The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Executive Orders

  • From Vol. 3 No.10 (May 17, 2017)

    Executive Order on Cybersecurity Signed Amidst Massive Worldwide Ransomware Attack

    Shortly before a massive ransomware attack that affected over 100 countries – reportedly the result of hackers exploiting a Microsoft Windows vulnerability through leaked tools developed by the NSA – President Trump signed an executive order on cybersecurity that, among other things, directs agency heads to produce various reports on cybersecurity risks. While it does not address ransomware specifically, the order will build cybersecurity into the mission of federal agencies, Ari Schwartz, Venable’s managing director of cybersecurity services, and former member of the White House National Security Council, where he served former Special Assistant to President Obama and Senior Director for Cybersecurity, told The Cybersecurity Law Report. See “Presidential Commission Recommends Ways For Public and Private Sectors to Improve Cybersecurity” (Dec. 14, 2016).

    Read Full Article …
  • From Vol. 2 No.25 (Dec. 14, 2016)

    Presidential Commission Recommends Ways For Public and Private Sectors to Improve Cybersecurity 

    Cybersecurity has been a focus of the current administration. To look beyond the current term, however, a nonpartisan commission appointed by President Obama recently issued an extensive report recommending short- and medium-term actions for the Trump administration and the private sector to take over the next five years to improve cybersecurity, while protecting privacy, fostering innovation and ensuring economic and national security. See also “White House Lays Out Its Broad Cybersecurity Initiatives” (Feb. 17, 2016) and “Gibson Dunn Attorneys Discuss the Impact of Obama’s Executive Order Creating New Tools to Fight Cyber Attacks” (May 6, 2015).

    Read Full Article …
  • From Vol. 2 No.23 (Nov. 16, 2016)

    WilmerHale Attorneys Explain the Evolving Cybersecurity Environment of the Energy Sector

    Congress and federal agencies have dramatically strengthened cybersecurity requirements and authorities in the energy sector in recent years, with additional efforts underway. WilmerHale attorneys Jonathan Cedarbaum, Jason Chipman and Nathaniel Custer detailed these governmental efforts in an interview with The Cybersecurity Law Report, and discussed how the energy sector is responding to the changes. See also “How the American Energy Industry Approaches Security and Emphasizes Information Sharing” (Mar. 2, 2016).

    Read Full Article …
  • From Vol. 2 No.23 (Nov. 16, 2016)

    Navigating U.S. and E.U. Cybersecurity Requirements

    Complicating cybersecurity’s rapidly evolving legal landscape is the lack of any single government or regulatory entity providing umbrella legislation or universal legal guidance. At a recent PLI program, Paul Tiao and Adam Solomon, a partner and associate, respectively, in Hunton & Williams’ global privacy and cybersecurity practice, examined the existing framework, steps that led there, and recent changes in cybersecurity’s legal landscape, both in the U.S. and in the E.U. See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?” (May 20, 2015).


    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance

    The borderless nature of cyberspace demands adequate global security and governance, and companies must protect their data across jurisdictions. At the recent 2016 RSA Conference, experts explored the challenges of global cybersecurity and governance; identified key efforts to address these issues; provided nine practical steps companies should be taking now to protect themselves; and examined the cybersecurity laws of 13 countries. The panel featured Alan Charles Raul, a Sidley Austin partner; John Smith, Raytheon vice president, legal, cybersecurity and privacy; and Michael Sulmeyer, director of the Cyber Security Project at Harvard Kennedy School’s Belfer Center. See also “Deal Struck to Maintain the Transatlantic Data Flow” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.4 (Feb. 17, 2016)

    White House Lays Out Its Broad Cybersecurity Initiatives

    “Bold action is required to secure our digital society and keep America competitive in the global digital economy,” the White House said as it unveiled the Cybersecurity National Action Plan (CNAP). On February 9, 2016, the president signed two Executive Orders – one creating a commission on cybersecurity and one forming a federal privacy council – and included in his proposed budget a 35% increase in cybersecurity spending to, among other things, boost hiring of security experts (including a federal CISO) and synchronize technology across the federal government. “CNAP really boils down to information security principles that the private sector has had drummed into it for years: don’t use outdated, insecure systems and technology; use secured access such as MFA; hire the best and most skilled information security professionals you can afford; and share your experiences, good and bad, to develop best practices,” Evan D. Wolff, a partner at Crowell & Moring, said. See also “Opportunities and Challenges of the Long-Awaited Cybersecurity Act of 2015” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.2 (Jan. 20, 2016)

    What OFAC’s New Cyber-Related Sanctions Regulations Mean for Companies

    The U.S. government opened 2016 with new regulations to respond to and deter cyber attacks on it. On December 31, 2015, the U.S. Treasury Department’s Office of Foreign Assets Control issued regulations requiring the blocking of any assets of, and prohibiting transactions with, perpetrators of malicious cyber-enabled activities. The regulations reflect the “Obama Administration’s recognition that cyber attacks and espionage are a real concern to the U.S. national security and economy,” Joseph Moreno, a Cadwalader partner and former federal prosecutor in the Counterterrorism Section of the DOJ’s National Security Division, told The Cybersecurity Law Report. He and other experts suggested steps companies can take to avoid running afoul of these new regulations and shared insights on what is to come. See also “Gibson Dunn Attorneys Discuss the Impact of Obama’s Executive Order Creating New Tools to Fight Cyber Attacks” (May 6, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    How the Department of Commerce Can Help Companies Address Cybersecurity and Corruption Concerns

    The U.S Department of Commerce, the agency tasked with promoting the interests of U.S. businesses both domestically and abroad, may not be the first agency that comes to mind when thinking about cybersecurity, but it can assist companies with their cybersecurity programs as well as in other compliance areas, such as anti-corruption.  During the Society for Corporate Compliance and Ethics’ 2015 Compliance and Ethics Institute, Justin Antonipillai, Acting General Counsel at the Commerce Department, spoke about the Department’s role in cybersecurity and FCPA enforcement and highlighted how the Department can help companies with various compliance concerns.  We summarize the key takeaways from his presentation.

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part One of Two)

    Two senior-level executives in the financial industry, leading cybersecurity experts, recently offered their views on how they are balancing the lure of new technology with the associated risks.  In this article, the first in a two-part series covering the PLI program “Cybersecurity 2015: Managing the Risk,” Jenny Menna, the cybersecurity partnership executive at U.S. Bancorp and Greg Temm, vice president for information security at MasterCard, and responsible for MasterCard’s cyber intelligence program, address: the current cyber landscape; the most pressing threats across industries; and how the government, regulators and private companies are responding to those threats.  In the second article, they tackle mitigating cybersecurity risk, including industry projects geared toward improving the overall cybersecurity ecosystem; and tips for avoiding cyber threats at work and home.  See “The SEC’s Updated Cybersecurity Guidance Urges Program Assessments,” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015).

    Read Full Article …
  • From Vol. 1 No.12 (Sep. 16, 2015)

    How the Legal Industry Is Sharing Information to Combat Cyber Threats

    “There’s only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners,” President Obama said earlier this year.  Private efforts and proposed legislation are promoting increased information-sharing within industries, across sectors and between industry and government, and assuaging fears companies may have about participating.  The legal industry is working with Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit organization founded in 1999, to establish its own group, the Legal Services Information Sharing and Analysis Organization.  Cindy Donaldson, FS-ISAC’s vice president of products and services, discussed with The Cybersecurity Law Report how the organization, which is also working with the real estate and retail sectors, operates.  See also “Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients,” The Cybersecurity Law Report, Vol. 1, No. 5 (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 1 No.7 (Jul. 1, 2015)

    Coordinating Legal and Security Teams in the Current Cybersecurity Landscape (Part One of Two)

    As cybersecurity concerns permeate every industry, it becomes increasingly urgent for lawyers across disciplines to understand the most pressing threats and shifting regulatory landscape; help shape and direct the responses; and be able to effectively communicate and collaborate with technical security efforts.  In this first article in our two-part coverage of a recent panel at PLI’s Sixteenth Annual Institute on Privacy and Data Security Law, Lisa J. Sotto, managing partner of Hunton & Williams’ New York office and chair of the firm’s global privacy and cybersecurity practice, discusses the current cyber threat landscape and the relevant laws and rules.  See “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).  The second part will detail her advice on preparing for and responding to a cyber incident and will include insight from her co-panelist Vincent Liu, a partner at security consulting firm Bishop Fox, on how security and legal teams can effectively work together throughout the process. 

    Read Full Article …
  • From Vol. 1 No.3 (May 6, 2015)

    Gibson Dunn Attorneys Discuss the Impact of Obama’s Executive Order Creating New Tools to Fight Cyber Attacks

    On April 1, 2015, President Obama issued an Executive Order declaring that the threats caused by “malicious cyber-enabled activities” had created a state of national emergency.  The order launches a sanctions program targeting foreign cyber attackers, allowing regulators to freeze assets and bar financial transactions, among other things.  Gibson, Dunn & Crutcher partners Alexander Southwell, Judith Lee, Jose Fernandez and associates Stephenie Gosnell Handler and Eric Lorber discussed the impact of this important order and these new tools with The Cybersecurity Law Report.

    Read Full Article …