administration says it has told moscow it expects the russian government to crack down on cyber criminals operating inside russia. there s an obligation on russia s part to make sure that that doesn t continue. this comes after the back-to-back russian ransomware attacks on colonial pipeline and jbs foods, which caused gas shortages and meat processing to shut down. it s not clear whether jbs paid a ransom while colonial paid $4.5 million to get back online, something the administration discourages. infrastructure actors, through close cooperation with the private sector, building an international coalition. reporter: press secretary jen psaki said the string of recent cyber attacks by both government and criminal hackers will be a topic at the president s summit in geneva in two weeks. meantime a white house official tells cnn they are looking at ways to require stronger cyber security standards for those companies that operate critical
Key Points
On Wednesday, May 12, 2021, President Biden issued EO 14,028, Improving the Nation s
Cybersecurity. The EO sets out an ambitious schedule of
reviews and rulemakings that portend significant changes in the
software and cybersecurity industries, particularly for government
contractors and cybersecurity and software solution providers. In
the view of the administration, these changes should be regarded as
the new normal of what will be considered reasonable
cyber and supply chain security practices applicable to the
government and potentially the private sector in other
industries and sectors.
Most importantly, the EO sets in motion a series of reviews and
rulemakings around two initiatives that will directly affect
Key Points
On Wednesday, May 12, 2021, President Biden issued EO 14,028, “Improving the Nation’s Cybersecurity.” The EO sets out an ambitious schedule of reviews and rulemakings that portend significant changes in the software and cybersecurity industries, particularly for government contractors and cybersecurity and software solution providers. In the view of the administration, these changes should be regarded as the new normal of what will be considered “reasonable” cyber and supply chain security practices applicable to the government and potentially the private sector in other industries and sectors.
Most importantly, the EO sets in motion a series of reviews and rulemakings around two initiatives that will directly affect certain government contractors and those who sell software and related services to U.S. federal agencies: enhancing and expanding cyber and supply chain incident reporting and threat information sharing (Section 2); and creating and enforcing softw
When asked by House Energy and Commerce Committee Chairman Frank Pallone Jr. (D-N.J.) during a hearing whether pipelines should be subject to similar strict mandatory security standards that the electric sector is, Granholm testified that the U.S. is currently “inadequate” on pipeline security.
“I think that this is an example potentially of that,” Granholm said of the attack on Colonial Pipeline. “If we had had standards in place, would this particular ransomware attack have been able to happen? You know, I’m not 100 percent sure.”
ADVERTISEMENT
“I do know that having good cyber hygiene on the private side as well as on the public side is a critical basic defense, and for entities that provide services to the public like that, especially critical services like energy, I think it’s an important consideration for this committee for sure,” she added.
To print this article, all you need is to be registered or login on Mondaq.com.
Only four months in and 2021 has already been a big year for
state cybersecurity safe harbor legislation. Two states, Utah
and Connecticut, have recently enacted or introduced a breach
litigation safe harbor to incentivize businesses to protect
personal information by adopting industry-recognized cybersecurity
frameworks such as the National Institute of Standards and
Technology s (NIST) Cybersecurity Framework and the Center for
Internet Security s (CIS) Critical Security Controls.
Utah
In March 2021, Utah became the second state, after Ohio, to adopt a cybersecurity safe
harbor statute for businesses impacted by a data breach.