On July 5, 2022, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the National Institute of Standards and Technology (“NIST”) strongly recommended that organizations begin preparing to transition to a post-quantum cryptographic standard. “The term ‘post-quantum cryptography’ is often referred to as ‘quantum-resistant cryptography’ and includes, ‘cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by” a CRQC (cryptanalytically relevant quantum computer) or a classical computer. NIST “has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks.” NIST does not intend to publish the new post-quantum cryptographic standard for commercial products until 2024 but urges companies to begin preparing now by following the Post-Quantum Cryptography Roadmap. Continue Reading CISA and NIST Urge Companies to Prepare to Transition to a Post-Quantum Cryptographic Standard
President Biden Signs Executive Order Aimed at Improving Government Cybersecurity
On May 12, the Biden Administration issued an “Executive Order on Improving the Nation’s Cybersecurity.” The Order seeks to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by modernizing federal networks, enhancing the federal government’s software supply chain security, implementing enhanced cybersecurity practices and procedures in the federal government, and creating government-wide plans for incident response. The Order covers a wide array of issues and processes, setting numerous deadlines for recommendations and actions by federal agencies, and focusing on enhancing the protection of federal networks in partnership with the service providers on which federal agencies rely. Private sector entities, including federal contractors and service providers, will have opportunities to provide input to some of these actions.
Continue Reading President Biden Signs Executive Order Aimed at Improving Government Cybersecurity
IoT Update: President Trump Signs IoT Cybersecurity Act of 2020 into Law
On Friday, December 4, 2020, President Trump signed the bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 into law. The IoT Cybersecurity Improvement Act empowers the National Institute of Standards and Technology (“NIST”) to create cybersecurity standards for internet-connected devices purchased and used by federal agencies. For more information on the law, please
Continue Reading IoT Update: President Trump Signs IoT Cybersecurity Act of 2020 into Law
IoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020
The bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 (S. 734, H.R. 1668) has passed the House and the Senate and is headed to the President’s desk for signature. The bill was sponsored in the House by Representatives Hurd (R-TX) and Kelly (D-IL), and in the Senate by Senators Warner (D-VA) and Gardner (R-CO). President Trump is expected to sign the measure into law.
Continue Reading IoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020
IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices
Earlier this month the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products, for public comment. NIST will accept public comments on the report through November 1, 2019.
Continue Reading IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices