The White House has introduced the Cyber Trust Mark program, a voluntary labeling initiative to help consumers easily identify secure Internet of Things (IoT) devices....more
The ongoing use of unmanned aircraft systems (UAS) in combat has underscored the urgent need for the Department of Defense (DoD) to bolster its Counter-UAS (C-UAS) capabilities.
On December 5, 2024, DoD unveiled a...more
An Initial Roundup of Key Policy Issues and Expectations
The re-election of Donald Trump—empowered by at least a Republican-led Senate—marks a significant political and administrative change in the United States, with...more
11/8/2024
/ Affordable Care Act ,
China ,
Congressional Review Act ,
Corporate Counsel ,
Cryptocurrency ,
Deregulation ,
Energy Sector ,
Environmental Protection Agency (EPA) ,
Federal Budget ,
Foreign Investment ,
Foreign Policy ,
Immigration Procedures ,
Inflation Reduction Act (IRA) ,
Iran ,
Israel ,
Russia ,
Saudi Arabia ,
Securities and Exchange Commission (SEC) ,
Tariffs ,
Tax Cuts and Jobs Act ,
Trade Policy ,
Ukraine
Less than 10 months after the issuance of its proposed rule, DoD has issued this final rule establishing the CMMC program.
DoD’s issuance of the final rule demonstrates the government’s continued commitment to...more
The DoD takes yet another step towards full implementation of CMMC 2.0.
The proposed rule aims to implement many of the aspects of the Cybersecurity Maturity Model Certification program by amending the Department of...more
The term “smart cities” has become popular parlance for municipalities’ attempts to enhance delivery of urban services and infrastructure through information and communications technology. While they may conjure images of...more
7/24/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Transportation (DOT) ,
Infrastructure ,
Innovative Technology ,
Internet of Things ,
Privacy Concerns ,
Risk Mitigation ,
Surveillance ,
Transportation Industry ,
Urban Planning & Development
Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule.
The Department of Homeland Security has the authority to issue subpoenas and even penalties...more
4/10/2024
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Enforcement Actions ,
New Rules ,
NPRM ,
Popular ,
Proposed Regulation ,
Ransomware ,
Reporting Requirements ,
Risk Management
The Federal Communications Commission (FCC) has created a baseline for wireless consumer IoT products to protect against cybersecurity threats.
The voluntary program uses criteria established by the National Institute of...more
The proposed rule requires contractors to make annual affirmations regarding their cybersecurity maturity, thus increasing their risk of False Claims Act Liability.
The proposed rule allows for limited use of Plans of...more
1/19/2024
/ Code of Federal Regulations (CFR) ,
Contractors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
NIST ,
Proposed Rules ,
Security Controls ,
Subcontractors
In recent guidance, the Department of Justice made clear that it will very rarely grant an extension of registrants’ deadline to disclose material cybersecurity incidents under the SEC’s Final Rules.
Under the Securities and...more
1/15/2024
/ Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Fraud ,
Internal Controls ,
National Security ,
New Rules ,
Popular ,
Regulation S-K ,
Securities and Exchange Commission (SEC) ,
SolarWinds ,
Vulnerability Assessments
In the United States, the CRI pledge would only limit payments by the federal government, not state and local governments nor private-sector entities.
The International Counter Ransomware Initiative (CRI) convened in...more
n October 30, President Biden issued the long-awaited Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI), the first order to navigate AI’s impact across sectors and to...more
11/2/2023
/ Artificial Intelligence ,
Biden Administration ,
Competition ,
Copyright ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Executive Orders ,
FCC ,
Innovative Technology ,
Legislative Agendas ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Technology Sector
The FCC and House of Representatives have begun discussions on the safety and security of IoT modules from China.
The FCC adopted a Notice of Proposed Rulemaking to create an Internet of Things (IoT) cybersecurity labeling...more
8/28/2023
/ Audits ,
Biden Administration ,
China ,
Cybersecurity ,
Data Collection ,
FCC ,
Internet of Things ,
Labeling ,
National Security ,
Notice of Proposed Rulemaking (NOPR) ,
Security Standards ,
Telecommunications ,
Third-Party
Under the SEC’s rules, public companies that are subject to reporting requirements must promptly disclose material cybersecurity incidents.
The SEC’s Final Rules require public companies to report a material cybersecurity...more
7/31/2023
/ Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Investors ,
National Security ,
New Rules ,
Public Safety ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
The Department of Homeland Security amended its regulations due to the urgent need to protect Controlled Unclassified Information.
On June 21, 2023, the Department of Homeland Security (DHS or Department) issued a final...more
7/21/2023
/ Controlled Unclassified Information (CUI) ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Federal Contractors ,
Policies and Procedures
Although that new smart refrigerator might seem like a fun gadget and great way to sync up grocery lists, smart appliances have the potential to become vectors in malicious power grid attacks. Or what about the increasingly...more
Senate Majority Leader Chuck Schumer (D-NY) proposed a new framework to guide future artificial intelligence legislation and regulation, and other members of Congress are also considering legislation to address AI...more
Artificial intelligence wins big in President Biden’s FY 2024 budget request with billions in new funding proposed for AI-related research, hardware, software and services at the departments of Defense, Energy, Homeland...more
5/8/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Department of Transportation (DOT) ,
Enforcement ,
Federal Budget ,
Federal Trade Commission (FTC) ,
National Science Foundation ,
Popular ,
Regulatory Oversight
The Strategy’s liability proposal represents a fundamental change in the cybersecurity market for software markers.
Proposed legislation would seek to restrict software providers’ ability to limit liability while also...more
The SEC has nearly doubled the size of its Crypto Assets and Cyber Unit and has aggressively pursued cyber-related enforcement actions against public companies and regulated entities.
In a few months the SEC will finalize...more
2/6/2023
/ Cryptoassets ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
Investigations ,
Investment Adviser ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
SolarWinds
The SAFETY Act, a liability management program managed by the Department of Homeland Security, can be used by businesses to limit or eliminate potential liability associated with ransomware attacks.
To take advantage of...more
The grant program will be authorized and appropriated through the Infrastructure Investment and Jobs Act.
The State and Local Cybersecurity Grant Program will provide a “first-of-its-kind” investment to state, local and...more
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
7/11/2022
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Policy ,
Private Right of Action ,
Proposed Legislation ,
Small Business ,
Third-Party Service Provider
Providers of sports betting services must ensure that their cybersecurity protocols and data privacy policies adequately protect their systems and users.
Since the Supreme Court struck down the federal ban on sports gambling...more
5/11/2022
/ Casinos ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Incident Response Plans ,
Murphy v National Collegiate Athletic Association ,
Online Gaming ,
Policies and Procedures ,
Popular ,
Risk Management ,
SCOTUS ,
Sensitive Personal Information ,
Sports Betting ,
Sports Gambling
Under the new law, critical infrastructure owners and operators will be required to report significant cyber incidents to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA)...more
3/31/2022
/ Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
FBI ,
FOIA ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Penalties ,
Ransomware ,
Reporting Requirements ,
Transportation Security Administration ,
Virtual Currency