Header graphic for print
Focus on Regulation

Tag Archives: cybersecurity

Legislative and Regulatory Update on Federal Supply Chain Risk Management

The U.S. Government is renewing its focus on mitigating technological risks by regulating the supply chain for various goods and services. To achieve these goals, Congress and agencies have introduced, and in some cases enacted, legislation and regulations that direct agencies to identify, assess, and mitigate supply chain risks generally as well as prohibit agencies

Winnik Forum Panelists Explore Cybersecurity in the Connected World

Hogan Lovells’ Winnik International Telecoms & Internet Forum  explored how the Internet of Things (IoT) may continue to expand the scope of cybersecurity concerns.  Cybersecurity risks for the IoT were previously synonymous with enterprise products.  Now these risks extend to consumer devices, services and applications. According to cybersecurity leaders attending the forum, the IoT market

Brill Discusses Benefits and Challenges of IoT at Winnik Forum

Julie Brill, Hogan Lovells Partner and former Commissioner of the U.S. Federal Trade Commission (FTC), delivered opening afternoon remarks at the Fifth Annual Winnik International Telecoms and Internet Forum: The Internet of Things: Legal Challenges and Opportunities.  Brill highlighted the “unquestionable” benefits of the Internet of Things (IoT) while also stressing the considerable data security and

DoD Amends its DFARS Safeguarding and Cyber Incident Reporting Requirements with a Second Interim Rule

On December 30, 2015, effective upon publication, the U.S. Department of Defense (DoD) published a three-page interim rule revising its earlier August 2015 interim rule on Safeguarding Covered Defense Information. 80 Fed. Reg. 81,472 (Dec. 30, 2015), available here. See our previous analysis of the original August 26 rule here. Comments on this new interim rule

Recent Updates to DFARS Cybersecurity Rule

Over the past month, there have been a number of developments affecting the new DFARS Network Penetration Reporting and Contracting for Cloud Services interim rule (DFARS Case 2013-D018, published in the Federal Register on Wednesday, August 26, 2015, available here). See our previous analysis of the rule here. On Wednesday, November 18, 2015, DoD published

China proposes new cyber security rules for insurance industry

On 9 October 2015, the China Insurance Regulatory Commission (“CIRC“) issued draft Supervisory Rules for Adoption of Information Technology by Insurance Institutions (“Draft Insurance IT Rules“) for public comment. The public comment period will close on 31 October 2015. The Draft Insurance IT Rules have been issued to replace the 2009 (Pilot) Guidance on Administration

U.S. Government Steps Up Cybersecurity Efforts With New Rules for Export Controls, Economic Sanctions

With cybersecurity dominating the headlines, the U.S. government has taken several recent steps to target the national security threat posed by cybercriminals and hackers with new regulations aimed at curbing malicious actors online.

Executive Order Authorizes Economic Sanctions as New Tool for U.S. Cyber Defense

On 1 April 2015, President Obama signed an Executive Order authorizing the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities constituting a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.

Industry Recommends Market Solutions for Privacy, Cybersecurity, and Law Enforcement Access Challenges for the Internet of Things

The Internet of Things raises new concerns about privacy, security and law enforcement access.  Rather than develop new rules for new devices, industry experts convened during the 2014 Winnik International Telecoms & Internet Forum recommended allowing the market to try solve these challenges before the government steps in. In May 2014, the President’s Council of

2014 Intelligence Authorization Act Requires Contractors to Report Cybersecurity Breaches

On Monday, 7 July, the president signed into law the Intelligence Authorization Act for Fiscal Year (FY) 2014 (Pub. L. 113-126), which requires intelligence contractors with security clearances to promptly report network and information system penetrations and provide government investigators access to such systems. This new statutory cybersecurity reporting requirement for cleared intelligence contractors is largely consistent with a reporting requirement applicable to cleared U.S. Department of Defense contractors under the National Defense Authorization Act for FY 2013.

DoD Publishes Final Rule Requiring All Contractors and Subcontractors to Safeguard Unclassified Controlled Technical Information

On November 18, 2013, the Department of Defense (DoD) published a Final Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to address requirements for safeguarding unclassified controlled technical information.[1] This rule has been in development for over two years with DoD originally publishing a rule-making Notice on March 3, 2010,[2] and a Proposed Rule

FDA Seeks Enhanced Cybersecurity Risk Management Efforts, Including Premarket Submission Requirements, for Medical Device Manufacturers and Hospitals

Drawing on the increasing use of wireless, Internet- and network-connected medical devices, the Food and Drug Administration (“FDA” or “the Agency”) issued a draft guidance document for comment on June 14, 2013, proposing that manufacturers of medical devices that contain software, firmware, or programmable logic, address cybersecurity risks in premarket submissions.  The draft guidance, entitled,

Incorporating Cybersecurity Standards into the Federal Acquisition Process

Michael J. Scheimer, an Associate in Hogan Lovells’ Government Contracts Practice, contributed to this post. Section 8(e) of Executive Order (EO) 13,636, Improving Critical Infrastructure Cybersecurity, issued on Feb 13, 2013, requires the Department of Defense (DoD) and the General Services Administration (GSA), in coordination with the FAR Council, to make recommendations to the President

Senate Commerce Committee’s Probe of Fortune 500 Corporate Cybersecurity is Unprecedented; Responses Requested Oct. 19

Each of the 500 largest businesses in America has been asked by the Senate Commerce Committee to describe how it deals with cybersecurity, demonstrating that government’s focus on cybersecurity is not going away despite stalled legislative efforts.  On 19 September, Senator Jay Rockefeller (D-WV) sent an unprecedented letter to the chief executives of the 500 largest companies

New Safeguarding Requirements for Government Contractor Information Systems

Government contractors soon may be compelled to protect against the compromise of information that is resident on their network and computer systems. The Federal Acquisition Regulatory Council (FAR Council) issued on August 24 a proposed rule on “Basic Safeguarding of Contractor Information Systems”. 77 Fed. Reg. 51,495 (Aug. 24, 2012). The proposal would add a

NIST Publishes Computer Security Incident Handling Guide

The National Institute of Standards and Technology (“NIST“) issued on August 8 an updated Computer Security Incident Handling Guide (NIST Special Publication 800-61, Rev. 2) (“Publication”). The Publication provides guidance to Federal agencies on detecting, analyzing, prioritizing, and handling computer security incidents. Like most NIST Special Publications, this guidance “may be used by nongovernmental organizations

Hogan Lovells Publishes Client Alert on DoD’s Cyber Security Information Sharing Program

On June 13, 2012, Hogan Lovells Partners Thomas L. McGovern and Todd R. Overman, both with our Government Contracts Practice, published a Client Alert entitled, “DOD Voluntary Cyber Security Program Requirements May Limit Participation Opportunities For Some Government Contractors.”  The Client Alert discusses the practical implications for government contractors of the Department of Defense’s interim