On February 26, 2024, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework 2.0 (CSF 2.0). CSF 2.0 represents the first major update to the Cybersecurity Framework, which was...more
Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity & Infrastructure Security Agency (CISA) is recommending that the patches be applied...more
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the responsible development and...more
On October 30, 2023, President Biden signed a first-of-its-kind executive order entitled, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("AI")....more
The FCC and House of Representatives have begun discussions on the safety and security of IoT modules from China. The FCC adopted a Notice of Proposed Rulemaking to create an Internet of Things (IoT) cybersecurity labeling...more
AI may be both the most “powerful capability of our time” and the “most powerful weapon of our time." That’s according to Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, when interviewed...more
Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. By design, OT underpins many critical...more
The Association for Uncrewed Vehicle Systems International (AUVSI), the world’s leading trade association for drones and other autonomous vehicles, announced a collaboration with the Department of Defense’s (DOD) Defense...more
The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information...more
The Federal Government continues ramping up enforcement of data security requirements by deploying significant new enforcement theories and tools in support of cyber and data security controls required by federal law....more
Last month, on Data Privacy Day, Colorado’s Attorney General Philip Weiser released prepared remarks entitled “The Way Forward on Data Privacy and Data Security” that shed some light on his approach to enforcing Colorado’s...more
Last week, the White House issued a new Executive Order (the “EO” or “Order”) on cybersecurity. The EO responds to ever-increasing malicious cyber campaigns threatening the public and private sectors and the American people’s...more
You executives and managers who are in my age group (that is, you didn’t grow up with mobile devices and computers) listen up. According to several studies, you pose a higher security risk to your organization than the...more
Following the UK Government's announcement in January 2020 that it would be moving forwards with regulation on consumer IoT device security, the Government has now published its legislative proposals and is seeking feedback...more
If you are reading this during April 2020, you’re probably reading it from somewhere in your own home — and probably near the friends and loved ones with whom you’re living in close quarters during this time of remote work,...more
The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in...more
Earlier this month the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act") went into effect. The law, which was signed in July of last year by Governor Andrew Cuomo, makes several important changes to New...more
In the midst of the coronavirus pandemic when more condo and coop board business is being conducted electronically than ever before, the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) will go into effect on...more
The U.S. Food and Drug Administration (FDA) announced a set of cybersecurity vulnerabilities, referred to as “SweynTooth,” that – if exploited – may introduce risks for certain Bluetooth enabled medical devices. ...more
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week. ...more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
In the fall of last year, we wrote about the passage of the SHIELD Act (the Act) in New York, which expanded aspects of the state’s breach notification requirements (Breach Requirements) and created a statutory obligation to...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more