In response to increasing concerns about cyber threats, there were several federal policy and legislative developments in 2017 aimed at improving U.S. cyber resiliency and strengthening national security. Many of the developments are focused on protecting the nation’s critical infrastructure in recognition of the fact that large-scale cyber-attacks have the potential to cripple an entire nation and worst case scenarios are no longer limited to privacy-related breaches on an individual level. There is growing awareness that, due to advances in technology, cyber-attacks can also jeopardize critical infrastructure operations and could potentially result in broad-scale catastrophic disruption or loss. In the absence of an overarching single piece of legislation or comprehensive approach, these varied federal initiatives have created a more complex patchwork of requirements, guidelines, and best practices regarding proper cyber risk assessment and mitigation. Further complicating the mix, several states are bolstering their own cyber readiness through legislation or other initiatives to provide additional layers of protections for their constituents. Although not yet tested in the courts, these new developments have the potential to re-shape the definitions of due diligence, reasonableness, and the appropriate standards of care necessary to drive down the risk of an attack that could have catastrophic effects.
Van Ness Feldman, LLP (VNF) recognizes that many of our clients, as stewards of critical infrastructure resources, are on the frontline in the fight against this new realm of threats to national security. Given the firm’s understanding of clients’ business models, VNF is aware that clients are not only concerned about customers’ and employees’ data privacy and information technology, but are also facing emerging concerns about protecting their operational technology from cyber threats. With that in mind, our goal is to help clients make sense of this complex web of obligations and recommendations by demystifying the policy, regulatory and statutory requirements, advising on best practices, and explaining the associated legal risks to enable clients to make sound business decisions that serve their customers and the public. As new initiatives and developments unfold, VNF is available to advocate for clients’ interests, and help shape the next round of policy, regulatory, and legislative changes.
To aid our clients and friends of the Firm in navigating this constantly evolving area of law and policy, we are pleased to provide a summary of major federal initiatives throughout 2017 and identify common developments and themes that will be helpful as clients plan for the year ahead.