After a year of public-private collaboration and considerable anticipation, the National Institute for Standards and Technology’s (NIST) cybersecurity framework for critical infrastructure has arrived. The interest in the framework has only grown after several high profile data breaches in late 2013 have cast an unrelenting spotlight on cybersecurity issues. The framework presents businesses with important questions about whether and how they should use it, and—as cybersecurity-related class actions multiply—how the plaintiffs’ bar intends to invoke the framework.
After attempts at more comprehensive legislation faltered, President Obama issued an executive order (EO 13636) requiring development of the framework. By
Continue Reading What The NIST Cybersecurity Framework Might Mean for Class Actions