Department of Commerce Seeks Public Comment on a Range of Broadband Infrastructure Issues Arising from the 2021 Infrastructure Investment and Jobs Act

Share

On the eve of the U.S. Senate’s confirmation of Alan Davidson as the new Administrator of the National Telecommunications and Information Administration (NTIA), NTIA published a request for public comments on January 10, 2022, on a range of broadband infrastructure issues, paving the way for Davidson’s reported top priority in his term. The request is the first of a series, which together are to establish three new NTIA programs under the appropriations from the November 2021 Infrastructure Investment and Jobs Act: the Broadband Equity, Access, and Deployment (BEAD) Program, the “Middle Mile Infrastructure” Program, and the Digital Equity Inclusion Program.

Continue reading “Department of Commerce Seeks Public Comment on a Range of Broadband Infrastructure Issues Arising from the 2021 Infrastructure Investment and Jobs Act”

U.S. Cybersecurity Officials Issue New Warning Regarding Threats to Critical Infrastructure

Share

On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint advisory, warning of an increasing cybersecurity threat posed by Russian state-backed threat actors to U.S. critical infrastructure.

Continue reading “U.S. Cybersecurity Officials Issue New Warning Regarding Threats to Critical Infrastructure”

Log4j Vulnerability Prompts Insurance Commissioners to Issue Guidance

Share

On December 11, 2021, the Cybersecurity and Infrastructure Security Agency, in partnership with the FBI and NSA, announced a critical remote code execution vulnerability had been identified in the Apache Log4j software library. This vulnerability allowed a successful threat actor to take control of a network system and cause a variety of damage, including the ability to launch ransomware, steal and destroy victim information, deploy malware, and disrupt internal and infrastructure operational control. Insurance regulators from four states have recently issued guidance in response to the threat, and it is likely more insurance commissioners will follow suit.

Continue reading “Log4j Vulnerability Prompts Insurance Commissioners to Issue Guidance”

Faegre Drinker on Law and Technology Podcast: All Things Cyber Insurance

Share

Cyber criminals are becoming increasingly sophisticated, and the costs to mitigate damage inflicted by a cyber breach are rising. With these threats in mind, cyber insurance has emerged as an attractive way for companies to mitigate risk. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with Faegre Drinker’s David Porteous, an authority on the securities regulations related to cybersecurity, and Conrad Deneault, a cyber insurance executive and provider of consultative risk management, to discuss cyber insurance, what it protects and how best to obtain it.

Continue reading “Faegre Drinker on Law and Technology Podcast: All Things Cyber Insurance”

Discerning Data Cyber Vulnerability Alert: Log4j

Share

According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library.

Read the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)’s guidance on the Log4j vulnerability here.

Continue reading “Discerning Data Cyber Vulnerability Alert: Log4j”

New York Department of Financial Services Issues New Guidance on Multi-Factor Authentication and Cybersecurity Frameworks

Share

With cyberattacks continuing to plague the financial services industry, the New York Department of Financial Services (NYDFS) recently released new guidance for regulated entities related to the use of Multi-Factor Authentication (MFA) and cybersecurity frameworks.

On December 7, 2021, NYDFS issued a formal Industry Letter entitled Guidance on Multi-Factor Authentication. According to the Industry Letter, MFA “is an essential part of cybersecurity hygiene . . . which is why it was one of the few technical controls explicitly required by” the NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (the Cybersecurity Regulation). However, the Industry Letter goes on to note that “MFA weaknesses are the most common cybersecurity gap exploited at financial services companies,” most often due to MFA “being absent, not fully implemented, or configured improperly.” Specifically, NYDFS noted that, from January 2020 to July 2021, more than 18.3 million consumers were impacted by cybersecurity incidents reported to NYDFS that were linked to an MFA failure.

Continue reading “New York Department of Financial Services Issues New Guidance on Multi-Factor Authentication and Cybersecurity Frameworks”