On June 22, 2026, the White House released two Executive Orders (EOs) on quantum technologies: Securing the Nation Against Advanced Cryptographic Attacks (EO 14412) and Ushering in the Next Frontier of Quantum Innovation (EO 14413). Through the first EO, the White House seeks “to safeguard America’s most sensitive data, [U.S.] critical infrastructure, and the digital economy that drives jobs and growth.” (For further reading on this topic, our Post-Quantum Cryptography: A Practical Guide provides a high-level overview of steps organizations should consider to move toward post-quantum cryptography (PQC) to protect their systems.) The second EO, in comparison, seeks “to supercharge U.S. innovation in quantum technologies.” Together, these EOs reflect a continued U.S. government focus on core themes in the quantum space — security and innovation.
Continue Reading Trump Administration Releases Two Executive Orders on Quantum
Caleb Skeath
Caleb Skeath helps companies manage their most complex and highâstakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.
Caleb Skeath advises inâhouse legal and security teams on the full lifecycle of cybersecurity and privacy risk—from governance and preparedness through incident response, regulatory engagement, and followâon litigation. A Certified Information Systems Security Professional (CISSP), he is trusted by clients across highly regulated and technologyâdriven sectors to provide clear, practical guidance at moments when legal judgment, technical understanding, and business realities must be aligned.
Caleb has deep experience leading and overseeing responses to complex cybersecurity incidents, including ransomware, data theft and extortion, business email compromise, advanced persistent threats and state-sponsored threat actors, insider threats, and inadvertent data loss. He regularly helps inâhouse counsel structure and manage investigations under attorneyâclient privilege; coordinate with internal IT, information security, and executive stakeholders; and engage with forensic firms, crisis communications providers, insurers, and law enforcement. A central focus of his practice is advising on notification obligations and strategy, including the application of U.S. federal and state data breach notification laws and requirements along with contractual notification obligations, and helping companies make defensible, riskâinformed decisions about timing, scope, and messaging.
In addition to his work responding to cybersecurity incidents, Caleb works closely with clients’ legal, technical, and compliance teams on cybersecurity governance, regulatory compliance, and preâincident planning. He has extensive experience drafting and reviewing cybersecurity policies, incident response plans, and vendor contract provisions; supervising cybersecurity assessments under privilege; and advising on training and tabletop exercises designed to prepare organizations for realâworld incidents. His work frequently involves translating evolving regulatory expectations into actionable guidance for inâhouse counsel, including in highly-regulated sectors such as the financial sector (including compliance with NYDFS cybersecurity regulations, the Computer Security Incident Notification Rule, and GLBA guidelines and guidance) and the pharmaceutical and healthcare sector (including compliance with GxP standards, FDA medical device guidance, and HIPAA).
Caleb’s practice also addresses evolving and emerging areas of cybersecurity and data security law, including advising clients on compliance with the Department of Justice’s Data Security Program, CISAârelated security requirements for restricted transactions, and preparation for new regulatory regimes such as the CCPA cybersecurity audit requirements and federal incident reporting obligations. He regularly counsels clients on how artificial intelligence and connected devices intersect with cybersecurity, privacy, and consumer protection risk, and how to support innovation while managing regulatory exposure.
Caleb also has extensive experience helping clients navigate high-stakes cybersecurity-related inquiries from the Federal Trade Commission, state Attorneys General, and other sector-specific regulators, including incident-specific inquiries as well as broader inquiries related to an entity’s cybersecurity practices and the security of product or service offerings. For companies that have entered into cybersecurity-related settlement agreements with regulators, Caleb has helped guide them through compliance with settlement agreement obligations, including navigating required third-party assessments and strategically responding to cybersecurity incidents that can arise while a company is subject to a settlement agreement. Caleb also routinely works hand-in-hand with colleagues in Covington’s class action litigation, commercial litigation, and insurance recovery practices to prepare for and successfully navigate incident-related disputes that can devolve into litigation.
Five Eyes Cybersecurity Agencies Issue Statement Regarding AI-Related Shifts in Cybersecurity Risks, Urging Organizational Leaders to “Act Now”
On June 22, the leaders of the cybersecurity agencies in Australia, Canada, New Zealand, the UK, and the U.S. issued a joint statement calling for an “urgent” focus on cyber resilience in anticipation of “frontier AI models . . . exceed[ing] current industry expectations” and “fundamentally transforming both offensive and defensive cyber capabilities” within a timeline of “months.” The frontier AI models referenced in the statement are the latest generation of advanced AI models that are capable of identifying and exploiting security vulnerabilities, which may result in an increased cadence of cybersecurity intrusions and data loss. In light of the growing capabilities of these models, the statement encourages organizations to avoid treating cyber risk “as a purely technical issue” or an “IT issue” and instead take a “whole-of-organization” approach to cyber resilience that treats it as a “core business risk and leadership responsibility” that is “central to operational continuity and market trust.” The statement also proposes several “urgent” practical actions that organizations can take to reduce risk, many of which were also discussed in our recent client alert regarding key considerations for lawyers addressing cyber risks posed by frontier models.
Continue Reading Five Eyes Cybersecurity Agencies Issue Statement Regarding AI-Related Shifts in Cybersecurity Risks, Urging Organizational Leaders to “Act Now”CISA Releases Binding Operational Directive on Prioritizing Security Updates Based on Risk
On June 10, the Cybersecurity & Infrastructure Security Agency (CISA) released Binding Operational Directive (BOD) 26-04 on Prioritizing Security Updates Based on Risk and the accompanying Implementation Guidance. In releasing the BOD and Implementation Guidance, CISA noted that the documents are “part of CISA’s response to the current threat…
Continue Reading CISA Releases Binding Operational Directive on Prioritizing Security Updates Based on RiskWhite House Releases Executive Order on Advanced AI Innovation and Security
On June 2, 2026, the White House issued an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the “Order”). The Order reflects the Administration’s stated policy of advancing U.S. leadership in artificial intelligence (“AI”) while addressing national security risks associated with increasingly capable AI systems. To…
Continue Reading White House Releases Executive Order on Advanced AI Innovation and SecurityCISA Releases Guidance on the Careful Adoption of Agentic AI Services
Earlier this month, the Cybersecurity & Infrastructure Security Agency (CISA), in collaboration with the National Security Agency and other international partners, released guidance for organizations on adopting agentic artificial intelligence systems (i.e., systems composed of one or more agents that fundamentally rely on an AI model, such as an LLM…
Continue Reading CISA Releases Guidance on the Careful Adoption of Agentic AI ServicesCISA Announces Revised Schedule of Town Halls for CIRCIA Rulemaking
On May 26, 2026, the Cybersecurity & Infrastructure Security Agency (“CISA”), announced a revised schedule of virtual town halls as part of its rulemaking implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). These town halls were initially scheduled for March and April 2026 but were delayed by the lapse in funding for the Department of Homeland Security that ended on April 30, 2026, and are now scheduled to begin on June 15, 2026. The “specific topics of interest” CISA highlighted in its original announcement remain unchanged.
Continue Reading CISA Announces Revised Schedule of Town Halls for CIRCIA RulemakingWhite House Releases New National Cyber Strategy and Executive Order
On March 6, 2026, the Administration released “President Trump’s Cyber Strategy for America” alongside an Executive Order (entitled “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens”) and accompanying Fact Sheet. The framework set forth in the Strategy document is significantly shorter and higher-level than the prior…
Continue Reading White House Releases New National Cyber Strategy and Executive OrderCISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams
On January 28, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a new resource on Assembling a Multi-Disciplinary Insider Threat Management Team. The guidance is intended to assist critical infrastructure stakeholders, which includes private sector entities across various sectors, with implementing an insider threat mitigation program that combines physical security, cybersecurity, personnel awareness, and community partnerships. Although framed for critical infrastructure, CISA’s guidance is relevant to a broader range of organizations, including those outside of critical infrastructure sectors—a point echoed in Covington’s 2025 insider threat webinar series, discussed further below.
Continue Reading CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management TeamsCISA Announces Town Halls to Gather Input on CIRCIA Proposed Rule
Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) announced a series of public town hall meetings to solicit additional stakeholder input on the Notice of Proposed Rulemaking (“Proposed Rule”) implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which CISA published in April 2024.
Continue Reading CISA Announces Town Halls to Gather Input on CIRCIA Proposed RuleFTC Announces 10-Year Information Security Consent Orders with Illuminate Education and Illusory Systems
The Federal Trade Commission (FTC) recently announced that it agreed to proposed consent orders with two companies that experienced recent cybersecurity incidents, Illuminate Education (“Illuminate”) and Illusory Systems, which does business as Nomad (“Illusory”), to resolve allegations that both companies’ information security practices had violated Section 5 of the FTC…
Continue Reading FTC Announces 10-Year Information Security Consent Orders with Illuminate Education and Illusory Systems