In July 2021, the U.S. Department of Homeland Security’s Transportation Security Administration announced a new Security Directive requiring owners and operators of certain critical pipelines transporting hazardous liquids and natural gas to implement specific cybersecurity measures.
Continue Reading U.S. Department of Homeland Security Announces Additional Pipeline Cybersecurity Directive

Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

On July 13, 2021, federal bank regulators (the Board of Governors of the Federal Reserve System, the FDIC and the Office of the Comptroller of the Currency) requested public comment on proposed joint guidance regarding banking organizations’ management of risks related to relationships with third-party support and service providers. This blog entry provides highlights on the guidance.
Continue Reading Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

On June 15, 2021, the SEC announced it settled charges against real estate services company First American Financial Corporation (“First American”) for alleged violation of Rule 13a-15(a) of the Exchange Act. The SEC charged First American with failure to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning a software vulnerability that led to a cybersecurity incident was filed with the Commission.

Continue Reading SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure