M&A transactions, but a one-size-fits-all approach won’t work. While form questionnaires have their place, companies need to know when to take a deeper, more technical...more
The Department of Defense (DoD) has announced major changes to its Cybersecurity Maturity Model Certification (CMMC) program for defense industrial base (DIB) contractors and subcontractors. The revamped program, called "CMMC...more
The Federal Trade Commission (FTC) recently announced significant new information security requirements for non-bank financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). The new requirements are incorporated...more
The Department of Justice (DOJ) is bringing one of its trustiest tools to the project of improving the nation's cybersecurity. The DOJ announced last week the launch of its Civil Cyber-Fraud Initiative which will use the...more
On September 21, 2021, the U.S. Department of the Treasury announced two major actions by the Office of Foreign Asset Control (OFAC) to combat ransomware: the release of OFAC's Updated Advisory on Potential Sanctions Risks...more
Over the last several weeks, the National Institute of Standards and Technology (NIST) has taken key steps towards the creation of a consumer labeling program for the cybersecurity of Internet of things (IoT) devices....more
Earlier this week, the White House announced that the Office of Management and Budget (OMB) has released a draft of the Federal Zero Trust Strategy—a plan for moving federal civilian executive branch (FCEB) agencies toward...more
The U.S. Securities and Exchange Commission (SEC) has continued to make cybersecurity disclosures an enforcement priority. Recent enforcement activity, summarized below, highlights these key points for SEC-regulated issuers....more
The Department of Homeland Security (DHS) announced the issuance of the Transportation Security Administration's (TSA) second Security Directive (Directive) creating mandatory cybersecurity rules for owners and operators of...more
It has been a busy summer for data breach and cybersecurity laws. Several states have shortened their data breach notification timelines, expanded their definitions of personal data breaches triggering notification...more
Following several high-profile cyberattacks against operators of U.S. critical infrastructure (CI), the White House has issued a National Security Memorandum (NSM) outlining the Biden Administration's plan to encourage...more
A recent magistrate decision from the Middle District of Pennsylvania adds to the growing body of cases limiting discovery protection for forensic reports and other materials prepared in response to a data security incident....more
Earlier this month, President Biden issued two executive orders designed to address risks allegedly posed by Chinese technology companies. One order rescinds President Trump's orders banning TikTok, WeChat, and other Chinese...more
The White House released an open letter on June 2, 2021, urging U.S. businesses to take "immediate steps" to protect themselves, their customers, and the broader economy against ransomware attacks. The letter comes amid...more
Last week, the U.S. Supreme Court resolved an important question about the meaning of provisions prohibiting "unauthorized access" or "exceeding authorized access" to computer systems and databases under the Computer Fraud...more
Less than a month after the high-profile ransomware attack against Colonial Pipeline, the Department of Homeland Security's (DHS) Transportation Security Administration (TSA) has issued its first-ever set of mandatory...more
The May 7, 2021, ransomware attack against Colonial Pipeline may be a turning point in the way the United States thinks about cybersecurity. The attack underscores the significant threat cyberattacks pose to operational...more
Now is a great time to review your security posture, as you have a new tool to help you. On May 18, 2021, the Center for Internet Security (CIS) released Version 8 of its CIS Controls, formerly known as the CIS Critical...more
On Wednesday, the White House released a widely anticipated Executive Order on Improving the Nation’s Cybersecurity (EO). The EO addresses four major areas of cybersecurity maturity for the federal government and its private...more