On August 14, 2024, the Committee on Foreign Investment in the United States (“CFIUS” or “Committee”) announced a $60 million penalty, “the largest penalty CFIUS has ever issued,” following its finding of material violations...more
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
The deviation relates to contractors’ compliance with...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Preservation ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
NPRM ,
Proposed Rules ,
Ransomware ,
Regulatory Agenda
On March 1, 2024, the US Department of Commerce’s (“Commerce”) Bureau of Industry and Security (“BIS”) published an Advance Notice of Proposed Rulemaking1 (the “Notice”) seeking public comments on potential regulation of the...more
3/19/2024
/ Bureau of Industry and Security (BIS) ,
China ,
Comment Period ,
Connected Cars ,
Data Collection ,
Executive Orders ,
Foreign Adversaries ,
Information Technology ,
Motor Vehicles ,
National Security ,
OEM ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Rulemaking Process ,
U.S. Commerce Department
On 9 December 2023, European Parliament negotiators and the Council presidency agreed on the final version of what is claimed to be the world's first-ever comprehensive legal framework on Artificial Intelligence; the European...more
Background and Summary -
Table On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release (the “Adopting Release”), adopting final rules (the “Final Rules”) aimed at standardizing and...more
On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and...more
With high-profile cybersecurity incidents hitting the headlines, President Biden’s recent cybersecurity executive order seeks to strengthen security practices at federal agencies and government contractors. But what does the...more
12/28/2021
/ Biden Administration ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
Popular ,
Private Sector ,
Ransomware ,
Risk Management
On July 28, 2021, President Biden signed a national security memorandum that seeks to “significantly improve” the cybersecurity of critical infrastructure systems....more
In the wake of the May 2021 ransomware attack on a major US oil pipeline, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) has released a security directive (the “TSA Directive”) to...more
6/2/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Energy Policy ,
Hackers ,
National Security ,
Oil & Gas ,
Pipelines ,
Ransomware ,
Supply Chain ,
TSA