DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
Pursuant to President Biden’s October 2023 AI executive order, the US Department of Treasury (Treasury) released a report on cybersecurity risks in the financial services sector in March 2024. While recognizing the...more
On November 13, 2023, Governor Kathy Hochul announced plans to regulate cybersecurity for New York general hospitals regulated under Article 28 of the Public Health Law. As proposed, the regulations will provide an additional...more
The development of artificial intelligence (AI) and particularly Generative Artificial Intelligence (GenAI) has exploded in recent years, prompting government officials including the Biden administration to call for studies...more
Cybersecurity is a top concern for all industries, particularly for the pharmaceutical and medical device industries. These industries hold some of the most sensitive data and highly valuable technology, making them prime...more
Just last week, researchers at Robust Intelligence were able to manipulate NVIDIA’s artificial intelligence software, the “NeMo Framework,” to ignore safety restraints and reveal private information. According to reports, it...more
Like it or not, the remote workforce is here to stay. Statistics show that employees say they are more productive working from home, and even before the global pandemic, there had been a 44% growth in the remote workforce...more
An information security framework, when done properly, will allow any security leader to more intelligently manage their organization's cyber risk. The framework consists of a number of documents that clearly define the...more
EPA Aims to Mitigate Risk of Cyberattack on Public Water Systems On March 3, 2023, the U.S. Environmental Protection Agency (EPA) issued its Memorandum Addressing Public Water System (PWS) Cybersecurity in Sanitary Surveys or...more
Quick Take: The SEC proposed new requirements for several different market entities designed to mitigate cybersecurity risk, including requirements relating to written policies and procedures and notifications about...more
The modern security ecosystem is diverse and ever-changing, a place where cyber risk is top of mind for leaders at all levels, and threats to information / data security and privacy evolve at the speed of the technical...more
Medical device cybersecurity continues to create buzz, as the FBI issues a Private Industry Notification to health care providers outlining cybersecurity risks for medical devices. This follows FDA’s released Draft Guidance...more
The concept of “security by obscurity” is officially outdated. In recent years, cyber-attacks have become increasingly sophisticated, destructive, and indiscriminate. In today’s landscape, cyber threats can come from internal...more
The Illinois Department of Insurance (the "Department") recently released guidance to all regulated entities concerning vulnerabilities in Microsoft's Exchange Server installations. Issued on the heels of other state and...more
As discussed in “Business Continuity Planning Part 1: Managing Risk by Developing a Business Continuity Plan,” it is often the case that the difference between a failing business and company of great value, surviving for...more
Stichting Internet Domeinregistratie Nederland or SIDN, the Registry operator of the country code Top Level Domain (ccTLD) .NL (the Netherlands) appears to be increasing its efforts in its fight against cybercrime....more
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing...more
Growing Chinese illicit finance threats, vulnerabilities, and exposure are combining to increase illicit financing risk in the international financial system, judging from a series of recent advisories, sanctions actions,...more
Governor Pritzker recently signed into law Public Act 101-0455 amending the School Safety Drill Act (105 ILCS 128/1) to require threat assessment procedures and the creation of threat assessment teams in school districts...more
In its recent Cybersecurity Strategy, the U.S. Department of Homeland Security (DHS) defined “cyberspace” as “the independent network of information technology infrastructure, including the Internet, telecommunications...more
President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were...more
Cybersecurity risks to the health and medical device sector continue to be front and center both in Congress and the executive branch, with increasing risks coming from nation states, nonstate actors and other attackers. The...more
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more
From insulin pumps and pacemakers to defibrillators, medical devices increasingly rely on wireless and internet connectivity for efficient operations. Unfortunately, these interconnections also leave devices vulnerable to an...more
On December 11, a homemade explosive device was set off in an underground walkway connecting two New York City subway lines beneath the Port Authority bus terminal near Times Square, which accommodates 220,000 passenger trips...more