In mid-January, the General Services Administration (GSA) released their Semiannual Regulation Agenda. Within this agenda, GSA announced plans to update requirements in the General Services Administration Acquisition Regulation (GSAR)—concerning reporting cyber incidents that potentially affect GSA or its contractors.

The agency will be turning to the Federal Information Security Modernization Act of 2014 (FISMA), along with other cyber regulations, as a model on how to update its policies. These updates would be improvements to the existing cyber incident reporting policy within GSA Order CIO 9297.2—i.e. GSA Information Notification Policy. By integrating these updated policies into the GSAR, contracting officers would be required to include cyber incident reporting requirements within all of their procurement contracts. Continue Reading General Services Administration Announces Plans to Update Cybersecurity Requirements for Contractors

  • MoneyGram and Ant Financial mutually terminate $1.2 billion proposed merger
  • CFIUS’s concerns focused on cyber and information security
  • Scrutiny of buyers’ information security processes is likely to increase

By Thad McBride and Todd Overman with help from law clerk Nicole Giles

On January 2, 2018, U.S.-based MoneyGram International announced that its proposed acquisition by Ant Financial, a Chinese company owned by Alibaba, was being blocked by the U.S. Committee on Foreign Investment in the United States (CFIUS).  CFIUS is the U.S. government’s inter-agency committee tasked with reviewing foreign entities’ purchases of and investments in U.S. companies when the transaction could pose a threat to U.S. national security.

Continue Reading CFIUS Continues Focus on Information Security, Blocks Chinese Acquisition of MoneyGram

As recent malware, ransomware and distributed denial of service attacks have made clear, the cyber threats posed to governments and commercial entities are real and growing. Critical infrastructure such as power plants, airports and communication systems are vulnerable to attacks on the cyber battlefield, as are banks, manufacturers, and law firms, among other commercial entities. In an attempt to address these risks, the U.S. government is imposing heightened cyber-security requirements on contractors, some of which are summarized below. But, in light of the growing cyber threats posed by nation states, subnational groups and bored teenagers, even companies that are not subject to these new requirements should evaluate the sufficiency of their current cyber security protocols and consider taking steps such as the simplified four-step “starter plan” – train, maintain, test and repeat – laid out below to address vulnerabilities.

Continue Reading DoD’s Efforts to Secure Information on Contractor Systems Continues, But All Companies Are at Risk and Should Take Steps Now to Protect Themselves