New Export Controls on Advanced Computing and Semiconductor Manufacturing: Five Key Takeaways

On October 25, 2023, the U.S. Department of Commerce Bureau of Industry and Security (BIS) published updated export controls on advanced computing items and semiconductor manufacturing equipment under the Export Administration Regulations (EAR). Specifically, BIS published two interim final rules that revise and expand on the restrictions implemented in the initial interim final rule issued on October 7, 2022 (October 7, 2022 rule).1

(more…)

Biden Administration Announces National Cybersecurity Strategy

On March 1, 2023, the Biden administration announced its long-awaited National Cybersecurity Strategy. The strategy is part of the administration’s efforts to bolster and modernize public and private responses to cybersecurity threats.

(more…)

Developments to Improve the Cybersecurity of Federal Government Agencies, Critical Infrastructure

Recently, several developments have been proposed or announced to help identify and mitigate cyber risk for United States critical infrastructure operators and software in an effort to further bolster the cybersecurity posture of the federal government. (more…)

U.S. Treasury Department Seeks Public Comment On Potential Federal Cyber Insurance Program

The U.S. Treasury Department is seeking public comment on the need and scope for a potential federal insurance response to catastrophic cyber incidents, akin to the one put in place for terrorism insurance after the attacks of September 11, 2001.

(more…)

U.S. FERC Proposes Revisions to Cybersecurity Incentives for Utilities

On September 22, 2022, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) regarding Incentives for Advanced Cybersecurity Investment, requesting comment on proposed revisions to regulations implementing the Federal Power Act (FPA). The revisions would provide incentive-based rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for certain voluntary cybersecurity investments. The NOPR was issued in response to a Congressional mandate set forth in the Infrastructure Investment and Jobs Act of 2021, which directed FERC to establish cybersecurity incentives that would encourage investments by utilities in advanced cybersecurity technology and participation in cybersecurity threat information sharing programs. This NOPR replaces a prior cybersecurity incentives NOPR from December 2020.

(more…)

U.S. Commerce Department Proposes Expansion of Information and Communications Technology and Services Review Process

On November 26, 2021, the U.S. Department of Commerce (Commerce) issued a notice of proposed rulemaking (Proposed Rule) implementing Executive Order 14034 on Protecting Americans’ Sensitive Data from Foreign Adversaries (EO 14034). The Proposed Rule would bring “connected software applications” into the scope of Commerce’s authority to review certain transactions involving information and communications technology and services (ICTS) in the U.S. supply chain and approve or prohibit such transactions or require mitigating measures.1

(more…)

A Software Primer For Attorneys After Cyber Executive Order

When President Joe Biden issued his major cybersecurity executive order on May 12, a White House press briefing said the order would invoke:

“the power of federal procurement to say, “If you’re doing business with us, we need you to practice really good — really good cybersecurity. And, most importantly, we really need you to focus on secure software development.” (more…)