DHS and Cyber: What Should Companies Expect?
On April 30, 2024 the White House updated the foundational U.S. government policy that defines critical infrastructure (CI) sectors and establishes a coordination structure within the federal government to support owners and...more
On April 30, 2024, the White House announced that President Biden signed a new critical infrastructure memorandum, titled National Security Memorandum on Critical Infrastructure Security and Resilience ("NSM-22"). This new...more
In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt...more
On May 24, 2023, Microsoft announced the detection of a direct threat to critical infrastructure organizations in Guam and elsewhere in the United States. The alert attributed observed malicious activity to a state-sponsored...more
On September 19, 2023, the Department of Homeland Security (DHS) released a Report to Congress (Report) on the Harmonization of Cyber Incident Reporting to the Federal Government. The Report reflects on the 52 in-effect or...more
Background: In March 2022, President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) into law, ushering in a new era of enhanced cybersecurity measures. This legislation...more
On May 23, 2023, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware...more
On March 1, 2023, the White House released a new National Cybersecurity Strategy (the Strategy) documenting the Biden-Harris administration’s approach to improving cybersecurity across the digital ecosystem. The Strategy...more
On March 2, 2023, the White House Office of the National Cyber Director (ONCD) released the National Cybersecurity Strategy (“Strategy”). The Strategy outlines the Administration’s priorities for cyber regulations and policy....more
With cybersecurity risks increasing and evolving moving into 2023, the federal government is taking steps to help secure our cyber infrastructure. The recent passing of the 2023 omnibus spending agreement included additional...more
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more
A proposed $1M civil penalty against Colonial Pipeline for its procedural failures during a ransomware attack could indicate what’s in store for critical infrastructure operators who fail to keep employees up to date on how...more
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The enactment of CIRCIA follows attacks on critical infrastructure, such as the May 2021...more
For just shy of a decade, the Defense Industrial Base (DIB) has had to operate under rules dictating the safeguarding of Controlled Unclassified Information, along with a strict 72-hour notification requirement if/when/should...more
Cybersecurity has emerged as a tangible risk for transportation service providers over the course of the last year. Ransomware attacks on domestic industry and critical infrastructure, and tensions associated with the Russian...more
What You Need to Know- •President Biden has called upon private sector businesses to take specific steps to implement certain “best practices” aimed at minimizing their cybersecurity risks in light of heightened concerns...more
Privacy In Focus®- In 2021, cyber gained prominence as a top business risk and national security concern with ransomware attacks wreaking havoc on business operations and critical infrastructure. Companies large and small,...more
What: The Transportation Security Administration (TSA) has issued two Security Directives aimed at passenger and freight railroad cybersecurity, continuing the government’s move to an increasingly regulatory approach to...more
The Cybersecurity and Infrastructure Security Agency (CISA) issued a sweeping binding directive to federal agencies to patch hundreds of cybersecurity vulnerabilities that are considered major risks for cyber actors to cause...more
The federal government is seeking to increase cybersecurity in critical infrastructure industries through the implementation of a voluntary Industrial Control Systems Cybersecurity Initiative (Initiative), while the US House...more
President Biden's Executive Order calls for an extensive reassessment and revamping of the federal government's cybersecurity defenses and incident response capabilities, establishing benchmarks that may inform standards...more
On May 27, 2021, against the backdrop of the Colonial Pipeline cybersecurity incident, the Department of Homeland Security’s Transportation Security Administration (“TSA”) announced Security Directive Pipeline-2021-01...more
On May 27, the Department of Homeland Security’s Transportation Security Administration announced a Security Directive designed to “better identify, protect against, and respond to threats to critical companies in the...more
On Wednesday, May 12, 2021, President Biden issued an ambitious and sweeping Executive Order focused on combating digital threats to US networks and infrastructure. The Executive Order on Improving the Nation’s Cybersecurity...more
On April 20, 2021, the U.S. Department of Energy (DOE or the “Department”) issued an order revoking its Prohibition Order Securing Critical Defense Facilities, issued December 17, 2020. DOE’s actions come exactly 90 days...more