Commerce Releases Rule for Reviewing Technology Transactions, Identifies Six Countries as “Foreign Adversaries”
On January 14, 2021, the U.S. Department of Commerce (Department) released an interim final rule to implement President Trump’s 2019 Executive Order (EO) on “Securing the Information and Communications Technology and Services Supply Chain” (EO 13873). This rule establishes the processes and procedures that the Secretary of Commerce (Secretary) will use to identify, assess, and address certain […]
HITECH Act Amendment Incentivizes Adoption of NIST and Other Recognized Cybersecurity Safeguards as a...
On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit results or […]
On 16 December 2020, the European Commission adopted a proposal for a Directive on measures for a high common level of cybersecurity across the Union (“NIS II Directive”) that revises the current Directive on Security of Network and Information Systems (“NIS Directive”). As part of its new EU Cybersecurity Strategy, launched on the same day, […]
In addition to releasing the new EU Cybersecurity Strategy before the holidays (see our post here), the Commission published a revised Directive on measures for high common level of cybersecurity across the Union (“NIS2”) and a Directive on the resilience of critical entities (“Critical Entities Resilience Directive”). In this blog post, we summarize key points […]
Although it was already apparent, recent events have made it even clearer that cybersecurity is an essential concern for government contractors. The coming year...
In a guest post on D&O Diary, McDermott, Will & Emery partner Paul Ferrillo discusses how the SolarWinds compromise could have important implications for the cyber insurance marketplace. Ferrillo notes the failure of DHS’s Einstein threat detection system to flag the malicious code inserted into federal networks via SolarWinds Orion product, and describes how hackers […]
On January 13, the FCC published its final supply chain security rule implementing the Secure and Trusted Communications Networks Act of 2019. The rule is the most recent action in the FCC’s existing proceeding Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs. Of particular note, it requires any provider of […]
In reviewing 15 large software development programs underway in the Defense Department, congressional auditors found that cyber concerns have the potential to stretch out projects or boost costs. The director of the information technology and cybersecurity team at the Government Accountability Office, Kevin Walsh, joined “Federal Drive” with more details. Source: Federal News Network: Cyber […]
The Defense Department has halted deployment of a long-overdue $2 billion cybersecurity project intended to detect intrusions and prevent attacks on its classified-level networks. Since 2016, systems tests have continually shown that the program is “unable to help network defenders protect DoD component networks against operationally realistic cyber attacks,” according to the project’s testing chief. […]
The Department of Energy’s Office of Inspector General conducted an audit to determine whether an unidentified DOE site effectively manages its cybersecurity program. OIG identified “several areas of immediate concern related to vulnerability management and the authorization of information system operations,” and alerted site management to them. The site is not identified due to the […]