On November 14, 2021, the U.S. Department of the Treasury announced a bilateral cybersecurity partnership with the Israeli Ministry of Finance “to protect critical financial infrastructure and emerging technologies” and combat the use of ransomware. The initiative includes the launch of a U.S.-Israeli Task Force on Fintech Innovation and Cybersecurity (the “Task Force”), which seeks to advance the twin goals of encouraging fintech innovation while protecting against cyber threats from nation-state and criminal actors.
Continue Reading U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware

On November 8, 2021, law enforcement agencies in both the United States and European Union announced that a series of actions, including a number of arrests, were taken against the Russia-linked ransomware group, “REvil.”
Continue Reading Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies

On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments on the sanctions risks associated with facilitating ransomware payments. OFAC, with assistance from the FBI, also designated SUEX OTC, S.R.O., as a malicious cyber actor, the first such sanctions designation against a virtual currency exchange.
Continue Reading OFAC Again Says Beware of Sanctions When Making Ransomware Payments and Designates Virtual Currency Exchange as Malicious Cyber Actor

In July 2021, the U.S. Department of Homeland Security’s Transportation Security Administration announced a new Security Directive requiring owners and operators of certain critical pipelines transporting hazardous liquids and natural gas to implement specific cybersecurity measures.
Continue Reading U.S. Department of Homeland Security Announces Additional Pipeline Cybersecurity Directive

On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

The New York Department of Financial Services, which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework”, calling on insurers to take more stringent measures in underwriting cyber risks. In the Guidelines, NYDFS cites the 2020 SolarWinds attack as an example of how managing growing cyber risk is “an urgent challenge for insurers.”
Continue Reading New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control issued an advisory alerting companies of potential sanctions risks related to facilitating ransomware payments.
Continue Reading U.S. Department of the Treasury Issues Advisory Warning that Ransomware Payments May Violate OFAC Sanctions

In a recent podcast by Never Stop Learning, Hunton partner Lisa Sotto and Eric Friedberg of Stroz Friedberg and Aon’s Cyber Solutions Group discussed “Cybersecurity: How Concerned Should We Be?” We broke down the podcast into a three-part series.
Continue Reading NSL Podcast Series: Part 1 on Cybersecurity and Protecting “the Keys to the Kingdom”