On June 21, 2022, President Biden signed into law, the State and Local Government Cybersecurity Act of 2021 and the Federal Rotational Cyber Workforce Program Act, two bipartisan bills aimed at enhancing the cybersecurity postures of the federal, state and local governments.
Continue Reading President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events.
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

The National Information Security Standardization Technical Committee of China recently issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities. This blog entry provides a summary of the Guidelines.
Continue Reading China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities

On May 16, 2022, the U.S. Department of State, U.S. Department of Treasury, and the Federal Bureau of Investigation issued combined guidance on efforts by North Korean nationals to secure freelance engagements as remote information technology workers by posing as non-North Korea nationals.
Continue Reading U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea

On April 8, 2022, the Food and Drug Administration issued Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, a draft guidance document for industry and FDA staff. Industry stakeholders will have until July 7, 2022 to comment on the proposed guidance.
Continue Reading FDA Issues Draft Cybersecurity Guidance for Medical Devices