DHS and Cyber: What Should Companies Expect?
Welcome to our inaugural issue of The Health Record - our healthcare law insights e-newsletter! As such, we wanted to pull together our insights and pass them along to you. Our goal is to create a publication that is...more
On May 7, 2024, the White House Office of the National Cyber Director (ONCD) released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity...more
As the development and use of AI continues to grow, the potential for security and safety incidents harming organizations and the public increases. Updated reporting and tracking processes for AI security and safety incidents...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
On February 28, 2024, President Biden issued Executive Order 14117 on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the EO). The EO empowers...more
Last October, the Federal Acquisition Regulation (FAR) Council proposed two new rules, one of which that will influence cyber incident response practices. The scope is limited as it only applies to federal government...more
The amended rules follow the Biden Administration’s “whole of government” approach to maximizing notifications to executive agencies of cybersecurity events. On December 21, 2023, a divided Federal Communications...more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a new program aimed at identifying and preventing ransomware attacks. The initiative is known as the Ransomware Vulnerability Warning...more
On March 1, 2023, the White House released a new National Cybersecurity Strategy (the Strategy) documenting the Biden-Harris administration’s approach to improving cybersecurity across the digital ecosystem. The Strategy...more
Big Boosts to Cybersecurity and Tech Funding in $1.7T Omnibus Bill Signed by Biden - “The bipartisan fiscal 2023 omnibus spending agreement includes $2.9 billion for the Cybersecurity and Infrastructure Security Agency, a...more
Outlook for This Week in the Nation’s Capital - Congress. The House and Senate are both in recess this week. When the Senate returns next week, it will hold a procedural vote on a bill to codify the right to same-sex...more
2021 was a game-changing year in cybersecurity. There were many high profile vulnerabilities and data breaches, and responses from the government and private sector. A few examples include Accellion, SolarWinds, Microsoft...more
Introduction - On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Act will require critical infrastructure organizations (defined below) to report...more
Companies should take steps now to prepare for the new rules and expectations. The US government continues to expand regulatory requirements around notification and disclosure of major cyberattacks or incidents. ...more
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The enactment of CIRCIA follows attacks on critical infrastructure, such as the May 2021...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), passed as part of the omnibus spending bill on March 15, 2022, will require critical infrastructure companies - which could include financial...more
Cybersecurity has emerged as a tangible risk for transportation service providers over the course of the last year. Ransomware attacks on domestic industry and critical infrastructure, and tensions associated with the Russian...more
The month of March has seen significant developments in the cybersecurity and data protection space. Here are four key legal developments that could be critical to your business. . . ...more
The new law will require critical infrastructure entities to report certain covered cybersecurity incidents to government agencies within 72 hours; ransomware payments within 24 hours. On March 15, President Biden signed...more
The potential for malicious cyber activity has been a concern for the Biden administration throughout the evolving crisis in Ukraine (including the imposition of sanctions against Russia). In response to the concern, the...more
In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is...more
On March 1, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022, which will require critical infrastructure companies to report significant cyber-incidents and all ransom payments to the...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 ("the Act") was signed into law by the President on March 15, 2022, as part of the Consolidated Appropriations Act. The purpose of the Act is to educate...more
On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President...more