On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, see our prior advisory. CISA is required to issue a final rule by October 4, 2025. Who is required to report covered […]
FBI and CISA Warn of Chinese Cyberattacks on U.S. Critical Infrastructure
Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency and their counterparts in Australia, Canada, […]
NYDFS Releases Circular Letter on Use of AI in Insurance Underwriting and Pricing
On January 17, 2024, the New York State Department of Financial Services (“NYDFS”) issued a proposed circular letter for comment regarding the “Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing” (the “Circular Letter”). The Circular Letter details NYDFS’ expectations and guidelines for the use of artificial […]
National Cyber Security Centre Forecasts Upcoming Cyber Threats with AI Use for Attacks
On January 24, 2024, the U.K.’s National Cyber Security Centre (NCSC) released a new report, The near-term impact of AI on the cyber threat, detailing how Artificial Intelligence (AI) will impact the effectiveness of cyber operations for 2025 and beyond. According to the report, threat actors are already using AI in cyber attacks and the […]
NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature
On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password without the assistance of help desk or IT professionals. The Industry Letter discusses the risks associated with the use of […]