DHS and Cyber: What Should Companies Expect?
The landmark Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been reauthorized retroactively from its original September 30, 2025 expiration for a limited one-year period. This development was the result of the...more
Congress has renewed the Cybersecurity Information Sharing Act of 2015 (CISA 2015) until September 30, 2026, as part of the spending bill signed by the president yesterday, February 3, 2026. The renewal comes as welcome news...more
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
On November 25, 2025, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued an alert regarding advanced spyware campaigns targeting mobile devices. The warning identifies messaging apps and social media...more
2025 saw a range of activity at the intersection of privacy, data security, and national security, including new types of threats, significant U.S. regulatory actions by multiple agencies, legislative lapses and new...more
This holiday season—following a year of headline breaches, surging supply-chain attacks, and major regulatory changes—cyber resilience tops every corporate wish list. The Cybersecurity and Infrastructure Security Agency...more
The guidance on integrating AI into OT systems sets expectations for safety, governance and transparency. On December 3, 2025, CISA, the NSA, the FBI and several international cyber authorities released Principles for the...more
In September 2025, we issued a client alert warning about the BRICKSTORM malware campaign and recommended steps to strengthen your organization’s defenses. On Dec. 4, 2025, the Cybersecurity and Infrastructure Security Agency...more
Space and satellite systems underpin a wide range of critical functions, including global communications, navigation, scientific research, defense operations, and essential infrastructure services. As both government and...more
Selected U.S. Privacy & Cyber Updates - SEC Dismisses Remaining Claims Against SolarWinds - On November 20, 2025, the Securities and Exchange Commission (SEC) dismissed its landmark enforcement action against SolarWinds Corp....more
In 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). It developed out of the federal government’s perceived need to be better prepared for cybersecurity...more
A November 13, 2025, a Cybersecurity Advisory warned that new activity by the Akira ransomware variant “presents an imminent threat to critical infrastructure.” The Advisory was jointly issued by four U.S. agencies, the...more
Executive Summary - On November 12, 2025, President Trump signed a bipartisan funding package that officially reopened the federal government after a six-week shutdown and temporarily reinstated two major cybersecurity...more
Congress included in the appropriations bill of November 12, 2025, an extension of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), 6 U.S.C. §§ 1501–10, through January 30, 2026....more
Cybersecurity risks are evolving, in part because bad actors – including scammers and fraudsters – are leveraging widely available artificial intelligence (AI) tools for nefarious purposes. In the escalating fraud landscape,...more
When the Colonial Pipeline ransomware attack paralyzed fuel distribution across the East Coast in 2021, both government and private entities raced to exchange cyber threat data to prevent further disruption....more
All aspects of the United States Department of Justice (DOJ)’s final rule, “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” are now in force. Also...more
The expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 2015 or the Act) on September 30, 2025 has quietly reshaped how organizations should approach cyber threat intelligence sharing. For the past decade,...more
The day before the recent federal government shutdown, a ten-year old cybersecurity law expired before it could be reauthorized. The Cybersecurity Information Sharing Act of 2015 (“CISA”) provided a mechanism for private...more
The recent shutdown of the federal government has left many critical services in limbo, including the nation’s primary cybersecurity agency. Amid the ongoing budget standoff in Congress, funding for the Cybersecurity and...more
As Washington barrels through another government funding crisis, the most significant impact on the technology and security landscape isn’t happening in a committee room—it’s the effective shuttering of our nation’s frontline...more
UPDATE: Despite being touted as the single most successful piece of cybersecurity legislation, and despite enjoying broad bipartisan and bicameral support, the Cybersecurity Information Sharing Act of 2015 (CISA 2015, "The...more
On Tuesday, September 30, 2025, the Cybersecurity Information Sharing Act of 2015 (CISA 2015) expired after its 10-year effective period lapsed without reauthorization from Congress, in the wake of a government shutdown that...more