Category Archives: Cyber Security

US Capitol

Controversial Cybersecurity Information Sharing Act Passes Senate, Will Likely Become Law

On October 27, 2015, the United States Senate passed S.754, the Cybersecurity Information Sharing Act (CISA or the Act) 74-21. Without requiring such information sharing, CISA would create a system for federal agencies to receive threat information from private companies in real time. However, the bill is not without controversy. As we discussed in August the Department of Homeland Security raised concerns in July and August that the “real time collaboration” requirement in CISA would not permit them to scrub personal information…

Continue Reading....
US Navy

Out of Security Concerns, Navy Tells Midshipmen to Look to the Stars

The United States Navy is now requiring its midshipmen to learn a skill that seems more relevant in the 19th Century rather than the 21st century: how to navigate by the stars. The training is limited to just a few hours, but will serve a critical function. Computers aboard a ship are susceptible to cyber attacks and Navy personnel need a backup system should the computers fail. On the open ocean, this means looking to the stars. The Navy taught celestial navigation until…

Continue Reading....
iStock_000038012250_Large

NAIC and CSIS Host Cyber Risk Conference

On September 10, 2015, the National Association of Insurance Commissioners (NAIC) and the Center for Strategic and International Studies (CSIS) hosted a conference entitled “Managing Cyber Risk and the Role of Insurance.” Over 300 individuals attended, including more than 30 insurance regulators, senior representatives from the U.S. Departments of Treasury and Homeland Security, and representatives from the private sector. The primary focus of the conference was to explore how the insurance industry can assist in mitigating the damages that result from a cyber…

Continue Reading....
Data Protection

DHS – “Privacy Problems with CISA”

The Senate is expected to begin debate this week on S.754, the Cybersecurity Information Sharing Act (CISA) and at least one government agency is raising privacy and civil liberties concerns with respect to this legislation. Specifically, the Department of Homeland Security (DHS) is concerned that the desire to share information in real time could prevent it from scrubbing the data to erase personal identifiable information or other private information contained in the data. The primary purpose of CISA is to encourage the sharing of cyber…

Continue Reading....
iStock_000050437260_XXXLarge

Federal Cyber Legislation – Hurry Up and Wait

Despite the increasing number of data breaches, legislation to address this issue at the Federal level is at a standstill (or close to it). As has been noted in a variety of venues, currently, there is no comprehensive federal law to deal with data breaches. The federal law that does exist is centered on privacy issues for specific industries, e.g., Health Information Portability and Accountability Act (HIPAA) for health information and the Gramm-Leach Bliley Act (GLB) for financial information. While most states and the…

Continue Reading....

New Federal Cybersecurity Legislation and Regulations Proposed in Washington DC

This week, new legislation and regulations have been proposed to address cybersecurity concerns in new automobiles and the nation’s Bulk Electric System. On Tuesday, Senators Edward J. Markey (MA) and Richard Blumenthal (CT) introduced new legislation to address the hacking risks associated with “connected vehicles.”  The Security and Privacy in Your Car Act of 2015 would mandate that sensitive software systems be isolated and additional safeguards be added “to protect consumers from security and privacy threats to their motor vehicles”.  The legislation followed a 2014…

Continue Reading....
iStock_000038012250_Large

Two GAO Reports Detail Deficiencies and Improvements in Thwarting Cyber Crimes

The Government Accountability Office (GAO) recently issued two reports on battling cyber threats that are useful for both private and public entities. The first report, issued July 2, 2015, was entitled Cybersecurity: Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information. In that report, the GAO noted that while, “[d]epository institutions obtain cyber threat information from multiple sources, including federal entities such as the Department of the Treasury (Treasury)[,] [r]epresentatives from more than 50 financial institutions…

Continue Reading....
US Navy

Sometimes Newer Isn’t Always Better: U.S. Navy is Paying Millions to Keep XP

In March 2014, Microsoft announced that it was phasing out support for its Windows XP operating system, including the continued release of patches protecting against hackers and other intrusions. Although the Windows XP platform, originally released  August 24, 2001, has been replaced by updated versions, the United States Navy agreed to pay Microsoft $9 million annually for continued support of the XP program, which runs many of the Navy’s critical systems, including the Space and Navy Warfare Systems Command.  While only 10 percent of government…

Continue Reading....
US Capitol

Congress and the Internet of Things

Despite the trend toward the Internet of Things, some institutions are taking a slow and cautious approach given the possible security vulnerabilities. This includes the U.S. Congress. The Internet of Things usually refers to machine to machine communication.  For example, consider the Microsoft band that monitors heart rate, steps, calories, burned, etc. (which, incidentally, the co-chair of the Congressional Internet of Things Caucus wears). Recent breaches into government computers including the massive data breach at the Office of Personnel Management (“OPM”) clearly demonstrate…

Continue Reading....

Can A SAFETY Act Designated Product Provide Cyber-Attack Liability Protection?

“So if you use FireEye’s product you basically are prevented from being sued in the criminal justice system of America, which can save a lot of money.” According to CEO Dave DeWalt’s recent comments, it sounds like the U.S. Government stamped FireEye with a seal of approval — a ringing endorsement that’s worth a closer look.  FireEye, Inc. was issued “Certification” under the SAFETY Act for its Multi-Vector Execution (MVX) Engine and Cloud Platform.  It isn’t the only SAFETY Act approved technology; DHS’s website…

Continue Reading....