DHS and Cyber: What Should Companies Expect?
The U.S. Department of Homeland Security (DHS) recently published new security requirements for certain restricted transactions covered by the U.S. Department of Justice’s (DOJ) sensitive data export rules. ...more
Executive Order (EO) 14117 is a national security rule intended to mitigate national security risks posed by threat countries’ access to sensitive personal data and government-related data. The EO directed the U.S....more
On January 16, 2025, former President Biden issued the Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the EO). The EO directs various parts of the federal government to adopt a...more
Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more
U.S. supply chain security is increasingly under threat. The White House’s National Security Strategy describes this moment as an inflection point. Many federal agencies have taken charge in elevating the very concept of...more
On October 21, 2024, the U.S. Department of Justice (Department or DOJ) and the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued proposals – required by the...more
Welcome to our inaugural issue of The Health Record - our healthcare law insights e-newsletter! As such, we wanted to pull together our insights and pass them along to you. Our goal is to create a publication that is...more
On May 7, 2024, the White House Office of the National Cyber Director (ONCD) released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity...more
As the development and use of AI continues to grow, the potential for security and safety incidents harming organizations and the public increases. Updated reporting and tracking processes for AI security and safety incidents...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
On February 28, 2024, President Biden issued Executive Order 14117 on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the EO). The EO empowers...more
Last October, the Federal Acquisition Regulation (FAR) Council proposed two new rules, one of which that will influence cyber incident response practices. The scope is limited as it only applies to federal government...more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a new program aimed at identifying and preventing ransomware attacks. The initiative is known as the Ransomware Vulnerability Warning...more
On March 1, 2023, the White House released a new National Cybersecurity Strategy (the Strategy) documenting the Biden-Harris administration’s approach to improving cybersecurity across the digital ecosystem. The Strategy...more
Big Boosts to Cybersecurity and Tech Funding in $1.7T Omnibus Bill Signed by Biden - “The bipartisan fiscal 2023 omnibus spending agreement includes $2.9 billion for the Cybersecurity and Infrastructure Security Agency, a...more
Outlook for This Week in the Nation’s Capital - Congress. The House and Senate are both in recess this week. When the Senate returns next week, it will hold a procedural vote on a bill to codify the right to same-sex...more
2021 was a game-changing year in cybersecurity. There were many high profile vulnerabilities and data breaches, and responses from the government and private sector. A few examples include Accellion, SolarWinds, Microsoft...more
Introduction - On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Act will require critical infrastructure organizations (defined below) to report...more
Companies should take steps now to prepare for the new rules and expectations. The US government continues to expand regulatory requirements around notification and disclosure of major cyberattacks or incidents. ...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), passed as part of the omnibus spending bill on March 15, 2022, will require critical infrastructure companies - which could include financial...more
Cybersecurity has emerged as a tangible risk for transportation service providers over the course of the last year. Ransomware attacks on domestic industry and critical infrastructure, and tensions associated with the Russian...more
The month of March has seen significant developments in the cybersecurity and data protection space. Here are four key legal developments that could be critical to your business. . . ...more
The new law will require critical infrastructure entities to report certain covered cybersecurity incidents to government agencies within 72 hours; ransomware payments within 24 hours. On March 15, President Biden signed...more
The potential for malicious cyber activity has been a concern for the Biden administration throughout the evolving crisis in Ukraine (including the imposition of sanctions against Russia). In response to the concern, the...more