On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of which was published in 2016. This most recent edition of this non-binding guidance leverages agency research, industry voluntary standards, and […]
Uncategorized
CISA Issues Request for Information Prior to Required CIRCIA Rulemaking
On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed by President Biden in March, CIRCIA requires CISA to develop and implement regulations requiring covered entities to report information about covered […]
Recent Exploits of Blockchain Bridges Highlight Need for Cybersecurity in Crypto and Risk of Liability
According to recent media reports there have been several instances of blockchain bridges being hacked this year, including reports on August 2 that a bridge lost close to $200 million to upwards of 40 hackers who exploited a bug in its protocol, and reports in June that another bridge lost $100 million from hackers allegedly […]
Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report
Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an increasingly relevant target for cyberattacks. Germany‘s Federal Criminal Police Office (Bundeskriminalamt or BKA) is the federal law enforcement agency charged with investigating cybercrime, and for coordinating federal-state cooperation in cybercrime matters. The BKA recently published […]
New Cybersecurity Rules In India Impose Strict Reporting Requirements and Steep Penalties
The Indian Computer Emergency Response Team (“CERT-In”) issued Directions on April 28, 2022 “to strengthen the cybersecurity in the country” and that has significant implications for the cybersecurity landscape. Effective June 27, 2022, the Directions, among other requirements, impose a strict 6-hour timeline for notice of a cybersecurity incident and expands the types of cybersecurity […]