DHS and Cyber: What Should Companies Expect?
This article is based on Carri Bennet’s April 9th presentation at the Palmetto Broadband Coalition Annual Convention in Greenville, S.C. In December 2024, the White House’s Deputy National Security Adviser for Cyber and...more
On January 8, 2025, the U.S. Department of Justice (Department or DOJ) issued new rules required by then-President Biden’s February 2024 Executive Order (EO) 14117 to establish a new regulatory framework aimed at “Preventing...more
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Tuesday, March 11, 2025, that the Multi-State Information Sharing and Analysis Center (MS-ISAC) will lose its federal funding and cooperative agreement...more
Cybersecurity in 2025 will continue to face escalating challenges from AI-driven threats, geopolitical tensions, and increased regulatory scrutiny. Organizations must adapt to sophisticated cyberattacks fueled by AI,...more
As we noted in Federal Cybersecurity Policy in 2025: What to Watch in Changing Times, key parts of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), the United States’ foundational cybersecurity information...more
The Department of Justice (DOJ) released a Final Rule restricting certain transfers of Americans’ sensitive personal data to identified countries of concern or covered individuals. The Final Rule continues to assert the DOJ...more
On January 14, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released the AI Cybersecurity Collaboration Playbook (the “Playbook”) to provide guidance to organizations within the AI community (including AI...more
The U.S. Department of Homeland Security (DHS) recently published new security requirements for certain restricted transactions covered by the U.S. Department of Justice’s (DOJ) sensitive data export rules. ...more
Executive Order (EO) 14117 is a national security rule intended to mitigate national security risks posed by threat countries’ access to sensitive personal data and government-related data. The EO directed the U.S....more
On December 27, 2024, the U.S. Department of Justice (DOJ) announced its final rule on the transfer of certain bulk sensitive personal data to China, Russia, and other countries. Following this, on January 3, 2025, the U.S....more
The incoming Trump administration is expected to make several policy changes likely to impact tech transactions. President-elect Donald Trump has promised to reduce regulation and cut federal bureaucracy, which he says have...more
On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States...more
On December 27, 2024, the Department of Justice (DOJ) released a Final Rule, Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons....more
FCC Seeks Comment on Proposed Requirements for Covered Text Providers Under the 988 Suicide & Crisis Lifeline: In this Third Further Notice of Proposed Rulemaking (FNPRM), the Federal Communications Commission (FCC) requests...more
Cybersecurity and national security collided in significant ways in 2024, with governments and private-sector entities grappling with the legal, technical, and policy challenges of a rapidly evolving cyber landscape....more
U.S. federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) (in coordination with similar agencies in Australia,...more
On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure”...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
In early October 2025, several media outlets reported that United States telecommunications services had been infiltrated by state affiliated threat actors linked to the People’s Republic of China (“PRC”). These reports were...more
As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more
U.S. supply chain security is increasingly under threat. The White House’s National Security Strategy describes this moment as an inflection point. Many federal agencies have taken charge in elevating the very concept of...more
On October 21, 2024, the U.S. Department of Justice (Department or DOJ) and the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued proposals – required by the...more
FCC Seeks Comment on Promoting the Integrity and Security of Telecommunications Certification Bodies, Measurement Facilities, and the Equipment Authorization Program: In this Notice of Proposed Rulemaking (NPRM), the Federal...more
On April 30, 2024 the White House updated the foundational U.S. government policy that defines critical infrastructure (CI) sectors and establishes a coordination structure within the federal government to support owners and...more
On April 30, 2024, the White House announced that President Biden signed a new critical infrastructure memorandum, titled National Security Memorandum on Critical Infrastructure Security and Resilience ("NSM-22"). This new...more