On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” (“Framework”). Recognizing the severe consequences associated with disruption to the nation’s critical infrastructure, DHS released the framework to address certain risks associated with the use of AI […]
CISA, FBI, NSA, and International Partners Issue Joint Cybersecurity Advisory for Top Routinely Exploited Vulnerabilities in 2023
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”), the Federal Bureau of Investigation (“FBI”), National Security Agency (“NSA”) and certain international partners (including the Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre and New Zealand Computer Emergency Response Team, and the United […]
Congressional Research Service Report Sheds Light on October Telecommunications Attack by PRC-Linked Threat Actor
In early October 2025, several media outlets reported that United States telecommunications services had been infiltrated by state affiliated threat actors linked to the People’s Republic of China (“PRC”). These reports were followed by a joint press release on October 25, 2024 by the Federal Bureau of Investigation (“FBI”) and the Cybersecurity and Infrastructure Security […]
Combatting the New Insider Threat: North Korean IT Workers Posing as Remote Employees
The New York Department of Financial Services issued a cybersecurity advisory on November 1, 2024, regarding a growing threat posed by North Korean operatives seeking remote IT roles at U.S. companies. These operatives secure jobs at prominent companies, generate revenue for the regime, and have the potential to expose sensitive corporate data. These highly sophisticated […]
Summary of Changes from DoD CMMC Proposed Rule to Final Rule
On October 11, 2024, the Department of Defense (“DoD”) issued its Final Program Rule for the Cybersecurity Maturity Model Certification (“CMMC”) Program. The Final Rule is a signal to federal contractors to develop compliance programs pertaining to CMMC in advance of the implementation of CMMC (likely next year). The CMMC program is designed to ensure […]