DHS and Cyber: What Should Companies Expect?
On January 8, 2025, the U.S. Department of Justice (Department or DOJ) issued new rules required by then-President Biden’s February 2024 Executive Order (EO) 14117 to establish a new regulatory framework aimed at “Preventing...more
Cybersecurity in 2025 will continue to face escalating challenges from AI-driven threats, geopolitical tensions, and increased regulatory scrutiny. Organizations must adapt to sophisticated cyberattacks fueled by AI,...more
FCC Seeks Comment on Proposed Requirements for Covered Text Providers Under the 988 Suicide & Crisis Lifeline: In this Third Further Notice of Proposed Rulemaking (FNPRM), the Federal Communications Commission (FCC) requests...more
The Department of Justice (DOJ) has proposed a significant restriction on cross-border transfers of sensitive personal data to designated “countries of concern.” The goal is to address national security risks posed by...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
2023 has been a big year for AI with the landmark Executive Order for Safe, Secure, and Trustworthy Artificial Intelligence (EO) adding to the already busy and dynamic AI landscape. Issued less than two months ago, the EO has...more
On May 24, 2023, Microsoft announced the detection of a direct threat to critical infrastructure organizations in Guam and elsewhere in the United States. The alert attributed observed malicious activity to a state-sponsored...more
On September 27, 2023, The U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japanese National Police Agency (NPA), and...more
On September 19, 2023, the Department of Homeland Security (DHS) released a Report to Congress (Report) on the Harmonization of Cyber Incident Reporting to the Federal Government. The Report reflects on the 52 in-effect or...more
In an era where our lives are ever more intertwined with technology, the security of digital platforms is a matter of national concern. A recent large-scale cyberattack affecting several U.S. federal agencies and numerous...more
On March 2, 2023, the White House Office of the National Cyber Director (ONCD) released the National Cybersecurity Strategy (“Strategy”). The Strategy outlines the Administration’s priorities for cyber regulations and policy....more
California Privacy Protection Agency Releases Revised Regulations - With the effective date less than three months away, and ahead of a Board Meeting on October 28 and 29, the California Privacy Protection Agency released...more
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more
A proposed $1M civil penalty against Colonial Pipeline for its procedural failures during a ransomware attack could indicate what’s in store for critical infrastructure operators who fail to keep employees up to date on how...more
For just shy of a decade, the Defense Industrial Base (DIB) has had to operate under rules dictating the safeguarding of Controlled Unclassified Information, along with a strict 72-hour notification requirement if/when/should...more
Cybersecurity has emerged as a tangible risk for transportation service providers over the course of the last year. Ransomware attacks on domestic industry and critical infrastructure, and tensions associated with the Russian...more
What You Need to Know- •President Biden has called upon private sector businesses to take specific steps to implement certain “best practices” aimed at minimizing their cybersecurity risks in light of heightened concerns...more
What: On February 23, 2022, the National Security Telecommunications Advisory Committee (NSTAC) approved a final draft of its forthcoming report to the President on Zero Trust and Trusted Identity Management. ...more
Earlier this week, the U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB), as directed in President Biden’s Executive Order 14028 on Improving the Nation’s...more
On January 20, President Biden signed a memorandum aimed at improving the cybersecurity of the National Security, Department of Defense, and Intelligence Community Systems (together, the “National Security Systems)....more
Privacy In Focus®- In 2021, cyber gained prominence as a top business risk and national security concern with ransomware attacks wreaking havoc on business operations and critical infrastructure. Companies large and small,...more
A vulnerability so dangerous that Cybersecurity and Infrastructure (CISA) Director Jen Easterly called it “one of the most serious [she’s] seen in [her] entire career, if not the most serious” arrived just in time for the...more
What: The Transportation Security Administration (TSA) has issued two Security Directives aimed at passenger and freight railroad cybersecurity, continuing the government’s move to an increasingly regulatory approach to...more
The Cybersecurity and Infrastructure Security Agency (CISA) issued a sweeping binding directive to federal agencies to patch hundreds of cybersecurity vulnerabilities that are considered major risks for cyber actors to cause...more
On October 28, 2021, a bipartisan group of U.S. Senators introduced the Food Security is National Security Act of 2021 (the “Act”). Among other things, the Act would require the Committee on Foreign Investment in the United...more