September 20, 2017, Inside Privacy

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead.  In terms of ranking priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against...… Continue Reading

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

August 22, 2017, Inside Privacy

On August 18, 2017, the Central Bank of Kenya (“CBK”) used its authority under Section 33(4) of the Banking Act to publish a Guidance Note on identifying and mitigating cyber risk.  The Guidance Note directs institutions licensed under the Banking Act (Cap. 488) (“Institutions”) to develop and implement a comprehensive set of program requirements to...… Continue ...

August 16, 2017, Inside Privacy

By Susan Cassidy, Jenny Martin, and Catlin Meade The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53.  NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on ...

August 7, 2017, Inside Privacy

On August 1, 2017, a bipartisan group of Senators introduced legislation (fact sheet) that would establish minimum cybersecurity standards for Internet of Things (“IoT”) devices sold to the U.S. Government.  As Internet-connected devices become increasingly ubiquitous and susceptible to evolving and complex cyber threats, the proposed bill attempts to safeguard ...

August 2, 2017, Inside Privacy

Last week, the U.S. Department of Justice (“DOJ”) released a voluntary framework for organizations to use in the development of a formal program to receive reports of network, software, and system vulnerabilities, and to disclose vulnerabilities identified in other organizations’ environments.  This framework provides private entities a series of steps to ...

August 2, 2017, Law360

Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.

July 28, 2017, Medtech Insight

Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...

July 15, 2017, Inside Privacy

As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500).  Among other things, the regulations require regulated entities to conduct cyber risk assessments and...… Continue ...

July 2, 2017, San Antonio Express-News

Susan Cassidy is quoted in a San Antonio Express-News article regarding new cybersecurity requirements for contractors. According to Cassidy, "Essentially, the DOD wants its contractors to protect its information, because the DOD is a huge target, and its contractors are also a target." Commenting on the fact that over the years, contractors have been working ...

June 14, 2017, Global Investigations Review

Jennifer Martin is quoted in a Global Investigations Review article discussing the SEC's response to the rising rates of cybercrime. “The cyber criminals go where the money is,” says Martin. “They’re constantly figuring out new ways to monetize information.” She adds that whether it’s extorting hospitals through ransomware or going after valuable healthcare ...

May 31, 2017, Daily Journal

May 26, 2017, Inside Privacy

The increasing connectivity of vehicles has raised questions about how to maintain the security of connected vehicles.  In response, the Cloud Security Alliance released on May 25, 2017 a 35-page research and guidance report on Observations and Recommendations on Connected Vehicle Security.  The Cloud Security Alliance is a not-for-profit organization dedicated ...

May 24, 2017, The Hill

Jennifer Martin is quoted by The Hill in an article regarding the increased focus by law enforcement on botnets and the threats they pose to national security. "One of the reasons botnets are growing in prevalence is the growth of the Internet of Things,” says Martin. “As more and more things are connected, you can expect more and more things to be compromised ...

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington

May 15, 2017, Inside Privacy

On May 11, 2017, President Trump signed an Executive Order titled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” (the “Order”).  The long-anticipated directive was issued months after the White House originally planned to release a cybersecurity order in February.  Since then, revised drafts of the order were circulated, ...

May 8, 2017, Inside Privacy

Among the many issues that can give rise to the initial uncertainty of responding to a significant cybersecurity incident is a failure by incident response team members to understand the perspectives and priorities of other stakeholders. But this complicating factor can readily be mitigated through cross-functional education and relationship building before an ...

May 3, 2017, Covington Alert

On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s Cybersecurity Law (“the Law”), which was promulgated on November 7, 2016 and will take effect on June 1, 2017 (the same date as the Measures).

May 2, 2017, Inside Privacy

Today, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here).  The issuance of the Measures marks a critical first step toward implementing China’s Cybersecurity Law ...

April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

March 30, 2017, Business Forums International Ltd.

March 4, 2017, ABA Insurance Coverage Litigation Committee CLE Seminar

March 2017, National Defense

March 2017, Pratt's Government Contracting Law Report

February 22, 2017, The Cybersecurity Law Report

Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to ...

February 7, 2017, Covington Alert

On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.

January 24, 2017, Law360

Mark Young, Jennifer Martin, and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance ...

January 17, 2017, Federal Contracts Report

Susan Cassidy is quoted in a Federal Contracts Report article regarding the fate of cybersecurity improvements made by the DoD under President Trump. According to Cassidy, “I would expect those to continue forward because I don't see a political will to say, ‘No you shouldn't protect this.’”  The nomination of former Sen. Dan Coats (R-Ind.) to serve as director ...

January 6, 2017, PaymentsCompliance

Jennifer Martin is quoted in a PaymentsCompliance article regarding revisions to “first-in-nation” cybersecurity rules made by New York financial regulators following industry backlash. According to Martin, third-party service due diligence requirements had been clarified to “narrow and more clearly describe the regulation’s applicability to vendors.” 

January 4, 2017, Covington Alert

President Obama announced several actions on December 29 to respond to Russian cyber operations that the U.S. intelligence community previously had concluded were intended to influence the U.S. presidential election. Specifically, the President revised and expanded an earlier executive order that blocks the property and interests in property of persons that engage in significant malicious cyber-enabled activities, and designated 5 Russian entities and 6 Russian individuals for sanctions pursuant to the revised and expanded order. The President also released a report by the U.S. Department of Homeland Security (“DHS”) and Federal Bureau of Investigation (“FBI”) containing declassified information attributing cyber attacks to Russia, expelled 35 Russian diplomats, and barred Russian access to two compounds in the United States. Additionally, today, the U.S. Commerce Department added the five designated Russian entities involved in Russia’s election-related cyber operations to the Entity List, which prohibits the export, reexport, or transfer of any item subject to the U.S. Export Administration Regulations (“EAR”) to the listed entities, absent Commerce Department licensing. Although these actions are politically significant, they do not expand the U.S. sectoral sanctions against Russia and should have a limited near-term economic effect.

November 2, 2016

NEW YORK—The National Law Journal has named Covington’s Jennifer Martin as one of its “Cybersecurity & Data Privacy Trailblazers.” The list profiles 50 lawyers “who have helped make a difference in the fight against criminal cyberactivity and towards adding much needed layers of data security in an increasingly digital world of commerce.” Ms. Martin has worked ...

October 20, 2016, Covington Alert

On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to certain large, interconnected financial entities (“covered entities”) as well as the third parties that provide services (“covered services”) to such entities.

August 5, 2016, ABA Journal

Jennifer Martin participated in the American Bar Association’s Annual Meeting and is quoted in an ABA Journal article regarding effective cybersecurity in today’s current threat environment. Martin discussed the importance of concentrating on developing an incident response program. “More and more companies have plans, but the devil is really in the details. She ...

July 27, 2016, Global Investigations Review

Stephen Surdu and James Garland are quoted in a GIR article regarding Surdu’s arrival to Covington as a Senior Cybersecurity Advisor. “In the fog of war, companies do not think clearly,” Surdu says. “They want to do the right thing, but they do not quite know what that is. As someone who has handled many cybersecurity investigations, I can help calm the ship.” ...

July 25, 2016, Covington Alert

Search warrants served on U.S. Internet companies and cloud service providers cannot obtain customer data stored overseas, the U.S. Court of Appeals for the Second Circuit ruled on July 14. The federal appellate decision focuses on warrants issued under the federal Electronic Communications Privacy Act (“ECPA”) and formally applies only in the Second Circuit, but will be important precedent nationwide as courts, law enforcement, and industry grapple with the extraterritorial reach of U.S. legal process. The decision affects not only providers of cloud-based services that are subject to compulsory process under ECPA, but also individuals and companies that store data with U.S. technology companies. The decision, which the government may seek to appeal, could also spur congressional action addressing the extraterritorial reach of U.S. legal process and law enforcement’s access to data in cross-border investigations.

July 21, 2016, Law360

David Fagan and Stephen Surdu are quoted in a Law360 article regarding the launch of Covington’s new Cybersecurity Incident Response Team in conjunction with the arrival of Surdu and Jenny Martin. According to Fagan, “We’re a big firm with clients that span the globe. They can’t control when they have incidents, and you can get calls on a Friday afternoon from ...

July 18, 2016

WASHINGTON—Covington has formed an enhanced team of lawyers and advisors to provide cybersecurity incident response services to clients, highlighted by Stephen Surdu, who formerly led the professional services group of Mandiant, joining the team as a Senior Cybersecurity Advisor.  Through the formation of the Cybersecurity Incident Response Team with members on ...

July 18, 2016, The American Lawyer

James Garland and Steve Surdu are quoted in an American Lawyer article regarding the launch of Covington’s Cybersecurity Incident Response Team, highlighted by Surdu’s recent arrival as a Senior Cybersecurity Advisor. According to Garland, "The lawyers that do the interviews and oversee the forensic investigation, we're experienced but we're not engineers." He ...

July 7, 2016, Covington Alert

The Brazilian financial industry has long been a target of cyber criminals, and with the continued growth of sophisticated online banking services in Brazil, such systems are a prime target for organized crime. In addition, among the emerging BRICS countries (Brazil, Russia, India, China, and South Africa), Brazil is on a par with China and Russia in terms of internet usage by the population; of particular note is the widespread use of social media and mobile devices. Given this ubiquitous connectedness, users and companies are regularly targeted by online attackers, primarily for financial gain, but also increasingly to commit cyber espionage and hacktivist disruptions.

June 21, 2016, Webinar

May 3, 2016

NEW YORK — Jennifer Martin has joined Covington’s Data Privacy and Cybersecurity practice. She most recently served as the Director of Cyber Incident Response & Investigations at Symantec. “Jennifer has worked at the intersection of law and cybersecurity from almost every vantage point over the past 15 years,” said David Fagan, who leads Covington’s cyber and ...

May 2, 2016, Law360

May 2016, National Defense Magazine

April 8, 2016, Covington Alert

On April 6, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request for Comment (RFC) seeking public feedback on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT).

NTIA issued the RFC as part of the Commerce Department’s Digital Economy Agenda, which, among other things, is meant to identify and address leading public policy and operational challenges in the Internet ecosystem. Noting that thus far no U.S. government agency has taken a holistic, ecosystem-wide view that identifies opportunities and addresses the risks of IoT across the digital economy, NTIA explained that it is seeking broad input from all interested stakeholders and will use that input to draft a “green paper” on key IoT issues. Comments are due on or before 5 p.m. Eastern Time May 23, 2016.

March 2016, Cyber Security Law & Practice

February 19, 2016, Law360

Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks.  According to Young, any discovered incidents can give buyers pause on how  — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...

January 12, 2016, Covington Alert

December 2015, Privacy & Data Protection

October 13, 2015

WASHINGTON, DC, October 13, 2015 - Covington addresses the critical issue of how to manage risks associated with third-party outsourcing in Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. Published in collaboration with Palo Alto Networks and the New York Stock Exchange, the book provides boards, executives and ...

October 6, 2015, Covington Alert

October 2015, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers

September 2015, Bloomberg BNA World Data Protection Report

August 27, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 13, 2015, Inside Cybersecurity

Susan Cassidy was quoted in this article.

August 12, 2015, The Cybersecurity Law Report

August 11, 2015

WASHINGTON, DC, August 11, 2015  —The Los Angeles Business Journal has named Covington partner and former federal prosecutor Daniel Shallman to its list of the city’s “Most Influential Lawyers” in the white collar and cyber practice areas. In selecting Mr. Shallman, the publication noted that he has handled “a string of impressive matters” since joining the firm ...

August 2015, Bloomberg BNA World Data Protection Report

July 17, 2015, Webinar

July 13, 2015, China Law & Practice

July 10, 2015, Covington Alert

July 2, 2015, Covington Alert

June 12, 2015, InsidePrivacyBlog

June 9, 2015, InsideCounsel

May 12, 2015, Inside Counsel

May 2015, Privacy Laws & Business UK Report

March 13, 2015, CDR News

March 12, 2015, InsideCounsel

March 9, 2015, The National Law Journal

February 28, 2015, InsidePrivacy Blog

February 19, 2015, Inside Counsel

February 2015, Bloomberg BNA World Data Protection Report

January 2015, Regulatory Rapporteur

November/December 2014, E-Commerce Law Reports

October 10, 2014, InsideMedicalDevices Blog

2014, Data Protection and Privacy Law (2nd Edition, Thomson Reuters)

June 2014, E-Commerce Law & Policy

May 14, 2014, InsidePrivacy Blog

April 8, 2014, InsidePrivacy Blog

April 2014, West Briefing Papers

November 27, 2013, Covington E-Alert

October 24, 2013, Covington E-Alert

October 8, 2013, Law360

April 25, 2013, Law360

April 2013, World Data Protection Report

May 21, 2012, Corporate Counsel

May 2010, Privacy Law & Business

October 2009, The Privacy Advisor

November 24, 2008, Covington E-Alert