The day before the recent federal government shutdown, a ten-year old cybersecurity law expired before it could be reauthorized. The Cybersecurity Information Sharing Act of 2015 (“CISA”) provided a mechanism for private companies to share information with the federal government about cyber threats in return for certain legal protections. CISA applied only when the information […]
United States, International Coalition Issue Joint Warning of Increasing PRC Backed Threat Activity
On August 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the United States Department of Defense Cyber Crime Center (DC3) issued a joint advisory (Advisory) highlighting increased cyber threat activity linked to People’s Republic of China (PRC) affiliated threat […]
CISA Gives Itself an Extension for Cyber Incident Reporting Rules
The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025 was pushed by six months to May 2026. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), passed in 2022, critical infrastructure entities […]
Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions
Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation (DBR). Although SB603 is closely modeled after the New York Department of Financial Services’ (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), SB603 introduces several […]
DOJ Settles Cyber Qui Tam Action Against Illumina for Allegedly Unsecured Genomic Sequencing Products
On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities and shortcomings in its genomic sequencing products. Of the total settlement, $1.9 million will be paid to the qui tam whistleblower who brought […]