On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with the Joint Cyber Defense Collaborative (JCDC) to hold the federal government’s first tabletop exercise for “AI security incidents. JCDC led the exercise and, true to JCDC’s public-private partnership model, included over 50 participants from various government agencies and private-sector companies. For those […]
Cyber Risk
New York State Department of Health Revises Proposed Hospital Cybersecurity Regulations
In May 2024, the New York State Department of Health (“NYSDOH”) issued revisions to proposed regulations on hospital cybersecurity that it first released in November 2023. The proposed revised regulations are subject to public comment ending on July 1, 2024, and would apply to general hospitals licensed under Article 28 of the NYS Public Health […]
CISA Posts Notice of Proposed Rulemaking Under CIRCIA
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, see our prior advisory. CISA is required to issue a final rule by October 4, 2025. Who is required to report covered […]
FBI and CISA Warn of Chinese Cyberattacks on U.S. Critical Infrastructure
Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency and their counterparts in Australia, Canada, […]
National Cyber Security Centre Forecasts Upcoming Cyber Threats with AI Use for Attacks
On January 24, 2024, the U.K.’s National Cyber Security Centre (NCSC) released a new report, The near-term impact of AI on the cyber threat, detailing how Artificial Intelligence (AI) will impact the effectiveness of cyber operations for 2025 and beyond. According to the report, threat actors are already using AI in cyber attacks and the […]