On May 26, 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) published a final rule revising the restrictions on the export, reexport and transfer (in-country) of certain “cybersecurity items” used for malicious cyber activities (“final rule”). Effective immediately upon publication, the final rule amends the October 21, 2021, interim final rule
Malware
Russian Military Action in Ukraine: Measures to Mitigate Related Cyber Risk
After months of diplomatic engagement, the early morning of February 24, 2022 saw what President Biden called an “unprovoked and unjustified attack by Russian military forces” on Ukraine. Numerous news reports also have described significant cyber attacks against Ukrainian systems. According to those reports, these attacks follow multiple waves of cyber attacks in the past…
Top Legal Ethics Stories And Cybersecurity Concerns
The top legal ethics headlines of 2021 and cybersecurity concerns as we head into 2022. Bloomberg Industry Group legal reporter Melissa Heelan and Veronica Glick, partner in Mayer Brown’s Washington DC office and a member of the firm’s National Security and Cybersecurity & Data Privacy practices, are guests. Hosted by Joe Shortsleeve.
BIS Announces New Export Controls on Cybersecurity Items Used for Malicious Cyber Activity
On October 20, 2021, the US Department of Commerce Bureau of Industry & Security (“BIS”) published a long-awaited interim final rule announcing new restrictions on the export, reexport or in-country transfer of certain cybersecurity items used for malicious cyber activities.
In particular, it establishes:
- new controls and licensing requirements on a range of “cybersecurity items”
…
A Conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency
Eric Goldstein has served as the Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA) since February. In this role, he leads CISA’s mission to protect and strengthen federal civilian agencies and the nation’s critical infrastructure against cyber threats. Eric will be in conversation with Stephen Lilley, former Chief Counsel to…
Heightened Cyber False Claims Risk: New DOJ Approach to US Government Contractor and Federal Grantee Cybersecurity Enforcement
On October 6, 2021, the US Department of Justice (DOJ) announced a new initiative to address cyber-fraud and that focuses on government contractors. Specifically, DOJ has launched a “Civil Cyber-Fraud Initiative” (Initiative), which will combine DOJ’s “expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security…
OFAC Issues Updated Ransomware Advisory Emphasizing Reporting to and Cooperation with US Law Enforcement
On September 21, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced several actions intended to “advance the United States government’s broader counter-ransomware strategy,” including an update to OFAC’s October 2020 advisory on ransomware payments and the first Specially Designated National (“SDN”) designation of a virtual currency exchange. OFAC’s action…
5 Steps For Legal Teams To Mitigate Industrial Cyber Risk
Recent events have left no doubt: Cyberattacks present a substantial threat to critical infrastructure and other industrial systems. Companies operating in the energy, chemicals, transportation, manufacturing, infrastructure and other relevant sectors should understand and respond to these threats.
Market Trends 2020/21: Cybersecurity-Related Disclosures
This practice note identifies cybersecurity risk disclosures that offer detailed discussions on the potential reputational, financial, or operational harm resulting from cybersecurity breaches as well as the potential litigation or regulatory costs, policies, and procedures in addressing cybersecurity risks. This piece concludes with practical advice on how to prepare and enhance the required disclosures on…
Biden Administration Announces Expansion of Sanctions Against Russia and Signals Potential Additional Restrictions Following SolarWinds Cyber-Attack
On April 15, 2021, the Biden administration announced an expansion of existing sanctions against the Russian government, notably including the intelligence service and affiliated parties identified as being responsible for the SolarWinds cyber-attack and other “specified harmful foreign activities,” and signaled a potential willingness to impose additional measures relating to Information and Communications Technology and…