Cyber

SolarWinds CEO Sudhakar Ramakrishna, in advance of testimony to Congress about the company's role in recent breaches of federal agencies, has suggested allowing victims...

Senator Mark Warner (D-VA), chair of the Senate Select Committee on Intelligence, is asking the FBI and EPA for more information about the cybersecurity breach earlier this month, during which hackers tried to add dangerous amounts of lye to drinking water at a treatment facility in Florida. CISA reported that they gained access through a […]

Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, is joining the Department of Homeland Security as senior counselor for cybersecurity to Secretary Alejandro Mayorkas, a political appointment. Maurer recently finished a project with the World Economic Forum that concluded the global financial system was vulnerable to severe disruption […]

The Cybersecurity and Infrastructure Security Agency acting executive director Brandon Wales has announced appointees to three key positions: Nitin Natarajan, formerly a director at Avantus Federal, will serve as deputy director. He will oversee the Cybersecurity and Infrastructure divisions, as well as the National Risk Management Center and the Emergency Communications Division. Eric Goldstein, who […]

Against the backdrop of the disruptions associated with the Covid-19 pandemic and SolarWinds cyber-espionage campaign, NYDFS has released guidance for insurers that underwrite cyber insurance policies and which contains a number of provisions expected to impact companies applying for or renewing cyber insurance coverage, not the least of which is a specific recommendation that insurers […]

In a new post, Morgan Lewis partner Ezra Church, who counsels and defends companies in privacy and cybersecurity matters, discusses the impact of the California Consumer Privacy Act on US privacy law. Church is a Certified Information Privacy Professional (CIPP) and co-chair of the firm’s Class Action Working Group, and he recently helped lead the […]

One of the most notable features of the new California Consumer Privacy Rights Act (CPRA) and the proposed Virginia Consumer Data Protection Action (VCDPA)—which has now passed both houses of the Virginia legislature—is the establishment of special categories of “sensitive” information. Those categories are broadly defined in both the CPRA and the proposed VCDPA, capturing […]

Language from the DoD's Cybersecurity Maturity Model Certification has been included in GSA's latest governmentwide acquisition contracts (GWACs), starting with the request for proposals...

A new publication from the National Institute of Standards and Technology (NIST) provides companies, government agencies, and other organizations with a set of practices that any organization can use to manage growing cybersecurity risks associated with their supply chains. NIST researched and compiled these practices knowing that organizations can no longer protect themselves by simply securing their […]

The General Services Administration has launched a newly revamped FedRAMP website. FedRAMP, a part of the Technology Transformation Services, redesigned its website “to further empower agencies to use innovative cloud technologies and to continue driving security and protection of federal information.” The website provides in-depth information about FedRAMP’s authorization process, enabling stakeholders and customers to […]