Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

SEC Enforcement’s Annual Report Prioritizes Retail Investors, Cryptocurrency, Cybercrime, and Individual Accountability

The Enforcement Division of the United States Securities and Exchange Commission (“SEC”) recently released its annual enforcement report (“Report”) for fiscal year 2018. The Report reflects an increased focus on retail investors, cryptocurrency, cybercrime, and individual accountability. Further, it showcases that SEC enforcement continues to be robust under the Trump administration, despite industry and media … Continue Reading

The List of Forbidden Products Grows: The NDAA’s Prohibitions on Use of Certain Chinese-Made Equipment

The 2019 National Defense Authorization Act (“NDAA”) imposes new restrictions on procurements for telecommunications equipment or services based on ties to certain Chinese entities, thereby growing the list of forbidden products for contractors. Specifically, Section 889 prohibits executive-branch agencies from initiating procurements or entering into contracts for certain telecommunications equipment or services from companies associated … Continue Reading

Fool Me Twice…SEC’s latest Cyber-Fraud ROI Indicates Future Enforcement Against Hacker Victims

In the aftermath of the Securities and Exchange Commission’s (“SEC”) latest Report of Investigation (“Report”) regarding cyberattacks via “spoofed or manipulated electronic communications,” companies should prepare to adjust and update their internal controls or face possible enforcement actions for violation of federal securities law.  Released as a warning to public companies about recent cyberattacks, the Report’s … Continue Reading

You Might Be an Inside Trader If…You Trade on Your Unconfirmed Suspicions of a Cybersecurity Event Prior to Its Public Revelation or Disclosure

Earlier this year, the SEC released cybersecurity guidance addressing, among other things, the risk of insider trading in the event of a data breach. This risk comes in multiple forms, including the intruders trading on stolen information and insiders trading on the knowledge of the breach itself. The SEC demonstrated its willingness to address the … Continue Reading

NIST Releases Highly-Anticipated Draft Special Publication on Assessing the Security Requirements in NIST SP 800-171 for Controlled Unclassified Information (CUI)

Pursuant to DFARS 252.204-7012, DoD contractors are to implement the security requirements in NIST Special Publication (SP) 800-171 by December 31, 2017. NIST SP 800-171 includes security requirements for protecting Controlled Unclassified Information (CUI) in nonfederal systems and is expected soon to be required under civilian agency contracts through a forthcoming FAR case. On November … Continue Reading

Achieving Cyber-Fitness In 2017: Part 5—Cyber Incident Reporting And Response

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. As discussed in parts 1–4 of this series, the Defense Federal Acquisition Regulation Supplement cybersecurity clause, Safeguarding Covered Defense Information and Cyber … Continue Reading

Achieving Cyber-Fitness In 2017: Part 4—Subcontracts, Joint Ventures And Teaming Agreements

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. Our “Cyber-Fitness” series thus far has focused on a contractor’s individual obligations and best practices for compliance with the Federal Acquisition Regulation … Continue Reading

Achieving Cyber-Fitness in 2017: Part 3—Proving Compliance and the Role of Third-Party Auditors

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. The Department of Defense final rule for safeguarding covered defense information requires contractors to implement the security controls in National Institute of … Continue Reading

Presidential Executive Order on Cybersecurity: No More Antiquated IT

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and … Continue Reading

Achieving Cyber-Fitness In 2017: Part 2—Looking Beyond The FAR And DFARS— Other Safeguarding And Reporting Requirements

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. In Part 1, we discussed the cybersecurity requirements applicable to federal contract information under Federal Acquisition Regulation 52.204-21(b)(1) and covered defense information … Continue Reading

Achieving Cyber-Fitness In 2017: Part 1—Planning For Compliance

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. It is a new year, which means New Year’s resolutions for roughly 50 percent of Americans. Most vow to lose weight … Continue Reading

New York State Department of Financial Services Cybersecurity Regulation Poised to Reshape Existing Regulatory Landscape

In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”).  While the revisions pare back some of the DFS Rule’s original requirements and add some much needed flexibility, the regulation will still impose many new obligations upon a wide array of financial institutions doing business … Continue Reading

New York State Department of Financial Services Proposes Cybersecurity Regulations for Financial Services Companies

If the New York State Department of Financial Services (“DFS”) has its way, come January 1, 2017, financial services companies that require a form of authorization to operate under the banking, insurance, or financial services laws (“Covered Entities”) will be required to comply with a new set of comprehensive cybersecurity regulations aimed at safeguarding information … Continue Reading

Insider Threat Programs – A New Challenge for Cleared Contractors

On May 18, 2016, the Department of Defense issued Conforming Change 2 of the “National Industrial Security Operating Manual” (“NISPOM”).   NISPOM Change 2 requires all U.S. government contractors who require access to U.S. classified information to implement an Insider Threat Program (“ITP”) that will gather, integrate and report relevant information related to potential or actual … Continue Reading

SEC Steps Up Cybersecurity Enforcement with $1 Million Fine Against Morgan Stanley

The Securities and Exchange Commission’s (“SEC”) recent $1 million settlement with Morgan Stanley Smith Barney LLC (“MSSB”) marked a turning point in the agency’s focus on cybersecurity issues, an area that the agency has proclaimed a top enforcement priority in recent years.  The MSSB settlement addressed various cybersecurity deficiencies that led to the misappropriation of … Continue Reading

It’s Arrived! FAR Final Rule Addressing “Basic Safeguarding of Contractor Information Systems”

After nearly four years of planning and comments, DoD, GSA, and NASA issued a final rule today amending the Federal Acquisition Regulations (“FAR”) with a new Subpart 4-19 and a new contract clause 52.204-21 addressing the basic safeguarding of contractor information systems.  Applicable to all acquisitions, including commercial items other than commercial off-the-shelf items (“COTS”), … Continue Reading

To Share or Not to Share (with the Government)? That is the Question: DHS Announces Interim Guidelines for Sharing Cyber Threat Indicators

On February 16, 2016, Secretary of Homeland Security Jeh Johnson announced interim guidelines and procedures for sharing cyber threat indicators under the Cybersecurity Information Sharing Act of 2015 (“CISA”). Because the guidelines are voluntary, the next question is, should your company share information with the Government?… Continue Reading

DoD Reveals its Cybersecurity Discipline Implementation Plan (or How 1940s War Department VD Training Can Help Your 21st Century Cyber Hygiene)

“If our country is to successfully defend our right to live the American way, it needs every one of you, and requires you in the best possible condition. Any [company] who willfully, or through neglect fails to maintain [their systems] in this condition is a ‘shirker’ who is throwing an extra burden on his comrades … Continue Reading

Department of Defense Provides Government Contractors a Grace Period for Compliance with Key Cybersecurity Requirements

In response to industry concerns and comments, on December 30, 2015, the Department of Defense issued a new interim rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity rules promulgated in August.  Specifically focusing on provision 252.204–7008, Compliance with Safeguarding Covered Defense Information Controls, and DFARS 252.204–7012, Safeguarding Covered Defense Information and Cyber Incident … Continue Reading

It’s (Not) Academic: Cybersecurity Is a Must for Universities and Academic Medical Centers

Cutting-edge research institutions need cutting-edge cybersecurity to protect their IP and critical personal and financial data.  Universities hold vast repositories of valuable information, including student healthcare information, patient information from academic medical centers, and financial and personal data from applicants, donors, students, faculty, and staff. So it’s no surprise hackers have been targeting universities lately—in … Continue Reading

Have DoD Contractors and Subcontractors Been Drafted? Once Voluntary Defense Industrial Base CS/IA Regulations Now Mandatory and Aligned With New DFARS Cybersecurity Rules

When last we left the Department of Defense, it had issued a rather wide-reaching interim DFARS rule addressing cybersecurity practices, data retention, and cloud services purchasing guidance. Now, effective October 2, 2015, before the ink can dry on those nascent rules (comments are due October 26, 2015), the DoD has applied them to all DoD … Continue Reading

DoD Addresses Cybersecurity Preparedness, Incident Reporting, and Cloud Computing Acquisitions with new DFARS interim rule

Announced and effective today, August 26, 2015, DoD has issued an interim rule that significantly expands existing DFARS provisions and clauses requiring contractors and subcontractors to report cyber incidents.  The interim rule will apply “to all contractors with covered defense information transiting their information systems,” an estimated 10,000 contractors.  Additionally, in an effort to ensure … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree