On February 24, 2021, President Biden announced a new Executive Order on America’s Supply Chains. The Order provides for two key initiatives, including a 100-day review of the supply chains for certain vital products and a long-term review of supply chains in six different sectors of the U.S. economy, including the information and communications technology […]
National Security & Digital Crimes
U.S. Takes Part in Multinational Efforts to Disrupt Netwalker Ransomware and Emotet Malware
On January 27 and 28, 2021, the U.S. Department of Justice (DOJ) announced two successful operations to disrupt two different strains of malware, Netwalker ransomware and a banking Trojan known as Emotet, which have affected victims around the globe and caused millions of dollars in damage in recent years. The law enforcement actions against Netwalker and […]
Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
On January 12, 2021, Judge Boasberg (D.D.C.) ruled that a forensic report prepared for outside counsel following a cyber incident investigation was not protected under either attorney-client privilege or the work product doctrine. The investigation in question was run by outside counsel and the security firm had been retained by outside counsel. This decision is […]
Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]
SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the […]