Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

CISA Releases “Cyber Essentials” to Assist Small Businesses

On November 6, 2019, the Department of Homeland Security (“DHS”), Cybersecurity & Infrastructure Security Agency (“CISA”) released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate … Continue Reading

The True Impact of the Chinese Telecom Ban on Government Contractors

As you probably know, we have been following very closely developments relating to Section 889 of the 2019 National Defense Authorization Act (NDAA), which prohibits executive agencies from purchasing restricted products and services from certain Chinese telecommunications companies (including Huawei and ZTE) and also from working with contractors that use such products. Jonathan Aronie was … Continue Reading

Regulatory Moves Show Financial Watchdogs Working Smarter, if Not Harder

To gain insight into where the Securities and Exchange Commission (“SEC”) and Commodity Futures Trading Commission (“CFTC”) have been focusing their oversight and what their priorities will be in 2020, look no further than their recent words and deeds. A common thread running through the recent public statements and enforcement activity of both agencies is … Continue Reading

GSA Implements Restrictions on Certain Chinese-Made Telecommunications Services and Equipment

On September 9, 2019, the U.S. General Services Administration (“GSA”) announced it would be issuing a mass modification (expected sometime this month)[1] requiring all new and existing GSA Multiple Award Schedule (“MAS”) contracts include two new clauses. The new clauses come in response to Section 889 of the FY2019 National Defense Authorization Act (“NDAA”), and … Continue Reading

Effective Last Month! – DoD’s Implementation of New FAR Prohibitions on Chinese Telecommunications Equipment and Services in Government Contracts

We recently wrote about the FAR Council’s release of an interim rule implementing restrictions on procurements involving certain Chinese telecommunications hardware manufacturers and service providers, such as Huawei and ZTE. The interim rule creates a new FAR Subpart 4.21, as well as two new contract clauses, FAR 52.204-24 and 52.204-25, which were effective August 13, … Continue Reading

Effective Immediately! – FAR Amended to Include Prohibition on Chinese Telecommunications Equipment and Services in Government Contracts

In accordance with Section 889(a)(1)(A) of the 2019 National Defense Authorization Act (Pub. L. No. 115-232) (the “2019 NDAA”), which required imposition of broad restrictions on procurements involving certain Chinese telecommunications hardware manufacturers such as Huawei Technologies Co. and ZTE Corp within one year, the FAR Council has released an interim rule implementing these restrictions. … Continue Reading

Cyber Update: DoD Contractor Cybersecurity Certification and 33 New Enhanced Controls to Combat the Advanced Persistent Threat

The Government remains intensely focused on how best to protect its Controlled Unclassified Information (CUI) once it is released to contractors. In a shift from its initial approach of “we will take the contractor’s word for it,” the Department of Defense (DoD) announced in June 2019 it is in the process of developing a new … Continue Reading

The Future of COTS Procurement: Top 10 Questions from GSA’s Section 846 Phase 2 Report

On May 2, 2019, the General Services Administration (“GSA”) and the Office of Management and Budget (“OMB”) finally released their Phase 2 Implementation Report (the “Phase 2 Report”) for “Procurement Through E-Commerce Portals,” as directed by Section 846 of the National Defense Authorization Act for Fiscal Year 2018 (“FY 2018 NDAA”).[1] GSA/OMB offered a sneak … Continue Reading

New York DFS Consumer Protection and Financial Enforcement Division: New Name, New Look, Old Mandate

On April 29, 2019, just months into her new job at the New York State Department of Financial Services (“DFS”), acting DFS Superintendent Linda Lacewell announced a significant reorganization within the financial and insurance regulator. The new Consumer Protection and Financial Enforcement Division (the “CPFED”) combines seven previously separate divisions and units – Enforcement, Investigations … Continue Reading

New Executive Order To Further Restrict Business with Huawei and Other Foreign Adversaries Engaged in Cyber Espionage

On May 15, 2019, President Trump issued an Executive Order (“EO”) targeting activities of certain foreign telecommunications companies based in hostile countries. Entitled “Securing the Information and Communications Technology and Services Supply Chain,” the EO declares a national emergency based on a Presidential finding that “foreign adversaries are increasingly creating and exploiting vulnerabilities in information … Continue Reading

“Internet of Things” Guidance to be Added to Cybersecurity Requirements for Agencies and Federal Contractors

In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information.  In addition to updated Department of Defense guidance and procedures for evaluating contractors’ compliance with cybersecurity requirements, as well as an increase in Department of Defense cybersecurity audits, the Federal Acquisition Regulation (FAR) council also has promised a … Continue Reading

SEC Issues Risk Alert on Customer Privacy Safeguards

Earlier this month, the Securities and Exchange Commission (“SEC”) took a break from its recent focus on digital assets and the Best Interest fiduciary standard to publish a Risk Alert encouraging investment advisers and broker-dealers to revisit their policies and procedures relating to Regulation S-P (“Reg S-P”) (17 C.F.R. Part 248, Subpart A), which sets … Continue Reading

SEC Enforcement’s Annual Report Prioritizes Retail Investors, Cryptocurrency, Cybercrime, and Individual Accountability

The Enforcement Division of the United States Securities and Exchange Commission (“SEC”) recently released its annual enforcement report (“Report”) for fiscal year 2018. The Report reflects an increased focus on retail investors, cryptocurrency, cybercrime, and individual accountability. Further, it showcases that SEC enforcement continues to be robust under the Trump administration, despite industry and media … Continue Reading

The List of Forbidden Products Grows: The NDAA’s Prohibitions on Use of Certain Chinese-Made Equipment

The 2019 National Defense Authorization Act (“NDAA”) imposes new restrictions on procurements for telecommunications equipment or services based on ties to certain Chinese entities, thereby growing the list of forbidden products for contractors. Specifically, Section 889 prohibits executive-branch agencies from initiating procurements or entering into contracts for certain telecommunications equipment or services from companies associated … Continue Reading

Fool Me Twice…SEC’s latest Cyber-Fraud ROI Indicates Future Enforcement Against Hacker Victims

In the aftermath of the Securities and Exchange Commission’s (“SEC”) latest Report of Investigation (“Report”) regarding cyberattacks via “spoofed or manipulated electronic communications,” companies should prepare to adjust and update their internal controls or face possible enforcement actions for violation of federal securities law.  Released as a warning to public companies about recent cyberattacks, the Report’s … Continue Reading

You Might Be an Inside Trader If…You Trade on Your Unconfirmed Suspicions of a Cybersecurity Event Prior to Its Public Revelation or Disclosure

Earlier this year, the SEC released cybersecurity guidance addressing, among other things, the risk of insider trading in the event of a data breach. This risk comes in multiple forms, including the intruders trading on stolen information and insiders trading on the knowledge of the breach itself. The SEC demonstrated its willingness to address the … Continue Reading

NIST Releases Highly-Anticipated Draft Special Publication on Assessing the Security Requirements in NIST SP 800-171 for Controlled Unclassified Information (CUI)

Pursuant to DFARS 252.204-7012, DoD contractors are to implement the security requirements in NIST Special Publication (SP) 800-171 by December 31, 2017. NIST SP 800-171 includes security requirements for protecting Controlled Unclassified Information (CUI) in nonfederal systems and is expected soon to be required under civilian agency contracts through a forthcoming FAR case. On November … Continue Reading

Achieving Cyber-Fitness In 2017: Part 5—Cyber Incident Reporting And Response

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. As discussed in parts 1–4 of this series, the Defense Federal Acquisition Regulation Supplement cybersecurity clause, Safeguarding Covered Defense Information and Cyber … Continue Reading

Achieving Cyber-Fitness In 2017: Part 4—Subcontracts, Joint Ventures And Teaming Agreements

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. Our “Cyber-Fitness” series thus far has focused on a contractor’s individual obligations and best practices for compliance with the Federal Acquisition Regulation … Continue Reading

Achieving Cyber-Fitness in 2017: Part 3—Proving Compliance and the Role of Third-Party Auditors

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. The Department of Defense final rule for safeguarding covered defense information requires contractors to implement the security controls in National Institute of … Continue Reading

Presidential Executive Order on Cybersecurity: No More Antiquated IT

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and … Continue Reading

Achieving Cyber-Fitness In 2017: Part 2—Looking Beyond The FAR And DFARS— Other Safeguarding And Reporting Requirements

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. In Part 1, we discussed the cybersecurity requirements applicable to federal contract information under Federal Acquisition Regulation 52.204-21(b)(1) and covered defense information … Continue Reading

Achieving Cyber-Fitness In 2017: Part 1—Planning For Compliance

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352. It is a new year, which means New Year’s resolutions for roughly 50 percent of Americans. Most vow to lose weight … Continue Reading

New York State Department of Financial Services Cybersecurity Regulation Poised to Reshape Existing Regulatory Landscape

In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”).  While the revisions pare back some of the DFS Rule’s original requirements and add some much needed flexibility, the regulation will still impose many new obligations upon a wide array of financial institutions doing business … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree