Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemaking (“Proposed Rule”) related to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) was released on the Federal Register website. …
Category: Federal
Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations. OFAC is also designating Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ,for…
FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to an FCC Report and Order (the “Order”). Their previous blog post explained the Rules: Pursuant to the…
Biden’s new data security order leaves industry officials, privacy advocates scratching their heads
David DiMolfetta reports: A new White House directive that gives agencies the legal power to prevent Americans’ sensitive data from falling into the hands of foreign adversaries is getting mixed reviews, with industry executives saying it could risk muddling current data flow mechanisms and privacy advocates contending it doesn’t go far enough to address potential abuses at…
Message to the Congress on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
TO THE CONGRESS OF THE UNITED STATES: Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I hereby report that I have issued an Executive Order that expands the scope of the national emergency…
NIST Publishes Final “Cybersecurity Resource Guide” on Implementing the HIPAA Security Rule
Jennifer Hennessy and Christopher Taylor of Foley & Lardner write: In an important development for HIPAA-regulated entities looking for practical assistance in understanding, implementing, and enhancing compliance with the HIPAA Security Rule, the National Institute of Standards and Technology (NIST) has finalized its comprehensive guidance, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A…