Cyber

On January 19, Commerce published an interim final rule (IR) which, effective March 22, 2021, will implement the May 15, 2019 Executive Order 13873 that relied on the International Emergency Economic Powers Act (IEEPA) to authorize sweeping power to block or undo any transaction – including use, purchases or importation – of virtually any “information and communications technology […]

While the Cybersecurity Maturity Model Certification system was being rolled out over the same time period that the SolarWinds breach was affecting agencies and contractors, Katie Arrington, CISO for the Office of the Undersecretary of Defense for Acquisition and Sustainment, says that companies compromised by the incident will not be penalized for falling victim to […]

Federal agencies affected by the SolarWinds cybersecurity fiasco – and there are several of them, at least – are under a new deadline. Policy from the Cybersecurity and Infrastructure Security Agency gives them until the end of the month to complete forensic analysis and to harden their systems. Michael Hamilton, former vice chairman of the […]

As part of his $1.9 trillion COVID relief proposal to Congress, President Joe Biden calls the need to upgrade the federal IT infrastructure “an urgent national security issue,” and requests that the Technology Modernization Fund receive a 3,600% increase over 2020, to $9 billion. The TMF has received $150 million since established in 2017. Biden […]

Incoming President Joe Biden has named Rob Joyce, currently the NSA’s liaison at the U.S. Embassy in London, as director in the agency’s Cybersecurity Directorate. Joyce would replace Anne Neuberger, its first head, whom Biden has picked for a new cybersecurity position on the National Security Council. Joyce was previously a senior advisor for cybersecurity […]

As we have written previously, the FAR Council has issued a number of interim rules designed to align the Federal Acquisition Regulation (FAR) with the prohibitions contained at Part A and Part B of Section 889 of the FY19 National Defense Authorization Act. Those who have been following these developments know that Section 889 Part […]

Anne Neuberger, the NSA’s cybersecurity director, has been nominated as deputy national security adviser for cyber and emerging technology, a member of the National Security Council. Neuberger previously lead NSA’s task force to counter Russian threats to U.S. elections (“the Russia Small Group”), and has overseen cyber-operations as NSA’s assistant deputy director of the Operations […]

In Part II of this series, California-based Ali Baiardo, and London-based Alice O’Donovan, continue their comparison of the GDPR and California privacy law. NEW DATA PROTECTION PRINCIPLES AND OBLIGATIONS ON BUSINESSES a. Key data protection principles The GDPR revolves around seven key data protection principles: Lawfulness, fairness and transparency; Purpose limitation; Data minimisation; Accuracy; Storage […]

The Department of Defense (DoD) recently implemented additional procedures for the mitigation of cybersecurity risks in its supply chain. Designed to identify and mitigate cybersecurity and related supply chain risks throughout a program’s lifecycle, DoD Instruction 5000.90, Cybersecurity Acquisition Decision Authorities and Program Managers, requires program managers to: Assess contractors’ cybersecurity posture, including, where applicable, […]

Over the new year, Congress overrode President Trump’s veto to enact into law the National Defense Authorization Act (NDAA) for fiscal 2021—an annual piece of legislation that lays out the budget, expenditures and policies of the Pentagon for the upcoming year. This year’s NDAA also contains numerous cyber-related provisions, among them § 1752, which establishes […]