Insights

Professional

Practice

Industry

Region

Firm News 9 results

Firm News | 4 min read | 06.24.24

Crowell Earns Top Rankings from Legal 500 United States 2024

Washington – June 24, 2024: Crowell & Moring has been recommended in eight practice areas in the 17th edition of the Legal 500 United States. In addition, partner Daniel Forman, co-chair of the firm’s Government Contracts Group, has been named to the Legal 500’s “Hall of Fame” for Government Contracts.

...

Firm News | 4 min read | 06.04.24

ArmorText and Crowell & Moring Release New Open Source Cybersecurity Tabletop Exercises

MCLEAN, Va., June 4, 2024 - ArmorText, which safeguards communication for organizations worldwide, and the international law firm of Crowell & Moring LLP today released an update to their tabletop exercise guide, making new exercise scenarios publicly available under a Creative Commons license. The new Cyber Resilience: Incident Response Tabletop Exercises Q2 2024 addresses urgent challenges facing executives, including disruptive attacks by increasingly sophisticated criminal actors with well-publicized recent examples, as well as increasingly complex regulatory obligations.

...

Firm News | 4 min read | 10.18.23

New Cyber Resilience Guide Helps Executives Strengthen Cybersecurity

Today, ArmorText, a leading secure out-of-band communications platform, and the international law firm of Crowell & Moring released an innovative guide, Cyber Resilience: Incident Response Tabletop Exercises 2023. Written for C-suite executives, in-house counsel, and incident response teams, the toolkit is a resource for leaders as they help their organizations mitigate cyber threats and strengthen their incident response capabilities.

Client Alerts 47 results

Client Alert | 14 min read | 07.24.24

U.S. Federal District Court Judge Dismisses Much of SEC’s Claims Against SolarWinds and its CISO Relating to SUNBURST Cybersecurity Attack

On Thursday, July 18, 2024, Judge Paul Engelmayer, U.S. District Judge for the Southern District of New York, dismissed the bulk of the Securities and Exchange Commission’s (SEC’s) landmark civil securities law claims against SolarWinds and its Chief Information Security Officer (CISO) Timothy Brown. The Court dismissed all allegations based on SolarWinds’ public disclosures made after SolarWinds became a victim of the well-publicized SUNBURST cybersecurity attack, and also dismissed the SEC’s claims relating to SolarWinds’ internal accounting controls and disclosure controls and procedures. However, the Court declined to dismiss claims of securities fraud against SolarWinds and its CISO based on SolarWinds’ pre-SUNBURST disclosures, finding that the SEC had properly pleaded that the company’s publicly-posted “Security Statement” was materially false and misleading.

...

Client Alert | 3 min read | 04.30.24

Appliance Standards: Steep Increase in Department of Energy Enforcement Cases Puts Appliance Manufacturers and Importers at Financial Risk

The DOE in 2023 significantly increased its enforcement activity against manufactures and importers alleged to have violated EPCA’s energy and water conservation standards and related certification requirements, based on available public information. As we previously flagged, the substantial rise in enforcement activity comes as the Biden Administration increasingly focuses on EPCA as a means of achieving environmental policy objectives, including reducing carbon emissions. The Department has continued its enforcement efforts in 2024 and early data from this year sheds light on the Department’s enforcement priorities.

...

Client Alert | 5 min read | 12.19.23

FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures

Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K.

...

Press Coverage 5 results

Press Coverage | 05.10.24

Maryland Signs Data Privacy Act Into Law—And Bucks Several Privacy Trends

Legaltech News

Press Coverage | 04.17.24

NH, KY Join Patchwork Of States' Data Privacy Laws ‘Squarely In The Middle’

LegalTech News

Press Coverage | 01.10.22

Major DC Law Firms Promote Sizable Partner Classes For 2022

The National Law Journal

Publications 10 results

Publication | 05.14.24

Tabletop Exercises: A Leading Practice to Strengthen Defenses

Privacy and Cybersecurity Outlook: The 2024 Landscape

Every day, organizations face a barrage of attacks from cybercriminals looking to do harm by gaining access to IT systems and sensitive data. Repercussions from these attacks can be significant—lost business data, legal liability, regulatory scrutiny, and a damaged reputation. To prepare for potential attacks, companies need a robust incident response plan that can be quickly and effectively deployed against cyber threats as they arise.

...

Publication | 01.10.24

Privacy: A Growing Focus on Privacy Raises the Stakes

Litigation Forecast 2024

Broader privacy laws are proliferating throughout U.S. states. At the same time, federal and state regulators are pursuing more rigorous enforcement of data breaches. The interplay between these two trends is increasing the risk of privacy-centered litigation for businesses operating in all sectors.

...

Publication | 08.08.23

Five Key Takeaways From The SEC's Final Cybersecurity Rules For Public Companies, 2023 WL 5012018

Westlaw

Events 8 results

Event | 04.04.24

LS-ISAO New York Workshop

Crowell & Moring Partner Matthew Welling, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the LS-ISAO New York Workshop, taking place in New York, NY on April 4, 2024. His presentation, "Armortext: When Your Communications Betray You, Where Do You Turn?" will take place at 3:15 p.m. EDT.

...

Event | 11.14.23 - 11.16.23

Cyberevolution

Crowell & Moring Partner Matt Welling, a member of the firm's Privacy & Cybersecurity group, will be speaking at Cyberevolution, taking place November 14-16th in Frankfurt. His panel, "Arresting Disaster: Driving Incident Response in Cyber-Regulated Europe in an Age of AI Threats," will take place at 3:10 p.m. CET.

Event | 06.12.23, 12:00 PM EDT - 5:00 PM EDT

Energy Drone and Robotics Summit—Law Tech Connect

The Law-Tech Connect™ Workshop - Energy Edition is an educational event that aims to connect and inform all those involved in uncrewed systems (C-Suite, Compliance Officers, operators, engineers, attorneys, academics, students, etc.) in a dynamic one-day session of techno-legal content, focused on the energy sector.

Webinars 6 results

Webinar | 11.07.23, 1:00 PM EST - 2:00 PM EST

Conducting an Incident Response Tabletop Exercise

Every day, organizations face a barrage of attacks from cybercriminals looking to gain access to IT systems to steal sensitive data or otherwise do harm. To ready themselves for this, organizations must prepare a robust incident response plan that can be quickly and effectively deployed to address cyber threats that arise.

Webinar | 09.21.21, 3:00 PM CEST - 4:00 PM CEST

Cyber Insights – Lessons Learned from Recent Ransomware Attacks

In the wake of high-profile attacks by Russian-based cybercriminals on Colonial Pipeline, operator of the largest refined fuel pipeline in the United States, on JBS Foods, the world’s largest meat processor, and targeting a vulnerability in Kaseya software to impact hundreds of managed service providers and their customers, ransomware has jumped again to the top of the agenda of board and C-suite meetings.

...

Webinar | 12.21.20, 10:00 AM EST - 11:00 AM EST

SolarWinds and Navigating Uncertain and Evolving Threats

The Cybersecurity and Infrastructure Security Agency (“CISA”) warned that the recent cybersecurity attack on SolarWinds poses a “grave” and “unacceptable” risk to the U.S. government and the nation’s critical infrastructure and issued an Emergency Directive calling on all federal civilian agencies to review their networks and take mitigation and remediation measures including disconnecting or powering down SolarWinds Orion products immediately.

...

Speaking Engagements 21 results

Speaking Engagement | 12.05.23, 2:00 PM EST

Tabletops for Public Sector: Three Critical Mistakes to Avoid

Speaking Engagement | 11.07.23

"Cyber Resilience: Conducting an Incident Response Tabletop Exercise," Crowell & Moring Webinar, 2023.

Speaking Engagement | 09.26.23

"AI and the Threat Detection: Leveraging AI to Secure Your Business," BrightTALK Originals Webinar

Blog Posts 16 results

Blog Post | 05.23.24

SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K

Crowell & Moring’s Data Law Insights

Blog Post | 06.15.23

Impacts of the National Cybersecurity Strategy on Government and Private Sector Collaboration

Crowell & Moring’s Data Law Insights

Blog Post | 02.21.19

EPCA Compliance: What Appliance Manufacturers (and Importers) Need to Know

Crowell & Moring's Retail & Consumer Products Law Observer

Podcasts 1 result

Podcast | 07.15.21

Byte-Sized Q&A: What is Ransomware?

In this episode, hosts Kate Growley and Evan Wolff talk with Matthew Welling about all things ransomware, including how to prepare for and respond to these kinds of incidents. Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.

...