Host Gregg N. Sofer welcomes Husch Blackwell partner Erik Dullea to the podcast where we discuss risk management, strategy, governance, and incident disclosure in the context of the Security and Exchange Commission’s recently adopted cybersecurity rules. Adopted on a 3-to-2 party-line vote, the new rules introduce significant new compliance burdens for U.S. businesses, including the disclosure (on Form 8-K Item 1.05) of material cybersecurity incidents—describing their nature, scope, timing, and impact on the financial condition and results of operations—to be filed within four business days of a materiality determination. There is also a new requirement to describe processes for assessing and managing material cybersecurity risks, board oversight, and management expertise in handling such risks. We will explore the practical matter of how businesses can approach these regulations as well as larger issues pertaining to national security and critical infrastructure. Gregg N. Sofer Biography Full Biography Gregg counsels businesses and individuals in connection with a range of criminal, civil and regulatory matters, including government investigations, internal investigations, litigation, export control, sanctions, and regulatory compliance. Prior to entering private practice, Gregg served as the United States Attorney for the Western District of Texas—one of the largest and busiest United States Attorney’s Offices in the country—where he supervised more than 300 employees handling a diverse caseload, including matters involving complex white-collar crime, government contract fraud, national security, cyber-crimes, public corruption, money laundering, export violations, trade secrets, tax, large-scale drug and human trafficking, immigration, child exploitation and violent crime. Erik Dullea Biography Full Biography Erik is a Denver-based partner at Husch Blackwell who heads up the firm’s cybersecurity practice. Erik left Husch Blackwell in 2022 to take a position at the National Security Agency in its Office of General Counsel, serving as the acting deputy associate general counsel for the NSA’s cybersecurity practice group. He returned to the firm during the summer of 2023. A former officer in the U.S. Navy, Erik focuses on compliance requirements related to cybersecurity and data privacy, including statutory, regulatory, and consensus-based standards, with an emphasis on critical infrastructure sectors such as mining, energy, and aviation and the Defense Industrial Base (DIB). He represents defense contractors and subcontractors; companies underpinning electrical, wastewater, transportation, and smart city systems; and other major organizations facing extortion threats from malicious foreign cyber actors. Additional Resources Steven R. Barrett, Robert J. Joseph, Andrew Spector, Robert Fritsche and Brian Wetzstein. “SEC Heightens Issuers’ Cybersecurity Disclosure Requirements,” August 15, 2023 Erik Dullea and Andrew Spector. “Twelve Planning Tips to Avoid Complications with the SEC’s Cybersecurity Disclosure Rules,” August 2023 Part 1 | Part 2 | Part 3 Securities and Exchange Commission. “SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies,” July 26, 2023 Hester M. Peirce. “Harming Investors and Helping Hackers: Statement on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure,” July 26, 2023
Host Gregg N. Sofer welcomes Husch Blackwell partner Erik Dullea to the podcast where we discuss risk management, strategy, governance, and incident disclosure in the context of the Security and Exchange Commission’s recently adopted cybersecurity rules. Adopted on a 3-to-2 party-line vote, the new rules introduce significant new compliance burdens for U.S. businesses, including the disclosure (on Form 8-K Item 1.05) of material cybersecurity incidents—describing their nature, scope, timing, and impact on the financial condition and results of operations—to be filed within four business days of a materiality determination. There is also a new requirement to describe processes for assessing and managing material cybersecurity risks, board oversight, and management expertise in handling such risks.
We will explore the practical matter of how businesses can approach these regulations as well as larger issues pertaining to national security and critical infrastructure.
Gregg N. Sofer Biography
Gregg counsels businesses and individuals in connection with a range of criminal, civil and regulatory matters, including government investigations, internal investigations, litigation, export control, sanctions, and regulatory compliance. Prior to entering private practice, Gregg served as the United States Attorney for the Western District of Texas—one of the largest and busiest United States Attorney’s Offices in the country—where he supervised more than 300 employees handling a diverse caseload, including matters involving complex white-collar crime, government contract fraud, national security, cyber-crimes, public corruption, money laundering, export violations, trade secrets, tax, large-scale drug and human trafficking, immigration, child exploitation and violent crime.
Erik Dullea Biography
Erik is a Denver-based partner at Husch Blackwell who heads up the firm’s cybersecurity practice. Erik left Husch Blackwell in 2022 to take a position at the National Security Agency in its Office of General Counsel, serving as the acting deputy associate general counsel for the NSA’s cybersecurity practice group. He returned to the firm during the summer of 2023. A former officer in the U.S. Navy, Erik focuses on compliance requirements related to cybersecurity and data privacy, including statutory, regulatory, and consensus-based standards, with an emphasis on critical infrastructure sectors such as mining, energy, and aviation and the Defense Industrial Base (DIB). He represents defense contractors and subcontractors; companies underpinning electrical, wastewater, transportation, and smart city systems; and other major organizations facing extortion threats from malicious foreign cyber actors.
Additional Resources
Erik Dullea and Andrew Spector. “Twelve Planning Tips to Avoid Complications with the SEC’s Cybersecurity Disclosure Rules,” August 2023 Part 1 | Part 2 | Part 3