Almost two years after seeking stakeholder input about a final rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) announced that it will hold virtual town hall meetings for certain industry sectors in March and April 2026 to solicit additional input on the Notice […]
Cybersecurity
New Jersey Expands HIPAA-Based Exemptions Under Its Comprehensive Privacy Law
On January 20, 2026, the New Jersey Governor signed Assembly Bill A5017 (“Amendment”), amending the New Jersey Data Protection Act (“NJDPA”). The Amendment exempts data that is not protected health information (“non-PHI”) from the NJDPA when it is handled by covered entities or business associates in accordance with the privacy and security requirements of the […]
FBI Launches Operation Winter SHIELD in Effort to Advance Cyber Resilience Across Critical Sectors
On January 28, 2026, the Federal Bureau of Investigation (FBI) announced the launch of Operation Winter SHIELD, a coordinated initiative designed to promote adoption of core defensive measures that are shown to mitigate common intrusion vectors. Operation Winter SHIELD identifies ten priority actions the FBI views as important in improving organizational cyber resilience. The FBI […]
European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act
On December 3, 2025, the European Commission published its first set of technical FAQs on the EU Cyber Resilience Act (‘CRA’). The CRA is an EU-wide law which lays down cybersecurity requirements for ‘products with digital elements’ (‘PDEs’), including IoT devices, hardware components, and certain software. It becomes fully applicable on December 11, 2027, with […]
DOJ Cybersecurity Enforcement Pace Shows No Signs of Slowing Down Going Into 2026
As 2025 drew to a close, the United States Department of Justice (DOJ) announced significant developments in cases relating to the allegedly deficient cybersecurity practices of two Department of Defense (DoD) contractors. These two cases suggest that the federal government will continue to make DFARS 7012 compliance for companies that process Controlled Unclassified Information (CUI) […]