Tag Archives: critical infrastructure

UK Government Proposes Cybersecurity Law with Serious Fines

Earlier this month, the UK Government published a consultation on plans to implement the EU Directive on security of network and information systems (the “NIS Directive”, otherwise known as the Cybersecurity Directive).  The consultation includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or … Continue Reading

China Seeks Public Comments on Draft Regulation on Cross-Border Data Transfer

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here).  The comment period ends on May 11, 2017. The issuance of the long-anticipated Draft Measures … Continue Reading

EU Cyber Security Directive To Enter Into Force In August

The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year.  Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading

DHS Announces Reconsideration Process for “Critical Infrastructure at Greatest Risk”

Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directed the Secretary of Homeland Security to identify “critical infrastructure at greatest risk” within 150 days after issuance of the Order on February 12, 2013.  Section 9 of the Order specified that the Secretary, in consultation with sector-specific agencies, should “use a risk-based approach to identify critical … Continue Reading

GSA Seeks Comments on Implementation of GSA/DOD Cybersecurity Joint Report Recommendations

By Susan B. Cassidy On March 12, 2014, General Services Administration (“GSA”) issued a Request for Information (“RFI”) to obtain stakeholder input on implementing the recommendations contained in the joint GSA and Department of Defense (“DOD”) report, Improving Cybersecurity and Resilience through Acquisition (“Joint Report”), issued on January 23, 2014. The Joint Report and, in … Continue Reading

European Parliament Votes to Ensure that the Proposed Network and Information Security Directive Focuses on Protecting Critical Infrastructure

It has been an eventful week in the European Parliament in relation to data privacy and security matters.  Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive.  In … Continue Reading

NIST Releases Preliminary Cybersecurity Framework

Today the National Institute of Standards and Technology (“NIST”) issued a discussion draft of a “Preliminary Cybersecurity Framework.” Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity tasked NIST with developing a “Cybersecurity Framework” “to reduce cyber risks to critical infrastructure.”  The Order specifies that the Framework must “provide a prioritized, flexible repeatable, performance-based, and cost-effective … Continue Reading
LexBlog