Client Alert: White House Doubles Down on Private Sector Outreach for Cybersecurity Push

The White House sent an open letter last week to “corporate executives and business leaders” urging their companies to take “immediate steps” toward better protecting themselves against ransomware attacks.[1] Although the White House cannot generally dictate the actions that private companies take, the Biden administration has emphasized that “[b]usiness leaders have a responsibility to strengthen their cyber defenses to protect the American public and . . . economy.”[2] To that end, the letter referenced the five “best practices” set forth in the recently issued Executive Order on Cybersecurity, including (1) multifactor authentication; (2) endpoint detection; (3) endpoint response; (4) encryption; and (5) a skilled and empowered security team. The letter also outlined five basic but impactful security practices that the White House recommended companies implement:

  • Back-up Data. Back-up data, system images, and configurations, regularly test them, and keep the backups offline. If network data is encrypted with ransomware, the organization may still be able to restore its systems.
  • Update Systems. Promptly update and patch systems, including applications and firmware.
  • Test Plans. Test incident response plans to help identify gaps and understand how long business operations can be sustained without access to certain systems.
  • Conduct Independent Checks. Check the security team’s work and ability to defend against a sophisticated attack, thereby increasing the likelihood that back doors or other loopholes can be addressed.
  • Segment networks. Separate corporate business functions from manufacturing and production operations, and limit internet access to operational networks.[3]

The letter, which was authored by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, was sent in light of a reported uptick in attacks involving ransomware (software that seizes control of a computer until the victim pays a fee), most recently an attack that reportedly closed off beef and pork production from one of the country’s leading food suppliers.[4]

The letter also reflects the Biden administration’s growing emphasis on the need to improve the government’s cybersecurity defenses, both within and across various agencies. Yesterday, in a press conference regarding the ransomware attack on Colonial Pipeline, Deputy Attorney General Lisa Monaco emphasized that companies should take preemptive action against ransomware attacks, urging them to “pay attention now” and “invest resources now” because “[f]ailure to do so could be the difference between being secure now – or a victim later.”[5] The press conference came just a few days after Deputy Attorney General Monaco issued an internal memorandum directing US prosecutors to report all ransomware investigations that they may be working on, stressing the need for better coordination within the Department.[6] Two weeks ago, the Department of Homeland Security’s Transportation Security Administration announced a security directive requiring pipelines to report confirmed and potential cyber incidents and review current cybersecurity practices.[7] And last month, the White House issued the Executive Order imposing a variety of requirements on federal agencies and government contractors that are aimed at improving the government’s cybersecurity defenses.

As companies seek to evaluate cybersecurity and expand their protections, it is important to consider the following legal issues alongside business and technical concerns:

  • Importance of a Multi-Functional Team. Cybersecurity and information protection are broad efforts encompassing many different skills within a company. Legal counsel should be included in the team to advise about the application of relevant laws, regulations, and policies, and to prepare for potential litigation and enforcement actions.
  • Importance of Legal Privilege. Companies should consider how to maximize the application of legal privilege to internal factfinding efforts that are designed to address potential legal exposure from cybersecurity and data protection rules.

Outside counsel can help bolster in-house teams and provide broad industry perspective on common issues in these reviews. Jenner & Block lawyers stand ready to assist.

[1] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[2] Press Briefing by Press Secretary Jen Psaki (June 3, 2021); see also Tucker Higgins, CEOs Need to Prepare Now for Exponential Increase in Ransomware Attacks, Top DOJ Official Says, CNBC (June 4, 2021).

[3] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[4] David E. Sanger and Nicole Perlroth, White House Warns Companies to Act Now on Ransomware Defenses, N.Y. Times (June 3, 2021).

[5] Office of Public Affairs, Department of Justice, DAG Monaco Delivers Remarks at Press Conference on Darkside Attack on Colonial Pipeline (June 7, 2021).

[6] Deputy Attorney General Lisa Monaco, Memorandum for all Federal Prosecutors on Guidance Regarding Investigations and Cases Related to Ransomware and Digital Extortion (June 3, 2021). 

[7] Press Release, DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators, Department of Homeland Security (May 27, 2021).

Footnotes

[1] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[2] Press Briefing by Press Secretary Jen Psaki (June 3, 2021); see also Tucker Higgins, CEOs Need to Prepare Now for Exponential Increase in Ransomware Attacks, Top DOJ Official Says, CNBC (June 4, 2021).

[3] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[4] David E. Sanger and Nicole Perlroth, White House Warns Companies to Act Now on Ransomware Defenses, N.Y. Times (June 3, 2021).

[5] Office of Public Affairs, Department of Justice, DAG Monaco Delivers Remarks at Press Conference on Darkside Attack on Colonial Pipeline (June 7, 2021).

[6] Deputy Attorney General Lisa Monaco, Memorandum for all Federal Prosecutors on Guidance Regarding Investigations and Cases Related to Ransomware and Digital Extortion (June 3, 2021). 

[7] Press Release, DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators, Department of Homeland Security (May 27, 2021).

Related Capabilities

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

Client Alert: White House Doubles Down on Private Sector Outreach for Cybersecurity Push

The White House sent an open letter last week to “corporate executives and business leaders” urging their companies to take “immediate steps” toward better protecting themselves against ransomware attacks.[1] Although the White House cannot generally dictate the actions that private companies take, the Biden administration has emphasized that “[b]usiness leaders have a responsibility to strengthen their cyber defenses to protect the American public and . . . economy.”[2] To that end, the letter referenced the five “best practices” set forth in the recently issued Executive Order on Cybersecurity, including (1) multifactor authentication; (2) endpoint detection; (3) endpoint response; (4) encryption; and (5) a skilled and empowered security team. The letter also outlined five basic but impactful security practices that the White House recommended companies implement:

  • Back-up Data. Back-up data, system images, and configurations, regularly test them, and keep the backups offline. If network data is encrypted with ransomware, the organization may still be able to restore its systems.
  • Update Systems. Promptly update and patch systems, including applications and firmware.
  • Test Plans. Test incident response plans to help identify gaps and understand how long business operations can be sustained without access to certain systems.
  • Conduct Independent Checks. Check the security team’s work and ability to defend against a sophisticated attack, thereby increasing the likelihood that back doors or other loopholes can be addressed.
  • Segment networks. Separate corporate business functions from manufacturing and production operations, and limit internet access to operational networks.[3]

The letter, which was authored by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, was sent in light of a reported uptick in attacks involving ransomware (software that seizes control of a computer until the victim pays a fee), most recently an attack that reportedly closed off beef and pork production from one of the country’s leading food suppliers.[4]

The letter also reflects the Biden administration’s growing emphasis on the need to improve the government’s cybersecurity defenses, both within and across various agencies. Yesterday, in a press conference regarding the ransomware attack on Colonial Pipeline, Deputy Attorney General Lisa Monaco emphasized that companies should take preemptive action against ransomware attacks, urging them to “pay attention now” and “invest resources now” because “[f]ailure to do so could be the difference between being secure now – or a victim later.”[5] The press conference came just a few days after Deputy Attorney General Monaco issued an internal memorandum directing US prosecutors to report all ransomware investigations that they may be working on, stressing the need for better coordination within the Department.[6] Two weeks ago, the Department of Homeland Security’s Transportation Security Administration announced a security directive requiring pipelines to report confirmed and potential cyber incidents and review current cybersecurity practices.[7] And last month, the White House issued the Executive Order imposing a variety of requirements on federal agencies and government contractors that are aimed at improving the government’s cybersecurity defenses.

As companies seek to evaluate cybersecurity and expand their protections, it is important to consider the following legal issues alongside business and technical concerns:

  • Importance of a Multi-Functional Team. Cybersecurity and information protection are broad efforts encompassing many different skills within a company. Legal counsel should be included in the team to advise about the application of relevant laws, regulations, and policies, and to prepare for potential litigation and enforcement actions.
  • Importance of Legal Privilege. Companies should consider how to maximize the application of legal privilege to internal factfinding efforts that are designed to address potential legal exposure from cybersecurity and data protection rules.

Outside counsel can help bolster in-house teams and provide broad industry perspective on common issues in these reviews. Jenner & Block lawyers stand ready to assist.

[1] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[2] Press Briefing by Press Secretary Jen Psaki (June 3, 2021); see also Tucker Higgins, CEOs Need to Prepare Now for Exponential Increase in Ransomware Attacks, Top DOJ Official Says, CNBC (June 4, 2021).

[3] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[4] David E. Sanger and Nicole Perlroth, White House Warns Companies to Act Now on Ransomware Defenses, N.Y. Times (June 3, 2021).

[5] Office of Public Affairs, Department of Justice, DAG Monaco Delivers Remarks at Press Conference on Darkside Attack on Colonial Pipeline (June 7, 2021).

[6] Deputy Attorney General Lisa Monaco, Memorandum for all Federal Prosecutors on Guidance Regarding Investigations and Cases Related to Ransomware and Digital Extortion (June 3, 2021). 

[7] Press Release, DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators, Department of Homeland Security (May 27, 2021).

Footnotes

[1] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[2] Press Briefing by Press Secretary Jen Psaki (June 3, 2021); see also Tucker Higgins, CEOs Need to Prepare Now for Exponential Increase in Ransomware Attacks, Top DOJ Official Says, CNBC (June 4, 2021).

[3] Letter from Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to Corporate Executives and Business Leaders (June 3, 2021).

[4] David E. Sanger and Nicole Perlroth, White House Warns Companies to Act Now on Ransomware Defenses, N.Y. Times (June 3, 2021).

[5] Office of Public Affairs, Department of Justice, DAG Monaco Delivers Remarks at Press Conference on Darkside Attack on Colonial Pipeline (June 7, 2021).

[6] Deputy Attorney General Lisa Monaco, Memorandum for all Federal Prosecutors on Guidance Regarding Investigations and Cases Related to Ransomware and Digital Extortion (June 3, 2021). 

[7] Press Release, DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators, Department of Homeland Security (May 27, 2021).

Related Capabilities

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

News and Insights

Podcasts

Partner Laurel Loomis Rimon Discusses Fintech Enforcement, Debanking, and Regulatory Risk on Fintech Layer Cake Podcast

Partner Laurel Loomis Rimon was featured on the Fintech Layer Cake podcast, where she discussed how fintech enforcement and prosecution actually work in practice, and what exposes fintechs and banks to regulatory risk.

July 15, 2026

Publications

Supreme Court Clarifies Scope of Private Rights of Action Under the Investment Company Act, Private Equity Law Report

Partners Charles Riely, Todd C. Toral, and Martin Glass authored a guest article for Private Equity Law Report examining the US Supreme Court's June 11, 2026, ruling on the scope of private rights of action under the Investment Company Act of 1940.

July 14, 2026

Publications

Emily Loeb Discusses Congressional Oversight Preparedness in Bloomberg Law

Partner Emily Loeb, co-chair of Jenner & Block's Congressional Investigations Practice, spoke with Bloomberg Law article about how companies can prepare for potential oversight exposure ahead of this fall's midterm elections.

July 7, 2026

Publications

In New York Law Journal, The True Lender Doctrine and the OppFi Decision

Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.

July 1, 2026

Event

Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference

On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.

July 1, 2026