Issued against the backdrop of recent high-profile cyber incidents, President Biden’s Executive Order on Improving the Nation’s Cybersecurity sets forth ambitious initiatives and aggressive timelines for strengthening the cybersecurity of the federal government and the companies with which it does business. Critically, it also seeks to shape cyber practices across the economy more broadly, including
Veronica R. Glick
Veronica Glick is a partner in Mayer Brown’s Washington, DC office and a member of the firm’s National Security and Cybersecurity & Data Privacy practices. She is also a member of the firm’s Litigation & Dispute Resolution practice and Congressional Investigations & Crisis Management team. Veronica focuses her practice on complex and cutting-edge legal issues regarding national security, cybersecurity and international law, with particular experience responding to multijurisdictional cyber incidents.
5 Priorities for Managing Industrial Cyber Legal Risk
Recent events have left no doubt: cyber attacks already present a substantial threat to critical infrastructure and other industrial systems. Companies in the energy, chemicals, transportation, manufacturing, infrastructure or other relevant sectors should understand and be able to respond to these threats. Indeed, numerous reports have described sophisticated nation state actors’ efforts to compromise the…
President Biden Issues Executive Order to Improve Nation’s Cybersecurity
President Biden issued the Executive Order on Improving the Nation’s Cybersecurity (“Cyber EO”) on May 12, 2021. The Cyber EO is ambitious in scope and sets aggressive timelines for its implementation. It seeks to both strengthen the cybersecurity of the federal government and push the private sector to further strengthen its approach to cybersecurity. Indeed,…
US Commerce Issues Rules for Review of ICTS Transactions for National Security Threats
On January 19, 2021, the US Department of Commerce (“Commerce”) issued a long-awaited interim final rule (“Interim Final Rule”),1 which would enable Commerce to prohibit or otherwise restrict transactions involving the information and communication technology and services (“ICTS”) supply chain, including both hardware and software, that have a nexus to certain designated “foreign adversaries,”…
Managing OT Cyber Risk: Lessons from the Front Lines
Cyber attacks continue to grow against the wide range of industries that rely on connected systems to manufacture products, monitor industrial processes, operate critical infrastructure and perform countless other sensitive processes. These attacks against industrial systems—generally referred to as “Operational Technology” (OT)—threaten to stop production, impair the integrity of safety-critical systems or even cause physical…
Legal Considerations Raised by the U.S. Cyberspace Solarium Commission Report
To cope with the coronavirus crisis, Americans rely more than ever before on information and communications technology to stay connected, do our jobs, see our families and live fulfilling lives. But this shift has come with a significant increase in cybersecurity and data privacy risk.
A Proposal for a European Cybersecurity Taxonomy—The End of the Tower of Babel?
On December 6, the Joint Research Center, a European Commission science and knowledge service, issued a Proposal for a European Cybersecurity Taxonomy (the “Proposal”). Noting the absence of a globally accepted and standardized definition of cybersecurity and a clear identification of its domains of development and application, the Proposal introduces a taxonomy for cybersecurity.
Although…
Internet of Things Incidents
Cyber attacks now reach a broad range of connected devices, ranging from connected toys, fitness trackers, home alarm systems, cars and medical devices to connected manufacturing and infrastructure. Attacks on this broad range of connected devices—often referred to as the Internet of Things—can raise distinct issues from incidents involving enterprise systems.
US and UK Sign Historic Bilateral Data Access Agreement
On October 7, 2019, the United States and United Kingdom released the text of a bilateral data access agreement that would permit law enforcement authorities in one country to make direct requests to communications service providers based in the other country for electronic evidence related to serious crimes, including terrorism. This would allow these companies…
DoD Updates Draft Cybersecurity Maturity Model Certification—300,000+ DoD Contractors and Subcontractors Required to Be Certified as a Prerequisite to Contracting
On November 7, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Draft Version 0.6 of its Cybersecurity Maturity Model Certification (CMMC) for public comment. According to DoD’s overview briefing, the CMMC was created to provide “a unified cybersecurity standard for DoD acquisitions to…