Data Dive

Written and curated by a multidisciplinary group of attorneys, Data Dive delivers key insights on cybersecurity, privacy and other data-related topics impacting organizations across the globe.

Search This Blog by Keyword

Filter by Category

Search Results

Data Dive

January 26, 2023

On January 19, 2023, the Federal Energy Regulatory Commission (FERC or the “Commission”) issued a Final Rule directing the North American Electric Reliability Corporation (NERC) to file for FERC review new or modified Reliability Standards that require internal network security monitoring (INSM) within trusted Critical Infrastructure Protection (CIP) network environments for certain Bulk Electric System (BES) Cyber Systems.1 The Final Rule, as we described here when first proposed, targets a gap in the current NERC CIP Reliability Standards. Specifically, its main goal is to ensure that registered entities adopt INSM capable of addressing “situations where vendors or individuals with authorized access are considered secure and trustworthy but could still introduce a cybersecurity risk, as well as other attack vectors that can exploit this gap,”2 and to “increase the probability of early detection and allow for quicker mitigation and recovery from an attack.”3 Such was the style of the SolarWinds attack in 2020,4 which FERC said shows “how an attacker can bypass all network perimeter-based security controls traditionally used to identify the early phases of an attack” by leveraging the technology of a trusted vendor.5

...

Read More

Data Dive

May 2, 2022

On March 10, 2022, the U.S. Department of Transportation’s (DOT) National Highway Traffic and Safety Administration (NHTSA) issued a first-of-its-kind final rule updating occupant safety requirements to account for vehicles that lack the traditional manual controls associated with a human driver.1

...

Read More

Data Dive

Jan 6, 2022

Akin Gump published a client alert on January 6, which discusses that the Transportation Security Administration (TSA), within the Department of Homeland Security (DHS), announcing two new Directives (the Directives) on December 2, 2021 mandating cybersecurity measures for critical surface transportation systems. The Directives’ requirements cover owners and operators of high-risk freight railroads, passenger rail and transit. TSA also issued an information circular calling for low risk rail owners and operators and over the road bus owners and operators (those not covered by the first two Directives) to voluntarily adopt the same cybersecurity measures.

...

Read More