Cybersecurity and Infrastructure Security Agency

On March 27, 2024, the U.S. Cybersecurity and Infrastructure Agency released an unpublished Notice of Proposed Rulemaking (“NPRM”) pursuant that would require covered entities to report (1) qualifying cyber incidents, (2) ransom payments made in response to a ransomware attack, and (3) any substantially new or different information discovered related to a previously submitted report to CISA. The NPRM will be officially published on April 4, 2024, and comments are due by June 3, 2024.
Continue Reading U.S. Cybersecurity and Infrastructure Agency Releases Proposed Rules on Breach Reporting Requirements

On November 27, 2023, the UK government announced the first global guidelines to ensure the secure development of AI technology, which were developed by the UK National Cyber Security Centre and the U.S. Cybersecurity and Infrastructure Security Agency, in cooperation with industry experts and other international agencies and ministries.
Continue Reading UK and U.S. Develop Global Guidelines for AI Security

On June 21, 2022, President Biden signed into law, the State and Local Government Cybersecurity Act of 2021 and the Federal Rotational Cyber Workforce Program Act, two bipartisan bills aimed at enhancing the cybersecurity postures of the federal, state and local governments.
Continue Reading President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

On January 4, 2022, the Federal Trade Commission published a blog post reminding companies that “the duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act,” in response to Log4Shell’s public disclosure of the Log4j vulnerability.
Continue Reading FTC Puts Companies on Notice that Failure to Identify and Patch Instances of Log4j May Violate FTC Act