On October 21, 2024, the U.S. Department of Justice (Department or DOJ) and the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued proposals – required by the...more
10/24/2024
/ Biden Administration ,
Biometric Information ,
CFIUS ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Exempt Transactions ,
Foreign Entities ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
NPRM ,
Prohibited Transactions ,
Recordkeeping Requirements ,
Reporting Requirements ,
Restricted Transactions ,
Sensitive Personal Information
We invite you to join us for an insightful webinar on Best Practices in Cyber Preparedness for Government Contractors and Critical Infrastructure Operators on Wednesday, October 23, 2024, from 12:00 p.m. – 1:00 p.m. EDT....more
10/10/2024
/ Best Practices ,
Continuing Legal Education ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Contractors ,
Incident Response Plans ,
Regulatory Requirements ,
Risk Mitigation ,
Webinars
WHAT: The U.S. Department of Defense (DOD) just published the second of two proposed rules setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The earlier...more
8/16/2024
/ Controlled Unclassified Information (CUI) ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Proposed Rules ,
Reporting Requirements
Verizon released its Data Breach Investigations Report (DBIR) for 2024, an annual treat that highlights some trends companies should be aware of as they manage their cybersecurity programs and respond to and anticipate new...more
On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance (Corp Fin) added to its Compliance and Disclosure Interpretations (C&DI) related to disclosure of Material Cybersecurity...more
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
6/10/2024
/ Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
Information Technology ,
NDAA ,
NIST ,
OMB ,
Regulatory Agenda
Companies, particularly those in “critical infrastructure” sectors, have seen a dramatic increase in cybersecurity regulatory requirements in just the past few years – and the White House is looking to move faster. At the...more
The Security and Exchange Commission (SEC) Director of the Division of Corporate Finance, Erik Gerding, released a statement on May 21, 2024 that may have regulated entities scratching their heads about compliance and the...more
On April 30, 2024 the White House updated the foundational U.S. government policy that defines critical infrastructure (CI) sectors and establishes a coordination structure within the federal government to support owners and...more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
Financial Services Industry ,
Food and Drug Administration (FDA) ,
Healthcare ,
ICANN ,
Information Technology ,
NPRM ,
Popular ,
Ransomware ,
Recordkeeping Requirements ,
Securities and Exchange Commission (SEC)
On March 5, 2024, the Department of Justice (DOJ) issued an Advance Notice of Proposed Rulemaking (ANPRM) regarding Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern. The...more
3/14/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Artificial Intelligence ,
Big Data ,
Cross-Border ,
Customer Proprietary Network Information (CPNI) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Data Transfers ,
Department of Justice (DOJ) ,
Executive Orders ,
Military Service Members ,
National Security ,
Popular ,
Sensitive Personal Information ,
USTR ,
WTO
On March 1, 2024, at the direction of President Biden, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) published an Advanced Notice of Proposed Rulemaking (ANPRM) seeking public comment on the proposed...more
3/11/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Automotive Industry ,
Bureau of Industry and Security (BIS) ,
Connected Cars ,
Critical Infrastructure Sectors ,
Department of Justice (DOJ) ,
Executive Orders ,
Foreign Adversaries ,
Information and Communication Technology (ICT) ,
National Security ,
OEM ,
U.S. Commerce Department
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
On February 28, 2024, the White House released a highly anticipated and far-reaching Executive Order (EO) that directs several new regulatory steps to limit the transfer of sensitive personal data outside of the United States...more
3/4/2024
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
CFIUS ,
Consumer Financial Protection Bureau (CFPB) ,
Cross-Border Transactions ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
Mobile Apps ,
Office of Foreign Assets Control (OFAC) ,
Privacy Concerns ,
Secretary of Defense ,
Sensitive Personal Information ,
Smart Devices ,
Telecommunications ,
U.S. Commerce Department
Federal regulators continue to target Artificial Intelligence (AI), using colorful rhetoric to signal skepticism and justify regulatory oversight. In recent remarks addressing the use of AI in financial markets, SEC Chairman...more
As we enter the New Year, Wiley has looked back at the top cyber issues for 2023 and what they mean for 2024. Last year, we saw the rollout of the National Cybersecurity Strategy—which outlined a new era of cyber oversight—as...more
1/3/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Environmental Protection Agency (EPA) ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Federal Trade Commission (FTC) ,
FISA ,
NIST ,
NSTAC ,
NYDFS ,
OMB ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
TSA
For most filers, the U.S. Securities and Exchange Commission’s (SEC) new Form 8-K rules for reporting material cybersecurity incidents took effect yesterday, December 18, 2023. The rule has been controversial and created some...more
The cyber reporting landscape is rapidly shifting. Many agencies are developing rules, and a major player has been the U.S. Securities and Exchange Commission (SEC), with important questions arising about implementation of...more
12/14/2023
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
National Security ,
Public Disclosure ,
Public Safety ,
Risk Management ,
Securities and Exchange Commission (SEC)
As heated debate continues over possible changes to the Foreign Intelligence Surveillance Act (FISA), which is poised to expire later this month, we wanted to provide some perspective on a few practical issues. As former DOJ...more
12/13/2023
/ Cyber Threats ,
Data Collection ,
Department of Justice (DOJ) ,
Electronic Communications ,
Espionage ,
FBI ,
FISA ,
Intellectual Property Protection ,
National Security ,
NDAA ,
Popular ,
Senate Judiciary Committee ,
Surveillance
On December 18, the Securities and Exchange Commission's (SEC) new disclosure requirements go into effect and will require public companies to publicly report material cybersecurity incidents within four days of making a...more
12/12/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Governance Standards ,
National Security ,
Public Safety ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
The Black Cat/ALPHV ransomware group filed a complaint with the U.S. Securities and Exchange Commission (SEC) to allege that one of their victims failed to disclose a cyberattack to the SEC within four days, reports Bleeping...more
Information sharing has seemed like the “holy grail” of federal cyber policy: sought after but elusive, especially to those who think it will solve their problems. At a time of increased regulation and looming mandates for...more
Wiley’s cyber team talks about cyber incident reporting after a new report from DHS advising Congress on duplication of reporting regimes. With over 50 reporting requirements spread over 20 agencies, federal agencies and the...more
Cybersecurity continues to be top of mind for federal and state policymakers. This advisory identifies and analyzes some major recent developments that present opportunities and challenges in the coming months for a broad...more
8/4/2023
/ Biden Administration ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Department of Defense (DOD) ,
Disclosure Requirements ,
FCC ,
Federal Agency Taskforce ,
Oil & Gas ,
OIRA ,
Pipelines ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
TSA
Public companies will soon face new cybersecurity disclosure requirements from the Securities and Exchange Commission (SEC), which voted last week to approve a controversial new cybersecurity rule. The final rule—which is...more
8/2/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)