Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
The Federal Communications Commission (FCC) recently issued a Public Notice adding foreign-made consumer-grade routers to its Covered List, thereby prohibiting the authorization and importation of new device models....more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) will introduce mandatory US federal reporting of serious cyber incidents and ransomware payments affecting critical infrastructure. “Covered...more
A sweeping new federal cybersecurity mandate is on its way, and now is the time for businesses to build the infrastructure you’ll need to comply. The Cybersecurity and Infrastructure Security Agency (CISA) is finalizing draft...more
On March 18, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (the Alert) urging U.S. organizations to harden their endpoint management systems following the March 11, 2026 cyberattack against...more
Following the release of the Trump Administration’s new National Cyber Strategy, National Cyber Director Sean Cairncross noted in a virtual interview that the administration is considering changes to the existing cyber...more
The executive actions emphasize public-private partnerships, enhanced information sharing, and leveraging commercial cybersecurity capabilities....more
On February 13, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) within the US Department of Homeland Security published a notice in the Federal Register announcing that it would hold a series of town halls...more
Welcome to our second issue of 2026 of The Health Record -- our healthcare law insights e-newsletter. In this edition, we look at recent guidance from HHS urging healthcare providers to step up cybersecurity efforts,...more
Security researchers at Huntress Labs have identified a vulnerability in SolarWinds’s Web Help Desk that threat actors are exploiting to allow them to execute code remotely....more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is working to finalize a rule that would require large segments of industry to rapidly report to the government when...more
US critical infrastructure has historically been a prime target for threat actors due to the significant and far-reaching consequences of cyberattacks. Today, ongoing geopolitical tensions and escalating global conflict have...more
Threat actors had another banner year in 2025. As we head into 2026, looking back on the five top security threats of 2025 may inform our strategy and budgeting for 2026 to prepare for the continued onslaught of attacks....more
This holiday season—following a year of headline breaches, surging supply-chain attacks, and major regulatory changes—cyber resilience tops every corporate wish list. The Cybersecurity and Infrastructure Security Agency...more
With the U.S. Department of Justice’s Data Security Program (DSP) now in full effect, companies that handle sensitive personal data, operate across borders, or rely on global vendor ecosystems face an increasingly complex...more
On October 15, application security vendor F5, Inc. disclosed that a highly sophisticated nation-state threat actor maintained long-term, persistent access to certain F5 systems. The attackers exfiltrated portions of BIG-IP1...more
As Washington barrels through another government funding crisis, the most significant impact on the technology and security landscape isn’t happening in a committee room—it’s the effective shuttering of our nation’s frontline...more
On Tuesday, September 30, 2025, the Cybersecurity Information Sharing Act of 2015 (CISA 2015) expired after its 10-year effective period lapsed without reauthorization from Congress, in the wake of a government shutdown that...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and...more
Earlier this spring, the U.S. Department of Justice’s National Security Division (NSD) launched the data security program (DSP). The program is designed to address national security risks posed by foreign adversaries' access...more
On July 29, 2025, the Cybersecurity & Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security...more
Microsoft has confirmed that vulnerabilities in its on-premises SharePoint Server installations, a network spoofing vulnerability (CVE-202549706), and a remote code execution vulnerability (CVE-2025-49704) are being actively...more
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
Earlier this month the Cybersecurity and Infrastructure Security Agency (“CISA”), the U.S. federal agency under the Department of Homeland Security (“DHS”) whose mission is to protect the nation’s critical infrastructure from...more
The Department of Justice (DOJ) has issued guidance on its recently effective rule targeting foreign adversaries that "use commercial activities to access, exploit, and weaponize U.S. Government-related data and Americans'...more
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more