Connecticut Provides Safe Harbor for Breach Victims Who Followed Standards
On July 6, 2021, Connecticut enacted a new law that creates a safe harbor for companies that followed certain cybersecurity protocols, in the event there’s a security breach. The law is similar to the one Ohio enacted in 2018. Both laws apply to “covered entities” that possess “personal information” and suffer a “breach of security […]
Department of Defense’s CMMC: Where Is It Now?
Intended to be a unifying standard for the implementation of cybersecurity across the defense industrial base (DIB), the CMMC’s requirements are already being felt...
Bipartisan Bill Requires 24-Hour Reporting of Cyber Incidents
Senators Mark Warner (D-VA), Marco Rubio (R-FL), and Susan Collins (R-ME) have introduced the Cyber Incident Notification Act, which would set a 24-hour deadline for infrastructure operators, federal contractors, and federal agencies to report ransomware attacks, cybersecurity breaches, and possibly even “potential” intrusions. Reporting would shield private sector entities from liability, but CISA would be […]
Bill Would Expand FTC’s Mission into International Ransomware
Representative Gus Bilirakis (R-FL), the ranking Republican on the House Energy and Commerce consumer protection subcommittee, has introduced a bill to require the FTC to report the number of ransomware and cyberattack-related complaints it receives, and how it cooperated with international law enforcement to respond to them. The FTC would also be directed to recommend […]
Completed White House Cyber Team May Be “Too Many Cooks”
The Senate-delayed confirmation of Jen Easterly as head of the Cybersecurity and Infrastructure Security Agency fills the last of several positions in the Biden Administration focused on national cybersecurity. She joins General Paul Nakasone as head of the National Security Agency and Cyber Command; Anne Neuberger as deputy national security adviser for cyber and emerging […]
NIST Outlines Security Measures and Testing Standards for Software
As ordered by the White House in May, the National Institute of Standards and Technology has identified security measures for the use of critical software, and recommended minimum standards for software vendors to test their products before offering them to the government. The Office of Management and Budget must now require federal agencies to implement […]
Considerations for Updating Standard Contractual Clauses
On June 4, 2021, the European Commission adopted its long-anticipated updated Standard Contractual Clauses for use by organizations transferring personal data outside of the European Economic Area to third countries that do not provide adequate protections in respect of personal data. In this post, Morgan Lewis looks at some of the things that organizations will […]
Is the TSA Security Directive a Harbinger of Oil and Gas Cybersecurity Regulations?
In the weeks that followed a ransomware attack on a domestic pipeline company, the federal government’s efforts to shore up the cybersecurity posture of...
Legislation Seeks to Strengthen DHS Cyber Workforce, Manage Tech Acquisitions
Representative Bennie Thompson (D-MS), chair of the House Homeland Security Committee, has introduced legislation to make changes within DHS, invest in workforce training, and enact a number of additional cyber measures. Some observers – including former CISA director Chris Krebs – have suggested that the Cybersecurity and Infrastructure Security Agency, which enjoys bipartisan support, be […]
DOL Begins Audit of Retirement Plans for Cybersecurity Shortfalls
To increase protections for the estimated $9.3 trillion in American retirement assets, the Department of Labor has begun a new cybersecurity audit initiative for retirement plans. After providing its first set of guidance on cybersecurity in April, the DOL quickly began the audit initiative by issuing information and document requests to numerous 401(k) plan fiduciaries. […]