On October 30, 2023, President Biden released an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). This landmark EO seeks to advance the safe and secure development and deployment of AI by implementing a society-wide effort across government, the private sector, academia, and civil society to harness “AI for good,” while mitigating its substantial risks.
Christiana State (CIPP/US, CIPP/E) is a senior counsel in Crowell & Moring’s San Francisco office and a member of the firm’s Corporate and Privacy & Cybersecurity groups. Christiana focuses her practice on counseling clients on technology and privacy matters. Christiana leverages a combination of in-house counsel experience and electrical engineering training to guide emerging technology companies through transformational growth stages. Christiana represents technology companies, from start-ups to multinational corporations, in various industry segments, such as: AI/ML, cloud services, biometrics, semiconductors and computing architectures, gaming, AR/VR, drones, and EV charging.
Christiana brings a pragmatic and business-focused approach to her representations. Prior to Crowell, she spent over a decade serving as in-house counsel for various technology companies in Silicon Valley. In those roles, Christiana led cross-functional teams while managing global technology and intellectual property deals, product launches and related regulatory matters, and intellectual property strategies.
A new Cybersecurity & Infrastructure Security Agency (CISA) alert advises that, starting in late May, a well-known ransomware group called Clop compromised a widely used managed file transfer (MFT) platform called MOVEit Transfer, reportedly impacting hundreds of companies globally.
MFT platforms are used to securely transfer files between parties, and Clop reportedly compromised MOVEit Transfer using a previously unknown (zero-day) vulnerability that allowed attackers to steal files from MOVEit’s underlying database. This vulnerability is now tracked as CVE-2023-34362.
Clop has previously targeted MFT platforms such as Accellion and has shown that it is prepared to follow through on threatened next steps. In this case, Clop is threatening to identify victim companies on the Clop site as soon as June 14 and then, if a ransom is not paid, publish victims’ stolen data. In prior attacks, Clop has also reportedly contacted victim companies directly with ransom demands, sometimes weeks or more after the attack. We do not recommend that victims contact threat actors like Clop directly but instead work with experts to do so safely, if necessary.
On March 2, 2023, the Biden Administration released the 35-page National Cybersecurity Strategy (the “Strategy”) with a goal “to secure the full benefits of a safe and secure digital ecosystem for all Americans.”
Summary and Analysis
The Strategy highlights the government’s commitment to investing in cybersecurity research and new technologies to protect the nation’s security and improve critical infrastructure defenses. It outlines five pillars of action, each of which implicates critical infrastructure entities, from strengthening their cybersecurity processes, to receiving support from the federal government. For example, the Strategy highlights improving the security of Internet of Things (IoT) devices and expanding IoT cybersecurity labels, investing in quantum-resisting systems, developing a stronger cyber workforce, evolving privacy-enhancing platforms, and adopting security practices that are aligned with the National Institute of Standards and Technology (NIST) framework are some other suggested approaches that the private sector could take.