RSS Print Email

The White House

NIST releases final Cybersecurity Framework

The National Institute of Standards and Technology (“NIST”) has released the final version of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The Framework was developed by NIST at the direction of President Obama’s February 12, 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”).

Read More

House of Representatives Passes Health Exchange Security and Transparency Act of 2014: HR 3811 Would Require HHS to Notify Affected Individuals of a Breach of a Health Insurance Exchange Within 2 Days of Discovery

On Friday, January 10, 2014, the House of Representatives passed H.R. 3811, the “Health Exchange Security and Transparency Act of 2014” by a vote of 291 to 122. The bill was introduced on January 7, 2014 by Representative Joe Pitts (R-PA), and has a total of 75 cosponsors. Under the bill, the Secretary of Health and Human Services would be required to provide notice to each individual “[n]ot later than two business days after the breach of security of any system maintained by an Exchange established under section 1311 or 1321 of [the Affordable Care Act] which is known to have resulted in personally identifiable information of an individual being stolen or unlawfully accessed.” By contrast, the HITECH Act requires HIPAA covered entities to provide breach notifications to individuals, to HHS (if the breach involves the PHI of 500 or more individuals), and/or to the media (if required) “without unreasonable delay and in no case later than 60 calendar days after the discovery of a breach by the covered entity involved.” The bill would require HHS to notify individuals not only with respect to breaches of security of a federally facilitated health insurance exchange – a health insurance exchange established and operated by HHS that is accessed through – but also with respect to breaches of security of any health insurance exchange established and operated by a State under the Affordable Care Act.” 

Read More

White House Cybersecurity Coordinator to Deliver Keynote at Law & Policy In-House Summit in Washington, D.C.

The Global Law Forum will host The Cybersecurity Law & Policy In-House Summit in Washington D.C. on January 14 and 15, 2014. The Summit will showcase panel discussions addressing a myriad of issues relevant to corporate counsel including establishing data breach response plans, understanding the cybersecurity insurance market, achieving Board of Directors and company buy-in on cybersecurity measures, as well as preparing for the upcoming final NIST Cybersecurity Framework and its potential to establish a new standard of care for liability. Special Assistant to President Obama and U.S. Cybersecurity Coordinator J. Michael Daniel will deliver the Keynote address and provide an overview of the White House’s 2014 cybersecurity agenda. Registration for the event is open and accessible here. Alston & Bird is a Knowledge Partner for the event.

Read More

NIST's Preliminary Cybersecurity Framework Could Have Broad Implications for Critical, Non-Critical Infrastructure Alike

On October 22, 2013, the National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework (“Framework”), marking one of the final steps in creating the “voluntary” Framework envisioned in an Obama Administration Executive Order (EO) issued earlier this year. That EO, which was designed to strengthen the cybersecurity of the United States’ critical infrastructure, required NIST to work with the private sector to develop a cybersecurity Framework to reduce the risks from cyber attacks. The Framework is designed to identify beneficial cybersecurity practices and create a common language for discussing those practices. While the Framework does not create new security standards, it uses existing standards to create a comprehensive approach to cybersecurity risk management that may be useful to companies with either nascent or more robust cybersecurity programs. The comment period on the Preliminary Framework closed on December 13, 2013, and the final Framework is expected to be released in February of 2014.

Read More

Data Privacy in the Transatlantic Trade Agreement? US-EU Ponder the Way Forward

The United States and the European Union announced in February their intent to launch negotiations this year on a far-reaching trade and investment partnership agreement. Negotiations on the treaty, known as “TTIP”, should commence in June following a Congressional and public consultation period in the United States, and a parallel process in the EU whereby the European Commission will obtain a formal mandate from the 27 EU member states. Differences in data privacy and protection between the US and EU have already arisen as an issue of contention as governments labor to construct a bilateral negotiating agenda.

Senior U.S. officials, including outgoing U.S. Trade Representative Ron Kirk and Deputy National Security Adviser Michael Froman have both commented publicly that rules on cross-border data flows should be up for negotiation in the TTIP, responding to interest from US industry to liberalize data flows not only across the Atlantic Ocean, but also between various EU member state markets.

Read More

President Obama Signs Executive Order on Cybersecurity Measures

February 13, 2013 | Posted by | Topic(s): Online Privacy, The White House, Data Security, Cybersecurity, Privacy

Last evening, President Obama announced in his televised State of the Union Address to Congress that he had signed an Executive Order earlier in the day to direct federal departments and agencies to adopt and implement new cybersecurity initiatives for the purpose of protecting our nation’s critical infrastructure. A legislative response from Congress is anticipated as early as today and we will provide subsequent updates. Please see our Cyber Alert for additional information on the Executive Order in the format of responses to frequently asked questions. Additionally, the White House issued a Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience (which updates HSPD 7) to complement the Order. The press release on the Order and a fact sheet on the new PPD are linked below:

  • White House Cybersecurity Executive Order - Press Release
  • White House Cybersecurity Presidential Policy Directive - Fact Sheet

Written by Paul Martino and Todd McClelland, Partners, Security Incident Management & Response Team| Alston & Bird LLP

U.S. Senator Sends Cybersecurity Inquiry Letter to American Businesses as White House Executive Order Nears Completion

September 21, 2012 | Posted by | Topic(s): US Congress, Legislation, The White House, Cybersecurity, Senate

Chief executives of each of the Fortune 500 companies will soon receive a letter from Senator John D. Rockefeller IV (D-W.Va.) asking them to describe how their companies address computer network security, or “cybersecurity.” In the letter, Senator Rockefeller explains that he is addressing Fortune 500 companies directly because of the recent stalling of the Cybersecurity Act (S. 3414) in the U.S. Senate.

Read More

Senate Republicans Reintroduce Revised Cybersecurity Bill, S. 3342, the SECURE IT Act

June 27, 2012 | Posted by | Topic(s): US Congress, Legislation, The White House, Data Security, Cybersecurity, Privacy, Senate, House of Representatives

This afternoon, Senators John McCain (R-AZ), Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC) reintroduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act, which now bears the number S. 3342.

Read More

Senate Commerce Committee Holds Privacy Hearing

Today the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “The Need for Privacy Protections: Perspectives from the Administration and the Federal Trade Commission.” The hearing examined the need for privacy legislation and the recent privacy reports from the White House and the Federal Trade Commission. Testifying on behalf of the federal government were Cameron Kerry, General Counsel at the Department of Commerce, Jon Leibowitz, Chairman of the Federal Trade Commission (FTC), and Maureen Ohlhausen, FTC Commissioner. The witness statements and an archive of the hearing webcast may be found here.

Written by Paul Martino, Partner | Alston & Bird LLP

White House Issues Statement of Administration Policy Opposing CISPA

April 25, 2012 | Posted by | Topic(s): US Congress, Legislation, The White House, Cybersecurity, Privacy, House of Representatives

Today the Obama Administration issued a Statement of Administration Policy (SAP) opposing the principal House cybersecurity bill, HR 3523, CISPA (Rogers-Ruppersberger). It states (in its final sentence) that, “if HR 3523 were presented to the President, his senior advisors would recommend he veto the bill.” As much discussed and pointed out in today’s House Rules Committee meeting, this language is not as strong as language that could have been inserted in the SAP to the effect that the President “will veto” the bill if it passes Congress. The bill is scheduled to be taken up on the House floor as early as tomorrow afternoon (with actual timing subject to when the Rules Committee issues a rule on amendments that will be in order). The vote on the amendments and bill are expected to conclude by Friday of this week, before the House begins a week-long recess next week.

Written by Paul Martino, Partner | Alston & Bird LLP

Cybersecurity Legislation: Votes Scheduled in House this Week ("Cyber Week")

April 23, 2012 | Posted by | Topic(s): US Congress, Legislation, The White House, Cybersecurity, Privacy, Senate, House of Representatives

The House will be considering on the floor this week (dubbed “Cyber Week”), the following four cybersecurity bills, as described by Speaker Boehner in a press release last Friday:

  • Cyber Intelligence Sharing and Protection Act (H.R. 3523), introduced by Intelligence Committee Chairman Mike Rogers (R-MI), will help private sector job creators defend themselves from attacks from countries like China and Russia by allowing the government to provide the intelligence information needed to protect their networks and their customers’ privacy. The bill also provides positive authority to private-sector entities to defend their own networks and to those of their customers, and to share cyber threat information with others in the private sector, as well as with the federal government on a purely voluntary basis.

Read More

House Republican Cybersecurity Task Force Releases Recommendations

October 5, 2011 | Posted by | Topic(s): US Congress, Legislation, Security Breach, The White House, Data Security, Cybersecurity, Data Breach

This afternoon the House Republican Cybersecurity Task Force announced a report containing its recommendations on federal cybersecurity legislation pursuant to a request by the House Republican leadership to examine four critical areas: critical infrastructure and incentives, information sharing and public-private partnerships, existing cybersecurity laws, and legal authorities.

Read More

White House Releases Cybersecurity Plan

May 25, 2011 | Posted by | Topic(s): Legislation, The White House, Data Security, Cybersecurity

Today the White House released its cybersecurity legislative proposal as required in the Cyberspace Policy Review and in response to a request from Senate Majority Leader Harry Reid (D-Nev.) and six other committee chairs. The fact sheets on the proposal may be found here and here.  Secretary of State Hilary Clinton's remarks may be found here and Attorney General Eric Holder's statement may be found here.

2010 Post-Election Advisory: Outlook for the 112th Congress

The preeminent privacy issue facing the House Energy and Commerce Committee, Senate Commerce Committee, Federal Trade Commission (“FTC”) and Department of Commerce during the 112th Congress will be defining the proper role of the federal government in setting and regulating consumer privacy standards for all businesses operating in the United States. At the forefront of this issue is whether Congress and Obama Administration departments and agencies can agree upon a general framework and legislative language to regulate the collection, use and disclosure of consumer data by businesses, whether they are operating exclusively online, exclusively offline or in both environments. “Every business that sells to consumers likely collects some data on them that they use to enhance their future product and service offerings in order to grow their revenue and expand their customer base. Over the past two years, Congress has been considering legislation that would establish new rules to regulate this important customer relationship, making consumer privacy legislation in the next Congress one of the key issues with broad applicability to businesses, and one issue to which executives will want to pay close attention,” observed former Senate Majority Leader Bob Dole.

Read More

Outlook for the 111TH Congress & President-Elect Barack Obama

November 6, 2008 | Posted by | Topic(s): Advisories, US Congress, Legislation, The White House, Privacy

In light of the significant changes taking place with the new Obama Administration and the new Congress, this advisory outlines some of the key legislative issues the Alston & Bird Legislative and Public Policy Group expects to be considered over the next two years.

The advisory is provided in PDF on the Alston & Bird web site: