Posts by: Keith Burney

DFARS and DIB: Compliance Steps for DoD’s Newly Finalized Cybersecurity Rules for Contractors

Department of Defense Finalized Cybersecurity Rules for Contractors and Other Awardees. The First rule amends the Defense Federal Acquisition Regulation Supplement and went into effect on October 21, 2016 (“DFARS Rule”). The other rule modifies the previously voluntary DoD cybersecurity information sharing program (“DIB Rule”) and is set to come into effect on November 3, 2016. Aerial view of the Pentagon, the Department of Defense headquarters in Arlington, Virginia

For businesses that work with the U.S. Department of Defense (“DoD”), two important rules for safeguarding certain categories of sensitive information and reporting cyber incidents were recently finalized, updating the interim rules promulgated in late 2015. The first rule amends the Defense Federal Acquisition Regulation Supplement (“DFARS Rule”) and went into effect on October 21, 2016.  The second rule modifies the previously voluntary DoD cybersecurity information-sharing program in connection with the Defense Industrial Base (“DIB Rule”) and went into effect on November 3, 2016.

We previously explained the changes brought about by the interim rules. Here, we explain what changed after the rules’ comment periods, and provide suggestions for compliance.

READ MORE

What Happens When My Company Receives a National Security Letter? A Primer.

Cyber Security Keyboard Button National Cybersecurity Awareness Month

Even today, most companies—even technology companies—do not think they have information that the U.S. Government wants or needs, particularly as it might relate to a national security investigation. The reality is that as terrorists and others who threaten national security use a broader spectrum of technology resources to communicate and to finance and conduct operations, the U.S. Government has significantly increased its collection of data from technology companies and others.

READ MORE

A Shifting Cybersecurity Landscape in the European Union

EU data privacy

Orrick Attorneys Aravind Swaminathan, Kolvin Stone and Christian Schröder recently discussed how impending changes to EU data privacy laws will fundamentally change how European companies respond in the face of a cyber attack or data breach.  The article examines the cyber threat landscape and suggests how EU companies should assemble the right individuals into an incident response team for dealing with a data breach.  Drawing on their experience managing client data breaches in the United States, the authors provide concrete strategies for EU companies to deal with a data breach—before, during, and after the event.  For more on how to prepare for the impending changes to EU data privacy laws, click here.