Written by Michael Young
In remarks delivered earlier this month, U.S. Treasury Secretary Jacob Lew highlighted the dangers of “cyber intrusions” to financial institutions. Secretary Lew cited more than 250 cyber attacks against U.S. banks and credit unions since 2011, as well as recent hacks and credit card thefts against major retailers. “Cyber attacks on our financial system represent a real threat to our economic and national security,” said Secretary Lew.
To combat cyber attacks, Secretary Lew recommended that financial institutions adopt the NIST Cybersecurity Framework, stating that “every
[...] Read more
Written by Privacy & Data Security Team
The National Institute of Standards and Technology (“NIST”) has released the final version of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The Framework was developed by NIST at the direction of President Obama’s February 12, 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”).
The Framework largely retains the structure and components of the preliminary version of the Framework (a discussion of which can be found here), including (i) the Framework Core, (ii) the Framework
[...] Read more
Written by Privacy & Data Security Team
The Global Law Forum will host The Cybersecurity Law & Policy In-House Summit in Washington D.C. on January 14 and 15, 2014. The Summit will showcase panel discussions addressing a myriad of issues relevant to corporate counsel including establishing data breach response plans, understanding the cybersecurity insurance market, achieving Board of Directors and company buy-in on cybersecurity measures, as well as preparing for the upcoming final NIST Cybersecurity Framework and its potential to establish a new standard of care for liability. Special Assistant to President Obama and U.S. Cybersecurity
[...] Read more
Written by Kimberly Peretti
On October 22, 2013, the National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework (“Framework”), marking one of the final steps in creating the “voluntary” Framework envisioned in an Obama Administration Executive Order (EO) issued earlier this year. That EO, which was designed to strengthen the cybersecurity of the United States’ critical infrastructure, required NIST to work with the private sector to develop a cybersecurity Framework to reduce the risks from cyber attacks. The Framework is designed to identify beneficial
[...] Read more
Written by Privacy & Data Security Team
October 22, 2013, the National Institute for Standards and Technology (NIST) posted a preliminary cybersecurity framework (the “Framework”) on its website. The complete Framework had been expected to be unveiled earlier in October, but was delayed as a result of the federal government shutdown. For background on earlier activity with respect to the Framework, please see the following blog entries: White House Announces Creation of “Voluntary Program” to Encourage Adoption of Cybersecurity Framework, Provides Incentives for Joining, NIST Releases Discussion Draft of Framework for Improving
[...] Read more
Written by Privacy & Data Security Team
Ongoing efforts to finalize a framework for the development of voluntary cybersecurity standards for critical infrastructure industries continued in Dallas this week. NIST led a workshop with government and private sector officials to work through the details of the draft framework published on August 28th and required under Executive Order 13636. A formal proposal will be issued for comment next month and a final framework published early next year.
This week, NIST is specifically seeking input on implementation of the framework and ideas on its next iteration─a version 2.0. At this
[...] Read more
