DHS and Cyber: What Should Companies Expect?
Cybersecurity in 2025 will continue to face escalating challenges from AI-driven threats, geopolitical tensions, and increased regulatory scrutiny. Organizations must adapt to sophisticated cyberattacks fueled by AI,...more
Publications & Advisories - November 2024 – Kathleen Benway, Jennifer Everett, Alysa Austin, and Kristen Bartolotta published “Federal Trade Commission’s Updated Health Breach Notification Rule Is Now in Effect” in Employee...more
On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure”...more
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, along with its security partners in Australia, Canada, New Zealand, and the...more
As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more
Verizon released its Data Breach Investigations Report (DBIR) for 2024, an annual treat that highlights some trends companies should be aware of as they manage their cybersecurity programs and respond to and anticipate new...more
Selected U.S. Privacy and Cyber Updates - CISA Posts Notice of Proposed Rulemaking Under CIRCIA - On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM)...more
The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
On May 24, 2023, Microsoft announced the detection of a direct threat to critical infrastructure organizations in Guam and elsewhere in the United States. The alert attributed observed malicious activity to a state-sponsored...more
Last month the Federal Acquisition Regulatory (FAR) Council announced a major proposal regarding cybersecurity incident reporting and information. Comments currently are now due by February 2, 2024....more
Information sharing has seemed like the “holy grail” of federal cyber policy: sought after but elusive, especially to those who think it will solve their problems. At a time of increased regulation and looming mandates for...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
It has been over a year since the Colonial Pipeline cybersecurity incident, and the Department of Homeland Security’s Transportation Security Administration (“TSA”) continues to issue cybersecurity directives to owners and...more
Cybersecurity is the goliath of tech-related concerns for companies of all sizes, not just large corporations. The Cybersecurity & Infrastructure Security Agency (“CISA”) encourages small and midsize businesses to focus on...more
As the adoption of 5G technology by many private and public organizations approaches, assessments are being put in place to evaluate whether federal agencies can operate with 5G technology. Regulation agencies in...more
What You Need to Know- •President Biden has called upon private sector businesses to take specific steps to implement certain “best practices” aimed at minimizing their cybersecurity risks in light of heightened concerns...more
The U.S. Cybersecurity & Infrastructure Agency (CISA) has issued a rare “shields up” warning regarding cybersecurity attacks, saying that every organization, of every size, should be prepared to respond to disruptive cyber...more
Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more
The Apache Log4j vulnerability continues to command significant attention throughout the public and private sectors. In a recent interview, the director of the US Cybersecurity and Infrastructure Security Agency (CISA)...more
On December 15, 2021, Congress passed the National Defense Authorization Act (NDAA or Act) for Fiscal Year (FY) 2022, which President Biden is expected to sign into law soon. As usual, the NDAA contains numerous provisions...more
What: The Transportation Security Administration (TSA) has issued two Security Directives aimed at passenger and freight railroad cybersecurity, continuing the government’s move to an increasingly regulatory approach to...more
Labor Day weekend is upon us. Unfortunately, history has shown that, rather than resting, hackers and other threat actors take advantage of holidays to attack closed or understaffed businesses when they least expect it. To...more
President Biden signed an executive order to bolster the federal government’s cybersecurity posture on May 12. The order focuses on implementing vital improvements to networks of federal departments and agencies, many of...more
On May 27, 2021, against the backdrop of the Colonial Pipeline cybersecurity incident, the Department of Homeland Security’s Transportation Security Administration (“TSA”) announced Security Directive Pipeline-2021-01...more