June 27, 2022

Volume XII, Number 178

Advertisement
Advertisement

June 27, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Possible Cyberwarfare? Here’s How to Stay Armed.

On March 18, 2022, President Biden issued a letter to California Gov. Gavin Newsom (the “March 18th letter”) requesting that he secure California’s computer systems and critical infrastructure in light of recent Russian cyberattacks against Ukraine. President Biden advised  Newsom to gather his leadership team to discuss California’s cybersecurity and address several fundamental questions, including whether California’s Public Utility Commissions (or other California agencies) set minimum cybersecurity standards for California’s critical infrastructure.

President Biden further encouraged Newsom to promulgate the standards set forth in his May 2021 Executive Order, Improving the Nation’s Cybersecurity (the “May 2021 Executive Order”), to secure California’s computer systems and critical infrastructure.

Three days later, on March 21, 2022, the president issued a statement informing U.S. citizens that now is “a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience” (the “March 21st statement”). He averred that although the administration has made great efforts to strengthen U.S. national cyber defenses, they cannot achieve such an imperative goal alone. President Biden wrote that most of America’s critical infrastructure is owned and operated by the private sector and urged them to fortify their cyber defenses immediately.

The March 21st statement was accompanied by a Fact Sheet, where the administration encouraged private companies to employ specific actions to help protect U.S. critical services. Some of the suggested actions were included in the May 2021 Executive Order and March 18th letter. The most vital actions included:

  • Mandating multi-factor authentication on computer systems;

  • Deploying modern security tools on computers and devices;

  • Inquiring insight from cybersecurity professionals to ensure that systems are patched and protected against all known vulnerabilities;

  • Backing up data and ensuring that companies have offline backups;

  • Conducting exercises and drills of emergency plans;

  • Encrypting data;

  • Educating employees on how to detect cybersecurity events; and

  • Engaging proactively with a local FBI field office or a Cybersecurity and Infrastructure Security Agency’s (CISA) Regional Office to establish relationships in advance of cybersecurity events.

As emphasized in the March 18th letter and March 21st statement, state governments and private companies are currently at high risk for cyberattacks and should govern themselves accordingly. Taking this into consideration, companies operating in and around U.S. critical services and infrastructure should be aware of the administration’s comments and suggestions and should review their current cyber-defense protocols and procedures to ensure that the appropriate protections are in place. The CISA website provides helpful insight as to how private companies can help counter Russian cyberattacks.

© 2022 Bradley Arant Boult Cummings LLPNational Law Review, Volume XII, Number 123
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Brett Lawrence Associate Bradley Arant Boult Cummings LLP
Associate

Brett Lawrence is an associate in the Banking and Financial Services Practice Group who focuses his practice on data privacy and cybersecurity issues, insurance coverage, and other general and professional liability matters. He is a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals.

Prior to joining the firm, Brett was a law clerk to the Hon. Lucy Inman of the North Carolina Court of Appeals in Raleigh, where here he drafted opinions, edited co-clerks’ opinions and advised Judge Inman...

704-338-6135
Whitney J. Jackson Commercial Litigation Lawyer Bradley Arant Boult Cummings
Associate

Whitney Jackson’s practice focuses on commercial litigation, employment, and intellectual property matters.

Whitney earned her J.D. (cum laude) from the University of Mississippi School of Law, where she served as associate articles editor of the Mississippi Law Journal, senator of the Student Bar Association, and vice president of the Black Law Students Association. While in law school, Whitney interned with the legal departments of Fortune 500 companies, where she assisted senior management in researching and analyzing various legal compliance matters. Whitney...

601.592.9968
Advertisement
Advertisement
Advertisement