cybersecurity

Subscribe to cybersecurity via RSS

Key Takeaways

  • The Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security (Order), directs the creation of a framework for developers of advanced frontier models to engage with the federal government for a voluntary pre-release review of the models.
  • The Order also directs the Treasury Department, together with the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), to establish a clearinghouse to coordinate cyber vulnerability scanning, discovery, and patch distribution, in collaboration with private sector artificial intelligence (AI) and critical infrastructure companies.
  • CISA must issue Binding Operational Directives (BODs) and other guidance to expedite cyber defense of civilian federal systems and expand use of AI-enabled defensive tools.
  • The Order directs the Attorney General to prioritize prosecution of AI- and AI agent- facilitated computer crimes, identity theft offenses, and wire fraud schemes.
  • Developers considering engagement with the federal government for model pre-release review will need to assess the scope of pre-release access and the safeguards available during the early access window.
  • Companies seeking to become trusted partners should engage carefully with the U.S. government; those trusted partners may receive early access to covered frontier models, but also may be asked to disclose sensitive information and agree to continuing collaboration with the government.
Continue Reading Trump Administration Issues Executive Order on Advanced AI Innovation and Security

Key Takeaways

  • The newly announced “Cyber Strategy for America” (Cyber Strategy) marks an expansion and tonal shift from the previous National Cybersecurity Strategy, emphasizing a proactive stance against foreign adversaries and cybercrime through offensive operations and enhanced collaboration with the private sector.
  • While the Cyber Strategy does not impose direct obligations on businesses, it signals an increasing market of government contracts for commercial cybersecurity firms, including via the recent appropriation of $1 billion from the One Big Beautiful Bill.
  • The administration aims to simplify cyber regulations, potentially impacting compliance frameworks.
Continue Reading President Trump Issues a “Cyber Strategy for America” and an Executive Order on Combating Cyber-Enabled Crime

As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026:

Continue Reading 2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Prediction

As of January 17, 2025, financial entities and their critical information and communication technology (ICT) service providers need to comply with the new cybersecurity requirements in the Digital Operational Resilience Act (DORA). DORA introduces significant operational and ICT security requirements for a wide range of financial market participants, including banks, insurers, trading platforms, as well as for their ICT service providers.

Continue Reading New EU Cyber Resilience Requirements for Financial Sector Enter into Force

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:

Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

UPDATED: November 20, 2024

On November 20, 2024, the European Union officially published the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as wearables). The CRA will enter into force on December 10, 2024 and companies have until September 11, 2026 to comply with the first wave of obligations.

Continue Reading New EU Cybersecurity Obligations for Connected Devices: What You Need to Know