On December 20, 2021, The National Institute of Standards and Technology (NIST) released its draft interagency report 8403 on “Blockchain for Access Control Systems”. As the report’s abstract states:
“Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control
A new bill introduced by the Senate (S. 2666), the “Sanction and Stop Ransomware Act of 2021”, would require a strict 24-hour limit for reporting ransomware payments for businesses with more than 50 employees. The bipartisan bill, put forward by leaders of the Senate Homeland Security and Governmental Affairs Committee, also focuses on critical infrastructure,
The National Security Agency (NSA) and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint alert warning that, over recent months, hackers have been attempting to target Critical Infrastructure (CI) by exploiting Internet-accessible Operational Technology (OT) assets. The alert notes recently observed tactics from the hackers, including spear phishing and
Last Friday, May 1, the White House signed an executive order prohibiting Federal Agencies and U.S. persons from acquiring, importing, transferring, or installing any bulk power system (“BPS”) equipment in which:
On March 18, 2020, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) announced steps to ensure that operators of the bulk electric system can focus resources on safety and reliability during the COVID-19 emergency. FERC and NERC are advising all registered entities that they will consider the impact of
On December 5, 2017, NIST published a revised version of the NIST Cybersecurity Framework (i.e., Draft 2 of Version 1.1) (“Framework”). According to NIST, Version 1.1 of the Framework refines, clarifies, and enhances Version 1.0 of the Framework issued in February 2014, and the recently published Draft 2 of Version 1.1 is informed by over
On August 7 2017, the U.S. Securities and Exchange Commission (SEC), through its Office of Compliance Inspections and Examinations (OCIE), published a Risk Alert summarizing observations on how broker dealers, investment advisers, and investment companies have addressed cybersecurity issues. The OCIE examined 75 financial firms registered with the SEC. The examinations focused on the firms’
On August 1, 2017, the Senate introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2017”, which aims to bolster the security of government-acquired IoT devices. Sponsored by Sens. Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-OR), and Steve Daines (R-MT), the bill would require connected devices purchased by the government agencies to
Today, on June 1, 2017, China’s new cybersecurity law, entitled the “Network Security Law”, goes into effect. The law was passed in November 2016. It now becomes legally mandatory for “network operators” and “providers of network products and services” to: (a) follow certain personal information protection obligations, including notice and consent requirements; (b) for network
On March 10, 2017, the White House Office of Management and Budget (“OMB”) released its 2016 Federal Information Security Modernization Act (“FISMA”) Annual Report to Congress. The FISMA Report describes the current state of Federal cybersecurity. It provides Congress with information on agencies’ progress towards meeting cybersecurity goals and identifies areas that need improvement. Additionally,
