Advancing Cyber Podcast Episode 1 Available on Spotify & Apple
Episode 1: Blue Screens and Liability, Cyber and AI Regulation, and Disinformation Fails at the Olympics The CrowdStrike aftermath, the rise of AI regulations that can’t keep pace with technical change, and nation state actors testing and using AI in…
White House Resets Direction for CIP
Published on May 28, 2024 via Claroty’s Nexus portal: White House Resets Direction for Critical Infrastructure Protection | Nexus (nexusconnect.io) President Biden recently issued a presidential memorandum that sets a new course for critical infrastructure protection in the United States….
SEC Tightens “Materiality” Guidance for Cyber Reporting
On May 21, 2024, the SEC criticized the practice of the “non-material” materiality filing, asserting that “it could be confusing for investors if companies disclose either immaterial cybersecurity incidents or incidents for which a materiality determination has not yet been…
SEC’s Proposed AI Rule: A new baseline and a missed opportunity?
SEC’s Proposed AI Rule: Toward a new baseline against “business bias” and fraud, and a potential missed opportunity on cybersecurity Cristin Flynn Goodwin, Founder and Managing Partner, and Pamela Rubio, Legal Intern, and Student, University of Washington School of Law…
Good news in the fight against NSO Group and spyware
For all of us who have worked on or contributed to WhatsApp’s fight against NSO Group, today’s ruling against NSO comes as a surprise and a precedent to other mercenary spyware providers operating today. According to the Guardian’s summary of…
Force majeure and cyber attacks
Apologies to all while I geek out on contract law for a moment. I recently had to accept an updated EULA from a vendor that I’m working with in support of Advanced Cyber Law, and because I’m a lawyer and…
Don’t call it an incident – yet
This is a post that I wrote for Claroty and is available on their website at: Don’t Call it an Incident–Yet: Managing Liability in a New Era of Incident Reporting and Compliance | Nexus (nexusconnect.io) When a cyber crisis strikes,…
December 18, 2023 is SEC Reporting Day and the FBI is ready!
For those of us who have been tracking the SEC’s Cybersecurity reporting requirements that were issued this summer, they go into effect for all large publicly traded companies on Monday, December 18. In anticipation of that deadline, the FBI released…
SEC and NYDFS for the Win
This fall has been extremely active in cybersecurity, with new benchmarks in both regulation and in enforcement. The SEC’s Cybersecurity Final Rule – a 186-page behemoth – had been released over the summer and in September we saw the first…
Cyber Policy Turns 25
Today is the 25th anniversary of the modern era of cybersecurity policy as we know it. On May 22, 1998, President Clinton released Presidential Decision Directive 63, which set in place some important priorities we’re still chasing today. In my…