DOE Updates its 2012-Vintage Cybersecurity Capability Maturity Model
The Department of Energy has released version 2 its Cybersecurity Capability Maturity Model (C2M2), a tool initially released in 2012 to help companies evaluate...
DoD Group Can Identify Vulnerabilities of Defense Contractors
The Defense Industrial Base Collaborative Information Sharing Environment (DCISE), part of the Defense Cyber Crime Center, is partnering with industry to identify cyber vulnerabilities in the defense industrial base. Federal Drive spoke in more detail with DCISE chief Mike Weiskopff. “We take open source information, information that anybody can acquire, to include the adversary and […]
Congress Working on a Variety of Cybersecurity Bills
Several cybersecurity-related bills are making their way through the U.S. House of Representatives and/or Senate. The House Energy and Commerce Committee has approved eight bills that focus in various ways on the cybersecurity of mobile telecom networks: Understanding Cybersecurity of Mobile Networks Act – Calls for a congressional report on cybersecurity of mobile service networks. […]
Retailer’s Investigative Report of Data Breach Subject to Discovery
A federal judge has ruled that an investigative report of a data security breach is not covered by attorney-client and work product privilege, because it was not prepared for litigation purposes. Following a May 2019 malware attack exposing customer information, convenience store chain Rutter’s hired Kroll Cyber Security to do a forensic investigation to determine […]
California AG Enlists Residents to Send CCPA Noncompliance Letters
On July 19, California’s recently appointed Attorney General, Rob Bonta, launched an interactive tool to aid consumers with drafting notices of noncompliance for businesses who fail to publish the “Do Not Sell My Personal Information” link required by the California Consumer Privacy Act. According to the AG, the consumer notice “may trigger” the 30-day cure […]
California AG Releases Important CCPA Enforcement Information and Announces an Online Consumer Reporting Tool
To note the one year anniversary of the California Consumer Privacy Act enforcement date, California Attorney General Rob Banta held a press conference to share key information about enforcement efforts and announce a new consumer privacy tool. There are two key takeaways from this announcement. First, it is important to note that the AG’s office […]
China Plans Cybersecurity Review for Tech Companies Listing Abroad
On July 10, 2021, the Cyberspace Administration of China, China’s top cyberspace regulator, published for public comment proposed amendments to existing Measures for Cybersecurity Review, which have been in effect since June 1, 2020. In this alert, Ropes & Gray focuses on the proposed changes, which could impact how foreign investors exit from their investments […]
U.S. Congress Introduces Bill That Would Require Mandatory 24-Hour Cyber Breach Notification for Government...
U.S. Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and a broad group of bipartisan co-sponsors, introduced legislation that would require government...
Second Security Directive Issued by TSA to Pipeline Operators
The U.S. Transportation Security Administration (TSA) issued its second Security Directive to the pipeline industry on July 20, 2021, following the Colonial Pipeline cybersecurity incident. The first Directive on May 27, 2021, required pipeline owners and operators to notify CISA of cyber incidents, designate a cyber coordinator for the company, and review their cybersecurity program. […]
Kaseya Obtains Decryption Tool
Three weeks after falling victim to a ransomware attack, software vendor Kaseya obtained a universal decryption key that can help its clients recover any locked data. It is unclear whether Kaseya paid a ransom for the key, but the ransomware gang had lowered its initial ransom request and then later disappeared from the internet and […]