Advancing Cyber Podcast Episode 1 Available on Spotify & Apple
Episode 1: Blue Screens and Liability, Cyber and AI Regulation, and Disinformation Fails at the Olympics The CrowdStrike aftermath, the rise of AI regulations that can’t keep pace with technical change, and nation state actors testing and using AI in cyberattacks. In this premiere episode of Advancing Cyber, host Cristin Flynn Goodwin is joined by […]
White House Resets Direction for CIP
Published on May 28, 2024 via Claroty’s Nexus portal: White House Resets Direction for Critical Infrastructure Protection | Nexus (nexusconnect.io) President Biden recently issued a presidential memorandum that sets a new course for critical infrastructure protection in the United States. The National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22) comes at a time when, as […]
SEC Tightens “Materiality” Guidance for Cyber Reporting
On May 21, 2024, the SEC criticized the practice of the “non-material” materiality filing, asserting that “it could be confusing for investors if companies disclose either immaterial cybersecurity incidents or incidents for which a materiality determination has not yet been made under Item 1.05.” [1] The SEC is advising companies to discontinue the practice of […]
SEC’s Proposed AI Rule: A new baseline and a missed opportunity?
SEC’s Proposed AI Rule: Toward a new baseline against “business bias” and fraud, and a potential missed opportunity on cybersecurity Cristin Flynn Goodwin, Founder and Managing Partner, and Pamela Rubio, Legal Intern, and Student, University of Washington School of Law “Fraud is fraud, and bad actors have a new tool, AI, to exploit the public. […]
Good news in the fight against NSO Group and spyware
For all of us who have worked on or contributed to WhatsApp’s fight against NSO Group, today’s ruling against NSO comes as a surprise and a precedent to other mercenary spyware providers operating today. According to the Guardian’s summary of the Order: “Ultimately, however, she sided with WhatsApp in ordering the company to produce “all […]
Force majeure and cyber attacks
Apologies to all while I geek out on contract law for a moment. I recently had to accept an updated EULA from a vendor that I’m working with in support of Advanced Cyber Law, and because I’m a lawyer and I can’t help myself, sometimes I really DO read the fine print. The “fine print” […]
December 18, 2023 is SEC Reporting Day and the FBI is ready!
For those of us who have been tracking the SEC’s Cybersecurity reporting requirements that were issued this summer, they go into effect for all large publicly traded companies on Monday, December 18. In anticipation of that deadline, the FBI released a Policy Notice on Friday, December 8 that sets forth the steps that companies will […]
SEC and NYDFS for the Win
This fall has been extremely active in cybersecurity, with new benchmarks in both regulation and in enforcement. The SEC’s Cybersecurity Final Rule – a 186-page behemoth – had been released over the summer and in September we saw the first SEC filing when Clorox filed the first 8K announcing it had been the victim of […]
