Judge Rules No Standing to Pursue Fear Of “Hacker Harm”

Last week a judge in the Southern District of Illinois trimmed several claims from a class action complaint made against Chrysler and Harman International Industries stemming from a 2015 WIRED magazine article. The July 21, 2015 WIRED article described the author’s experience of being a “digital crash-test dummy, a willing subject on whom [two hackers] could test the car-hacking research they’d been doing over the past year.” Less than two weeks after the article was published, on August 4, 2015, the plaintiffs filed their class…
Continue reading...

RAND Study Estimates Lower Cyber-Incident Costs

According to a new study by the RAND Corporation, published in the Oxford Journal of Cybersecurity, the average cost of a typical cyber breach for an American company has been estimated at $200,000, significantly less than the $1,000,000 figure suggested by other organizations, such as the Ponemon Institute. The study analyzed a private data set of 12,000 cyber incidents over a decade based on corporate losses compiled for the insurance industry. “Relative to all the other risks companies face, the cyber risks often aren’t…
Continue reading...

Cybersecurity Down on the Farm

The FBI and Department of Agriculture have issued a Private Industry Notification to increase awareness among farmers that growing reliance on precision agriculture technology, aka “smart farming,” brings increased vulnerability to cyberattacks. While the notification did not suggest attackers could gain control of physical machinery, unauthorized access to farm-level data regarding crop availability and pricing could be used to exploit US agriculture resources and market trends. Earlier this year, for example, the USDA and Microsoft hosted a worldwide competition to design data visualization tools that…
Continue reading...

New Executive Orders and Budget Proposals Contribute to Federal Cyber Security Efforts

The U.S. Government took several steps on Tuesday, February 9, 2016 to deal with the ever-constant issue of data privacy. First, President Barack Obama issued two Executive Orders. The first Executive Order creates the Commission on Enhancing National Cybersecurity. This new Commission will fall under the U.S. Department of Commerce and be “composed of not more than 12 members appointed by the President” though Congressional leadership can offer recommendations. The order, among other things, requires the Commission to make recommendations in several key areas including:…
Continue reading...

Better Late Than Never: U.S. and EU Regulators Reach Data Privacy Agreement

Officials from the United States and European Union have reached a tentative agreement regarding transfers of personal data by European individuals and businesses to the United States. As stated in the agreement, “This new framework will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses.” When finalized, it will replace a previous safe harbor agreement between the U.S. and EU, which was struck down by the European Court of Justice (ECJ) in October…
Continue reading...

The Danger from Within: Banks Work to Combat Hackers Internally

While many companies work diligently to guard against external cyber threats, a number of banks are taking steps to protect themselves from another dangerous, yet equally damaging source — their own employees. According to the Association of Corporate Counsel, at least 30 percent of data breaches during 2015 were caused by seemingly harmless employee errors. To the unknowing employee, a simple click of the mouse could expose information or clues to those looking for an opportunity to breach even the most high-tech security systems.…
Continue reading...

CISA Passes as Part of Omnibus Spending Bill

Congress recently passed the Cybersecurity Information Sharing Act of 2015 (CISA) as part of Division N of H.R. 2029, Public Law 114-113 the Consolidated Appropriations Act, 2016, (CAA). As previously reported, on October 27, 2015 the United States Senate passed a different version of CISA, S.754, which without requiring such information sharing, would create a system for federal, state and local agencies to receive threat information from private companies in real time and for the private sector to receive such information in addition and as…
Continue reading...

Iranians Use Cellular Modem to Hack Suburban NYC Dam

Any machine, if it’s connected to the internet, can be hacked; including the automated equipment controlling dams, steel mills and nuclear power facilities. As we previously reported here, criminals were able to take control of a German steel mill’s computerized production system, forcing an unscheduled shut-down causing “massive damage” in 2014. Likewise, in 2010, a cyberattack was able to disable Iran’s uranium enrichment centrifuges by targeting the software installed in the electronic equipment. This week, the Wall Street Journal reported that in 2013, Iranian…
Continue reading...

End of EU Data Privacy Safe Harbor Blockade in Sight?

Negotiators from the European Union and the United States are in the process of negotiating a new agreement that would effectively remove the blockade to the EU Data Privacy Safe Harbor for U.S. companies. We previously wrote about a decision by the European Court of Justice (ECJ) which opened U.S. companies up to potential fines for not protecting their data from U.S. government surveillance programs. Given the potential impact against companies like Facebook and other companies that utilize personal information, EU and U.S. leaders are…
Continue reading...

NYDFS Notifies Federal Regulators of New Potential Cyber Security Regulations

On November 9, 2015, the New York State Department of Financial Services (NYDFS) sent a memorandum entitled Potential New NYDFS Cyber Security Regulation Requirements to several federal and state financial services regulators, including banking, securities and insurance regulatory, administrative and supervisory  bodies. These potential regulations are based on results of two sets of surveys of financial entities about their “cyber security programs, costs and future plans.” NYDFS surveyed 150 banks and 43 insurance companies. The results of the May 2014 banking industry survey are here
Continue reading...