On May 30, 2023, the Cyberspace Administration of China issued the Guideline for Filing the Standard Contract for Cross-border Transfer of Personal Information.
Continue Reading China Issues Guidelines regarding Filing Standard Contracts for Cross-Border Transfer of Personal Information
Critical Infrastructure
TSA Announces New Cybersecurity Requirements for Airport and Aircraft Operators
On March 7, 2023, the Transportation Security Administration announced the issuance on an emergency basis of a cybersecurity amendment to the security programs of certain TSA-regulated airport and aircraft operators, as part of the U.S. Department of Homeland Security’s initiatives to improve the cybersecurity of U.S. critical infrastructure. …
Continue Reading TSA Announces New Cybersecurity Requirements for Airport and Aircraft Operators
White House Releases National Cybersecurity Strategy
On March 2, 2023, the Biden-Harris Administration announced the release of the National Cybersecurity Strategy.
Continue Reading White House Releases National Cybersecurity Strategy
CISA Releases Cross-Sector Cybersecurity Performance Goals
The Cybersecurity and Infrastructure Security Agency recently released the first iteration of the agency’s Cross-Sector Cybersecurity Performance Goals.
Continue Reading CISA Releases Cross-Sector Cybersecurity Performance Goals
TSA Issues New Railroad Cybersecurity Requirements
On October 18, 2022, the Transportation Security Administration issued a new cybersecurity directive requiring passenger and freight railroad carriers to create plans for responding to cybersecurity incidents. …
Continue Reading TSA Issues New Railroad Cybersecurity Requirements
Cyber Incident Reporting for Critical Infrastructure Act
The Cybersecurity and Infrastructure Security Agency released a Request for Information seeking public input regarding the recently passed Cyber Incident Reporting for Critical Infrastructure Act of 2022. …
Continue Reading Cyber Incident Reporting for Critical Infrastructure Act
Cyber Incident Reporting Language in Omnibus Bill Headed to President Biden’s Desk
On March 11, 2022, the U.S. Senate passed an omnibus spending bill that includes language which would require certain critical infrastructure owners and operators to notify the federal government of cybersecurity incidents in specified circumstances. President Biden has until March 15, 2022, to sign the bill. This blog entry provides a summary of the bill.
Continue Reading Cyber Incident Reporting Language in Omnibus Bill Headed to President Biden’s Desk
U.S. Senate Unanimously Passes Cybersecurity Legislation Requiring 72 Hour Cyber Incident Notification
On March 2, 2022, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022 (“SACA” or the “Bill”). The Bill is now with the House of Representatives for a vote and, if passed, will be sent to President Biden’s desk for signature.
…
Continue Reading U.S. Senate Unanimously Passes Cybersecurity Legislation Requiring 72 Hour Cyber Incident Notification
U.S. Senators Introduce Bipartisan Bill on Reporting Critical Infrastructure Cyber Incidents and Ransomware Payments
On September 28, 2021, Senators Gary Peters and Rob Portman, respectively Chairman and Ranking Member of the Homeland Security and Government Affairs Committee, introduced a bipartisan bill that would require owners and operators of critical infrastructure to notify the Director of the Cybersecurity and Infrastructure Security Agency within 72 hours of having a reasonable belief that a covered cyber incident has occurred.
Continue Reading U.S. Senators Introduce Bipartisan Bill on Reporting Critical Infrastructure Cyber Incidents and Ransomware Payments
DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms