In early October 2025, several media outlets reported that United States telecommunications services had been infiltrated by state affiliated threat actors linked to the People’s Republic of China (“PRC”). These reports were...more
Ransomware attacks are hitting record highs in 2024 and show no sign of slowing down as new criminal groups enter the scene and employ a variety of evolving tactics. This post identifies key highlights of ransomware activity...more
A recent joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3) warns of increased collaboration...more
On July 28, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) announced that they piloted an Artificial Intelligence (AI)-enabled vulnerability program to help detect and remediate vulnerabilities in the U.S....more
8/12/2024
/ Algorithms ,
Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Federal Pilot Programs ,
Innovative Technology ,
Machine Learning ,
Pilot Programs ,
Software ,
Technology Sector
On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with the Joint Cyber Defense Collaborative (JCDC) to hold the federal government’s first tabletop exercise for “AI security...more
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For...more
Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of...more
On October 4, 2023, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published Identity and Access Management: Developer and Vendor Challenges, an advisory document developed by...more
On September 27, 2023, The U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japanese National Police Agency (NPA), and...more
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously...more
On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022...more
On March 1, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022, which will require critical infrastructure companies to report significant cyber-incidents and all ransom payments to the...more
3/18/2022
/ Biden Administration ,
Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
New Legislation ,
Notice and Comment ,
Proposed Rules ,
Ransomware
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of...more
3/4/2022
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Reporting Requirements
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
2/9/2022
/ China ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Subject Access Requests ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Malware ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
Popular ,
Ransomware ,
Reporting Requirements ,
Russia ,
Ukraine
On January 16, 2022, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a warning regarding destructive malware targeting Ukrainian organizations, including Ukrainian...more
As companies scramble to address the newly exploited, ubiquitous Log4j vulnerability, companies’ actions are now the potential source for government scrutiny. Our Privacy, Cyber & Data Security Team summarizes what the Log4j...more
Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in...more
On December 7, 2021, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 (NDAA), which notably excluded any cybersecurity incident reporting requirements. In September, the House...more
On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” While this advisory...more
Companies face increasingly tough decision points in preparing for and responding to the proliferation of ransomware attacks. Our Privacy, Cyber & Data Strategy Group outlines seven issues for general counsel to consider as...more
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and...more