Friday, January 22, 2021

Subscribers Only

Free

Commerce Releases Rule for Reviewing Technology Transactions, Identifies Six Countries as “Foreign Adversaries”

On January 14, 2021, the U.S. Department of Commerce (Department) released an interim final rule to implement President Trump’s 2019 Executive Order (EO) on “Securing the Information and Communications Technology and Services Supply Chain” (EO 13873). This rule establishes the processes and procedures that the Secretary of Commerce (Secretary) will use to identify, assess, and address certain […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

HITECH Act Amendment Incentivizes Adoption of NIST and Other Recognized Cybersecurity Safeguards as a...

On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit results or […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

European Commission Proposes Reinforcement of EU Cybersecurity Rules

On 16 December 2020, the European Commission adopted a proposal for a Directive on measures for a high common level of cybersecurity across the Union (“NIS II Directive”) that revises the current Directive on Security of Network and Information Systems (“NIS Directive”). As part of its new EU Cybersecurity Strategy, launched on the same day, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Proposed New EU Cyber Rules Introduce More Onerous Requirements and Extend to More Sectors

In addition to releasing the new EU Cybersecurity Strategy before the holidays (see our post here), the Commission published a revised Directive on measures for high common level of cybersecurity across the Union (“NIS2”) and a Directive on the resilience of critical entities (“Critical Entities Resilience Directive”). In this blog post, we summarize key points […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Top Cybersecurity Considerations for Government Contractors in 2021

Although it was already apparent, recent events have made it even clearer that cybersecurity is an essential concern for government contractors. The coming year...

Guest Post: SolarWinds – Einstein Failed Us, and the Cyber Insurance Markets will Feel...

In a guest post on D&O Diary, McDermott, Will & Emery partner Paul Ferrillo discusses how the SolarWinds compromise could have important implications for the cyber insurance marketplace. Ferrillo notes the failure of DHS’s Einstein threat detection system to flag the malicious code inserted into federal networks via SolarWinds Orion product, and describes how hackers […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

FCC Publishes Rule Requiring Certification Against Chinese Tech Providers

On January 13, the FCC published its final supply chain security rule implementing the Secure and Trusted Communications Networks Act of 2019. The rule is the most recent action in the FCC’s existing proceeding Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs. Of particular note, it requires any provider of […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DoD Major IT Programs Experience Delays, Sometimes Major Cost Increases

In reviewing 15 large software development programs underway in the Defense Department, congressional auditors found that cyber concerns have the potential to stretch out projects or boost costs. The director of the information technology and cybersecurity team at the Government Accountability Office, Kevin Walsh, joined “Federal Drive” with more details. Source: Federal News Network: Cyber […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Pentagon’s $2 Billion Cybersecurity Project Failing Effectiveness Tests

The Defense Department has halted deployment of a long-overdue $2 billion cybersecurity project intended to detect intrusions and prevent attacks on its classified-level networks. Since 2016, systems tests have continually shown that the program is “unable to help network defenders protect DoD component networks against operationally realistic cyber attacks,” according to the project’s testing chief. […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Audit of Department of Energy Site Finds Numerous Cybersecurity Management Issues

The Department of Energy’s Office of Inspector General conducted an audit to determine whether an unidentified DOE site effectively manages its cybersecurity program. OIG identified “several areas of immediate concern related to vulnerability management and the authorization of information system operations,” and alerted site management to them. The site is not identified due to the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.