The U.S. Government is renewing its focus on mitigating technological risks by regulating the supply chain for various goods and services. To achieve these goals, Congress and agencies have introduced, and in some cases enacted, legislation and regulations that direct agencies to identify, assess, and mitigate supply chain risks generally as well as prohibit agencies
Hogan Lovells’ Winnik International Telecoms & Internet Forum explored how the Internet of Things (IoT) may continue to expand the scope of cybersecurity concerns. Cybersecurity risks for the IoT were previously synonymous with enterprise products. Now these risks extend to consumer devices, services and applications. According to cybersecurity leaders attending the forum, the IoT market
Julie Brill, Hogan Lovells Partner and former Commissioner of the U.S. Federal Trade Commission (FTC), delivered opening afternoon remarks at the Fifth Annual Winnik International Telecoms and Internet Forum: The Internet of Things: Legal Challenges and Opportunities. Brill highlighted the “unquestionable” benefits of the Internet of Things (IoT) while also stressing the considerable data security and
The Director of the International Atomic Energy Agency (IAEA) on Monday October 10 stated that nuclear power plants are targets for cyber attacks. noting cyber attacks at nuclear power plants in recent years.
On December 30, 2015, effective upon publication, the U.S. Department of Defense (DoD) published a three-page interim rule revising its earlier August 2015 interim rule on Safeguarding Covered Defense Information. 80 Fed. Reg. 81,472 (Dec. 30, 2015), available here. See our previous analysis of the original August 26 rule here. Comments on this new interim rule
Over the past month, there have been a number of developments affecting the new DFARS Network Penetration Reporting and Contracting for Cloud Services interim rule (DFARS Case 2013-D018, published in the Federal Register on Wednesday, August 26, 2015, available here). See our previous analysis of the rule here. On Wednesday, November 18, 2015, DoD published
On 9 October 2015, the China Insurance Regulatory Commission (“CIRC“) issued draft Supervisory Rules for Adoption of Information Technology by Insurance Institutions (“Draft Insurance IT Rules“) for public comment. The public comment period will close on 31 October 2015. The Draft Insurance IT Rules have been issued to replace the 2009 (Pilot) Guidance on Administration
With cybersecurity dominating the headlines, the U.S. government has taken several recent steps to target the national security threat posed by cybercriminals and hackers with new regulations aimed at curbing malicious actors online.
On 1 April 2015, President Obama signed an Executive Order authorizing the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities constituting a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.
The Internet of Things raises new concerns about privacy, security and law enforcement access. Rather than develop new rules for new devices, industry experts convened during the 2014 Winnik International Telecoms & Internet Forum recommended allowing the market to try solve these challenges before the government steps in. In May 2014, the President’s Council of
On Monday, 7 July, the president signed into law the Intelligence Authorization Act for Fiscal Year (FY) 2014 (Pub. L. 113-126), which requires intelligence contractors with security clearances to promptly report network and information system penetrations and provide government investigators access to such systems. This new statutory cybersecurity reporting requirement for cleared intelligence contractors is largely consistent with a reporting requirement applicable to cleared U.S. Department of Defense contractors under the National Defense Authorization Act for FY 2013.
On November 18, 2013, the Department of Defense (DoD) published a Final Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to address requirements for safeguarding unclassified controlled technical information. This rule has been in development for over two years with DoD originally publishing a rule-making Notice on March 3, 2010, and a Proposed Rule
Drawing on the increasing use of wireless, Internet- and network-connected medical devices, the Food and Drug Administration (“FDA” or “the Agency”) issued a draft guidance document for comment on June 14, 2013, proposing that manufacturers of medical devices that contain software, firmware, or programmable logic, address cybersecurity risks in premarket submissions. The draft guidance, entitled,
Michael J. Scheimer, an Associate in Hogan Lovells’ Government Contracts Practice, contributed to this post. Section 8(e) of Executive Order (EO) 13,636, Improving Critical Infrastructure Cybersecurity, issued on Feb 13, 2013, requires the Department of Defense (DoD) and the General Services Administration (GSA), in coordination with the FAR Council, to make recommendations to the President
This post was written by Hogan Lovells Partners Tom McGovern and Harriet Pearson and Michael Scheimer. The National Defense Authorization Act for Fiscal Year 2013 (NDAA FY 13) has recently emerged from the congressional conference committee formed to reconcile the House and Senate versions of the bill. The compromise bill (HR 4310 – H Rept
Each of the 500 largest businesses in America has been asked by the Senate Commerce Committee to describe how it deals with cybersecurity, demonstrating that government’s focus on cybersecurity is not going away despite stalled legislative efforts. On 19 September, Senator Jay Rockefeller (D-WV) sent an unprecedented letter to the chief executives of the 500 largest companies
Government contractors soon may be compelled to protect against the compromise of information that is resident on their network and computer systems. The Federal Acquisition Regulatory Council (FAR Council) issued on August 24 a proposed rule on “Basic Safeguarding of Contractor Information Systems”. 77 Fed. Reg. 51,495 (Aug. 24, 2012). The proposal would add a
The National Institute of Standards and Technology (“NIST“) issued on August 8 an updated Computer Security Incident Handling Guide (NIST Special Publication 800-61, Rev. 2) (“Publication”). The Publication provides guidance to Federal agencies on detecting, analyzing, prioritizing, and handling computer security incidents. Like most NIST Special Publications, this guidance “may be used by nongovernmental organizations
On June 13, 2012, Hogan Lovells Partners Thomas L. McGovern and Todd R. Overman, both with our Government Contracts Practice, published a Client Alert entitled, “DOD Voluntary Cyber Security Program Requirements May Limit Participation Opportunities For Some Government Contractors.” The Client Alert discusses the practical implications for government contractors of the Department of Defense’s interim