Blog and News
Good news in the fight against NSO Group and spyware
For all of us who have worked on or contributed to WhatsApp’s fight against NSO Group, today’s ruling against NSO comes as a surprise and a precedent to other mercenary spyware providers operating today. According to the Guardian’s summary of the Order: “Ultimately, however, she sided with WhatsApp in ordering the company to produce “all
Force majeure and cyber attacks
Apologies to all while I geek out on contract law for a moment. I recently had to accept an updated EULA from a vendor that I’m working with in support of Advanced Cyber Law, and because I’m a lawyer and I can’t help myself, sometimes I really DO read the fine print. The “fine print”
Don’t call it an incident – yet
This is a post that I wrote for Claroty and is available on their website at: Don’t Call it an Incident–Yet: Managing Liability in a New Era of Incident Reporting and Compliance | Nexus (nexusconnect.io) When a cyber crisis strikes, a call comes in about a potential cybersecurity issue to a company’s incident response (IR)
December 18, 2023 is SEC Reporting Day and the FBI is ready!
For those of us who have been tracking the SEC’s Cybersecurity reporting requirements that were issued this summer, they go into effect for all large publicly traded companies on Monday, December 18. In anticipation of that deadline, the FBI released a Policy Notice on Friday, December 8 that sets forth the steps that companies will
SEC and NYDFS for the Win
This fall has been extremely active in cybersecurity, with new benchmarks in both regulation and in enforcement. The SEC’s Cybersecurity Final Rule – a 186-page behemoth – had been released over the summer and in September we saw the first SEC filing when Clorox filed the first 8K announcing it had been the victim of
Cyber Policy Turns 25
Today is the 25th anniversary of the modern era of cybersecurity policy as we know it. On May 22, 1998, President Clinton released Presidential Decision Directive 63, which set in place some important priorities we’re still chasing today. In my opinion, it is the foundation of critical infrastructure protection, a government commitment to reduce vulnerabilities,
