Stephen Lilley

Stephen Lilley

Mayer Brown

Contact
View Bio
RSS

Latest Publications

Share:

2025 Cyber Incident Trends: What Your Business Needs to Know

Malicious actors continue to exploit our connected digital ecosystem, disrupting organizations across all sectors. Some of the most significant evolutions in the cyber threat landscape stem from artificial intelligence...more

10/20/2025  /  Artificial Intelligence , Cyber Threats , Cybersecurity , Data Security , Deep Fake , Incident Response Plans , Phishing Scams , Ransomware , Risk Management , Supply Chain , Third-Party Risk

Cybersecurity Information Sharing Act of 2015 Lapses

On September 30, 2025, the Cybersecurity Information Sharing Act of 2015 (“CISA 2015” or the “Act”) expired as it reached the end of its effective period without being reauthorized by Congress. Intended to enhance sharing of...more

10/7/2025  /  Antitrust Provisions , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Department of Justice (DOJ) , Federal Trade Commission (FTC) , Information Sharing , Liability , New Legislation , Proposed Legislation , Risk Management

California Enacts SB-53, Creating New Requirements for Developers of Frontier Artificial Intelligence Models and Related...

On September 29, 2025, Governor Gavin Newsom signed into law Senator Scott Wiener’s SB-53, which establishes new requirements for developers of frontier artificial intelligence (AI) models. Section 2 of the law enacts the...more

10/3/2025  /  Artificial Intelligence , California , Cybersecurity , Machine Learning , New Legislation , Regulatory Requirements , Reporting Requirements , Risk Management , Transparency , Whistleblowers

Department of Defense Releases Long-Anticipated Final Rule Implementing the Cybersecurity Maturity Model Certification Program

On September 9, 2025, the Department of Defense (DoD) published a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements to implement the Cybersecurity...more

9/16/2025  /  Cybersecurity , Cybersecurity Maturity Model Certification (CMMC) , Department of Defense (DOD) , DFARS , Federal Contractors , Final Rules , Regulatory Requirements , Reporting Requirements , Subcontractors , Supply Chain

Reducing Legal Risks From Ransomware Attacks: Lessons from Scattered Spider

Leading businesses continue to suffer cyber attacks at the hands of sophisticated ransomware groups. For example, the threat group “Scattered Spider” (also known as UNC3944, Octo Tempest, 0ktapus) is once again making...more

7/31/2025  /  Cyber Attacks , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Data Breach , Data Retention , Incident Response Plans , Law Enforcement , Multi-Factor Authentication , Ransomware , Social Engineering

Trump Administration Unveils AI Action Plan with Implications for Innovation, Infrastructure, and Global Tech Competition

On July 23, 2025, the Trump Administration unveiled a comprehensive national action plan for artificial intelligence (“Action Plan”), accompanied by three Executive Orders that begin implementing key elements of the...more

7/28/2025  /  Artificial Intelligence , Data Centers , Executive Orders , Export Controls , Innovation , National Security , Regulatory Reform , Semiconductors , Technology Sector , Trump Administration

US Commerce Department Finalizes Rule on Connected Vehicles With Supply Chain Links to China and Russia

On January 16, 2025, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule (the “Final Rule”) addressing national security concerns regarding information and communications technology...more

1/22/2025  /  Automotive Industry , Bureau of Industry and Security (BIS) , China , Final Rules , Hardware , Imports , National Security , Russia , Software , Supply Chain , U.S. Commerce Department

President Biden Issues Executive Order on Strengthening and Promoting Innovation in the Nations Cybersecurity

INTRODUCTION... On January 16, 2025, President Biden issued an Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, to further address increasing threats from nation-state actors...more

1/20/2025  /  Artificial Intelligence , Biden Administration , Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Department of Justice (DOJ) , Executive Orders , Federal Acquisition Regulations (FAR) , National Security

US China Trade Monthly - December 2024

As global economic and geopolitical environments enter a new era, companies need to continuously develop and adjust their coherent global business strategies to secure and further expand business opportunities in all markets...more

1/2/2025  /  Acquisitions , Artificial Intelligence , Bureau of Industry and Security (BIS) , Business Opportunities , Business Strategies , CFIUS , China , Compliance , Covered Transactions , Critical Infrastructure Sectors , Department of Homeland Security (DHS) , Department of Justice (DOJ) , Entity List , Exports , Final Rules , Financial Transactions , Forced Labor , Foreign Investment , Importers , Imports , Investment , Joint Venture , National Security , NPRM , Prohibited Transactions , Real Estate Transactions , Regulatory Requirements , Semiconductors , Sensitive Personal Information , Supply Chain , Trade Relations , Uyghur Forced Labor Prevention Act (UFLPA)

US Department of the Treasury Issues Final Rule to Regulate Outbound Investments

On October 28, 2024, the US Department of the Treasury (“Treasury”) issued a Final Rule to require the notification or prohibition of certain outbound investments and other transactions by US persons involving persons of...more

11/6/2024  /  Artificial Intelligence , Covered Transactions , Final Rules , Foreign Investment , Semiconductors , U.S. Treasury

Biden Administration Issues First-Ever National Security Memorandum on Artificial Intelligence

On October 24, 2024, President Biden issued the first-ever National Security Memorandum (NSM) on artificial intelligence (AI), fulfilling another directive (subsection 4.8) set forth in the Administration’s Executive Order on...more

11/5/2024  /  Artificial Intelligence , Biden Administration , Executive Orders , Innovative Technology , Machine Learning , National Security , Regulatory Oversight , Regulatory Requirements

Trends in US Cybersecurity Regulation

As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more

11/4/2024  /  Critical Infrastructure Sectors , Cyber Incident Reporting , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Data Breach , Data Security , Disclosure Requirements , Government Agencies , Incident Response Plans , National Security , Regulatory Agenda , Regulatory Oversight , Reporting Requirements , Risk Assessment , Risk Management , Securities and Exchange Commission (SEC)

Department of Justice Issues Notice of Proposed Rulemaking to Regulate Export of Sensitive Personal Data

On October 21, 2024, the Department of Justice (DOJ) released an unpublished Notice of Proposed Rulemaking (NPRM), Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by...more

10/24/2024  /  Data-Sharing , Department of Justice (DOJ) , International Data Transfers , International Emergency Economic Powers Act (IEEPA) , National Security , NPRM , Personal Data , Proposed Rules , Regulatory Agenda , Regulatory Reform , Sensitive Personal Information

US Department of Commerce Issues Proposal to Require Reporting Development of Advanced AI Models and Computer Clusters

On September 9, 2024, the US Department of Commerce’s (“Commerce”) Bureau of Industry and Security (BIS) released notice of a proposed rule to create a mandatory reporting requirement for artificial intelligence (AI)...more

9/23/2024  /  Artificial Intelligence , Bureau of Industry and Security (BIS) , Defense Production Act , Executive Orders , Machine Learning , National Security , Proposed Rules , Reporting Requirements , U.S. Commerce Department

CFIUS Announces $60 Million Penalty and Debuts New Enforcement Website

On August 14, 2024, the Committee on Foreign Investment in the United States (“CFIUS” or “Committee”) announced a $60 million penalty, “the largest penalty CFIUS has ever issued,” following its finding of material violations...more

8/20/2024  /  CFIUS , Civil Monetary Penalty , Enforcement Actions , National Security , New Guidance , Online Platforms , Regulatory Violations

US DoD Issues Class Deviation Delaying DFARS Implementation of Upcoming NIST SP 800-171, Revision 3

On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. The deviation relates to contractors’ compliance with...more

5/10/2024  /  Compliance , Cyber Incident Reporting , Cybersecurity , Department of Defense (DOD) , DFARS , Federal Contractors , National Security , NIST

Proposed Rule Issued to Implement Cyber Incident Reporting for Critical Infrastructure Act

On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more

4/1/2024  /  Critical Infrastructure Sectors , Cyber Attacks , Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , Cybersecurity , Data Breach , Data Preservation , Data Protection , Data Security , Department of Homeland Security (DHS) , Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) , Information Technology , NPRM , Proposed Rules , Ransomware , Regulatory Agenda

Commerce Considers ICTS-related Rules to Address Connected Vehicle Risks

On March 1, 2024, the US Department of Commerce’s (“Commerce”) Bureau of Industry and Security (“BIS”) published an Advance Notice of Proposed Rulemaking1 (the “Notice”) seeking public comments on potential regulation of the...more

3/19/2024  /  Bureau of Industry and Security (BIS) , China , Comment Period , Connected Cars , Data Collection , Executive Orders , Foreign Adversaries , Information Technology , Motor Vehicles , National Security , OEM , Proposed Rules , Public Comment , Regulatory Agenda , Rulemaking Process , U.S. Commerce Department

EU AI Act: European Parliament and Council Reach Agreement

On 9 December 2023, European Parliament negotiators and the Council presidency agreed on the final version of what is claimed to be the world's first-ever comprehensive legal framework on Artificial Intelligence; the European...more

12/12/2023  /  Artificial Intelligence , Data Protection , Digital Rights , EU , Facial Recognition Technology , Innovative Technology , Intellectual Property Protection , Machine Learning , Regulatory Reform

SEC Adopts Final Rules on Public Company Cybersecurity Disclosures of Incidents and Processes

Background and Summary - Table On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release (the “Adopting Release”), adopting final rules (the “Final Rules”) aimed at standardizing and...more

7/31/2023  /  Cyber Attacks , Cybersecurity , Data Breach , Disclosure Requirements , Publicly-Traded Companies , Securities and Exchange Commission (SEC) , Securities Regulation

Blackbaud Inc. to Pay $3 Million to SEC for Alleged Misleading Disclosures in 2020 Ransomware Attack

On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and...more

3/23/2023  /  Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Disclosure Requirements , Enforcement Actions , Misleading Statements , Ransomware , Securities and Exchange Commission (SEC) , Securities Violations

The Cyber Executive Order: Key Takeaways for Businesses

With high-profile cybersecurity incidents hitting the headlines, President Biden’s recent cybersecurity executive order seeks to strengthen security practices at federal agencies and government contractors. But what does the...more

12/28/2021  /  Biden Administration , Cyber Attacks , Cyber Threats , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Executive Orders , Popular , Private Sector , Ransomware , Risk Management

President Biden Issues National Security Memorandum on Critical Infrastructure Cybersecurity

On July 28, 2021, President Biden signed a national security memorandum that seeks to “significantly improve” the cybersecurity of critical infrastructure systems....more

8/4/2021  /  Biden Administration , Critical Infrastructure Sectors , Cyber Threats , Cybersecurity , Data Privacy , Data Protection , National Security , Oil & Gas

Critical Pipeline Cybersecurity Directive Released

In the wake of the May 2021 ransomware attack on a major US oil pipeline, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) has released a security directive (the “TSA Directive”) to...more

6/2/2021  /  Critical Infrastructure Sectors , Cyber Attacks , Cybersecurity , Department of Homeland Security (DHS) , Energy Policy , Hackers , National Security , Oil & Gas , Pipelines , Ransomware , Supply Chain , TSA
24 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide