Mandatory Reporting and “Cyber Mission Forces” Created in 2015 National Defense Authorization Act (NDAA)

Beyond appropriating $560,000,000,000 for military spending for 2015, the Defense Authorization Act passed this month expands the role of the military in wide range of areas, including strategic programs in outer space, budgeting and accounting for a new “cyber mission” major force program category, and new mandatory reporting of “cyber incidents” by government contractors and agencies. Title XVI, Subtitle C of the Senate Amendment to H.R. 3979, “Cyber-Related Matters,” first directs the Secretary of Defense to submit with the 2017 budget a new program for… Continue Reading

Cybsersecurity Starts at the Top

This summer, the Federal Financial Institutions Examination Council (FFIEC), made up of the FED Board of Governors and FDIC, among others, conducted a Cybersecurity Assessment at over 500 community financial institutions to evaluate their ability to handle cyber risks.  While the data is still being analyzed in order to assist with future guidance and regulations, last month the FFIEC Cybersecurity Assessment’s “General Observations” were released. What is striking about the General Observations, which are not to be construed as guidance, is that they call out… Continue Reading

Can Companies Pre-Emptively Avoid Class Action Suits from Massive Data Breaches? (A Blog Series)

There’s a constant flow of news about massive data breaches nowadays.  So much so that the question for companies with large amounts of personal data storage is no longer “if” it can happen but “when” it will happen.  In this series, we’re going to discuss one method that larger companies are using to significantly reduce the risk exposure to massive data breaches: click-wrap terms of use that require users to waive participation in class actions and instead only pursue claims by way of arbitration or… Continue Reading

Breach of U.S. Public Utility

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advised in its quarterly report that an unnamed public utility was compromised after attackers took advantage of a weak password security system by using brute force techniques by trying on various passwords until they hit the right one. This may come as no surprise to some as the vulnerability of the U.S. power grid to electronic attack has been known since the 1990’s. Factors contributing to this increasing danger include the shift… Continue Reading

Cy-“Burned” – The New Importance of Cyber Insurance

Data breaches that result in the unwanted dissemination of personal information are prevalent in the news of late, particularly given the rapid growth of electronically stored information and online commerce. A data breach can be very, very expensive even for the smallest of companies. This post was originally published on Professional Liability Matters. Please click here to read the rest of the article written by Seth L. Laver, Jessica L. Wuebker, and Matthew D. Cabral.… Continue Reading

More Credit Card Security On the Way

There has been a spike in the number of reported credit card breaches in recent days, including the most well-known of them all, Target, which led to the eventual resignation of its Chief Information Officer. Now, the California Department of Motor Vehicles has reportedly experienced a possible breach of its online payment system. It has become clear that the current security measures are insufficient to protect consumers and the corporate entities catering to the credit card consumer. In this regard, both Visa and MasterCard have… Continue Reading

Don’t Let Love Lead to a Loss

“Better to have loved and lost than never to have loved at all.”  Alfred Lord Tennyson probably did not have computer operating systems in mind when he wrote this famous line. Come April 2014, however, those who aren’t willing to end their love affair with Windows XP may lose big. Windows XP was long the favorite operating system for companies.  However, it was also well-known for its vulnerabilities and that Microsoft actively serviced XP providing patches for these vulnerabilities.  On April 8, 2014, Microsoft… Continue Reading