On April 28, 2022, India issued new guidance relating to “information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.”
Continue Reading India to Require Cybersecurity Incident Reporting Within Six Hours
Ransomware
North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. …
Continue Reading North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
Cyber Incident Reporting Language in Omnibus Bill Headed to President Biden’s Desk
On March 11, 2022, the U.S. Senate passed an omnibus spending bill that includes language which would require certain critical infrastructure owners and operators to notify the federal government of cybersecurity incidents in specified circumstances. President Biden has until March 15, 2022, to sign the bill. This blog entry provides a summary of the bill.
Continue Reading Cyber Incident Reporting Language in Omnibus Bill Headed to President Biden’s Desk
U.S. Senate Unanimously Passes Cybersecurity Legislation Requiring 72 Hour Cyber Incident Notification
On March 2, 2022, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022 (“SACA” or the “Bill”). The Bill is now with the House of Representatives for a vote and, if passed, will be sent to President Biden’s desk for signature.
…
Continue Reading U.S. Senate Unanimously Passes Cybersecurity Legislation Requiring 72 Hour Cyber Incident Notification
Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act
On January 28, 2022, in celebration of Data Privacy Day, the Colorado Attorney General’s Office issued prepared remarks from Colorado Attorney General Phil Weiser and published guidance on data security best practices, including discussing his office’s plans for implementing the Colorado Privacy Act.
Continue Reading Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act
Russian Federal Security Service Reportedly Detains Members of REvil Ransomware Group
On January 14, 2022, the Russian Federal Security Service detained members of the REvil ransomware group at the request of the United States, according to public press reports.
…
Continue Reading Russian Federal Security Service Reportedly Detains Members of REvil Ransomware Group
U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware
On November 14, 2021, the U.S. Department of the Treasury announced a bilateral cybersecurity partnership with the Israeli Ministry of Finance “to protect critical financial infrastructure and emerging technologies” and combat the use of ransomware. The initiative includes the launch of a U.S.-Israeli Task Force on Fintech Innovation and Cybersecurity (the “Task Force”), which seeks to advance the twin goals of encouraging fintech innovation while protecting against cyber threats from nation-state and criminal actors.
Continue Reading U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware
FTC Recommends Steps to Protect Against Ransomware
On November 5, 2021, the Federal Trade Commission suggested two preventative steps small businesses can take to protect against ransomware risks. This post provides a summary of the steps.
Continue Reading FTC Recommends Steps to Protect Against Ransomware
Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies
On November 8, 2021, law enforcement agencies in both the United States and European Union announced that a series of actions, including a number of arrests, were taken against the Russia-linked ransomware group, “REvil.” …
Continue Reading Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies
DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms