Cybersecurity Awareness Month is a good time to highlight one trend in federal efforts to address cyber risk: proscriptive regulation of the information and communications technology and services (“ICTS”) supply chain.

Supply chain risk management is a broad field encompassing, among other things, federal efforts to improve software security, and proposals to revise the FAR

On May 26, 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) published a final rule revising the restrictions on the export, reexport and transfer (in-country) of certain “cybersecurity items” used for malicious cyber activities (“final rule”). Effective immediately upon publication, the final rule amends the October 21, 2021, interim final rule

On May 6, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) designated crypto mixer Blender.io as a Specially Designated National (“SDN”), marking the first time a virtual currency mixer has been sanctioned. The move is the latest in a series of sanctions designations and enforcement actions in the virtual currency

On October 20, 2021, the US Department of Commerce Bureau of Industry & Security (“BIS”) published a long-awaited interim final rule announcing new restrictions on the export, reexport or in-country transfer of certain cybersecurity items used for malicious cyber activities.

In particular, it establishes:

  • new controls and licensing requirements on a range of “cybersecurity items”

On September 21, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced several actions intended to “advance the United States government’s broader counter-ransomware strategy,” including an update to OFAC’s October 2020 advisory on ransomware payments and the first Specially Designated National (“SDN”) designation of a virtual currency exchange. OFAC’s action

Oil and gas companies should anticipate a more vigorous enforcement environment during President Biden’s term, with anti-corruption and sanctions enforcement expected among some of the key areas of focus. In addition, companies should expect close scrutiny of the industry’s management of cyber risks, along with increased regulatory and litigation risk.

To help you navigate the

On April 15, 2021, the Biden administration announced an expansion of existing sanctions against the Russian government, notably including the intelligence service and affiliated parties identified as being responsible for the SolarWinds cyber-attack and other “specified harmful foreign activities,” and signaled a potential willingness to impose additional measures relating to Information and Communications Technology and

On January 19, 2021, the US Department of Commerce (“Commerce”) issued a long-awaited interim final rule (“Interim Final Rule”),1 which would enable Commerce to prohibit or otherwise restrict transactions involving the information and communication technology and services (“ICTS”) supply chain, including both hardware and software, that have a nexus to certain designated “foreign adversaries,”

On October 1, 2020, the US Treasury Department issued important guidance on what victims of ransomware attacks, as well as financial institutions (particularly money services businesses (“MSBs”) and other companies that facilitate such payments), should consider when confronted with potential ransomware demands. First, the Office of Foreign Assets Control (“OFAC”) issued an advisory that emphasizes