3D Printing: A Cybersecurity Concern

Additive manufacturing, more commonly known as 3D printing, is a process of making three-dimensional solid objects from a digital model. Additive manufacturing is already used in a number of critical fields, such as medicine, aerospace, civil engineering, and industrial manufacturing. 3D printers are often internet-connected, and increasingly open-sourced. As a result, they face a host of security issues which range from digital to physical. Most of these issues fall broadly into either confidentiality and privacy concerns or device and product integrity concerns. Confidentiality and privacy…
Continue reading...

SEC’s First Cybersecurity Enforcement Has Many Lessons

The Securities and Exchange Commission recently announced its first ever cyber-related enforcement action in a case that all companies should look at as a refresher on cybersecurity hygiene. In the Matter of Voya Financial Advisors, Inc. was brought against the publicly traded company that manages over $500 billion after a security breach through several of its brokers acting as independent contractors for the company. These brokers typically accessed Voya clients’ PII through a password protected web portal while using their own IT equipment and networks.…
Continue reading...

Should American Companies Be Worried About Security Risks Posed By Chinese Telecoms?

Members of Congress from both sides of the aisle recently wrote a letter to Google to express “concerns” about its strategic partnership with Chinese telecommunications companies such as Huawei Technologies, based on security risks related to state-sponsored espionage. As noted by the lawmakers, the heads of the CIA, NSA, FBI, and Defense Intelligence Agency have voiced similar concerns that smartphones made by China’s two largest manufacturers, Hauwei and ZTE., pose a security threat to American customers.  Moreover, the UK’s National Cyber Security Centre found that…
Continue reading...

The SEC is Focused on Public Company Disclosure of Cybersecurity Risks

While new data privacy rules in the European Union have dominated the news lately, the U.S Securities and Exchange Commission (SEC) has not so quietly been making waves of its own in the regulation of cybersecurity. In February ,the SEC issued fresh guidance to public companies on the disclosure of cybersecurity issues, both in identifying risks prospectively and in disclosing breaches quickly. It then followed up that guidance in April with its first ever fine of a public company for failing to promptly disclose a…
Continue reading...

Nearly a 50 percent Increase in Gulf Region Cyberattacks

Gulf Business Machines (GBM) reports a significant increase – from 28 percent in 2016 to 41 percent in 2017 — in hacking events among Gulf-based enterprises. Even so, only 31 percent of regional organizations are concerned about the detection and response to these attacks. At the 2018 Gulf Information Security Expo and Conference in Dubai that took place from May 1-3, 2018, GBM issued its Seventh Annual Cybersecurity Study, which surveyed regional organizations regarding security in the business environment. The survey polled over 600 executives…
Continue reading...

DFS Partially Clarifies Who Qualifies for an Exemption Under Cybersecurity Regulation

By the terms of 23 NYCRR 500.19(e), Covered Entities that have determined they qualify for a limited exemption from compliance under 23 NYCRR 500.19(a)-(d) of New York’s new Cybersecurity Regulation — as of August 28, 2017 — are required to file a Notice of Exemption with the New York Department of Financial Services (NYDFS) on or prior to September 28, 2017. The first compliance date of August 28, 2017 in New York’s cybersecurity regulation, and the date for Covered Entities to determine whether they qualify…
Continue reading...

Judge Rules No Standing to Pursue Fear Of “Hacker Harm”

Last week a judge in the Southern District of Illinois trimmed several claims from a class action complaint made against Chrysler and Harman International Industries stemming from a 2015 WIRED magazine article. The July 21, 2015 WIRED article described the author’s experience of being a “digital crash-test dummy, a willing subject on whom [two hackers] could test the car-hacking research they’d been doing over the past year.” Less than two weeks after the article was published, on August 4, 2015, the plaintiffs filed their class…
Continue reading...

Credit Card Payment Coverage Declined: Cyberinsurer Not Obligated to Reimburse P.F. Chang’s for PCI Liability

In the most significant cyberinsurance coverage decision to date, an Arizona federal district court in P.F. Chang’s China Bistro v. Federal Insurance Co., No. CV-15-01322-PHX-SMM (D. Ari. May 31, 2016), granted summary judgment to Federal Insurance Company, acknowledging it had no duty to reimburse P.F. Chang’s China Bistro for payment card industry liability assessments under the CyberSecurity policy issued by Federal to P.F. Chang’s corporate parent. This decision represents a significant victory for cyberinsurers insofar as it upholds insurers’ marketing strategy of making available…
Continue reading...

PwC Issues 2015 Cybercrime Survey Results

“It’s been a watershed year for cybercrime,” explains PricewaterhouseCoopers LLC in its 2015 report analyzing data from 500 executives across US businesses, law enforcement and government agencies.  The survey and report, co-sponsored by PwC, CSO, Carnagie Mellon University and the United States Secret Service, provides a comprehensive analysis of trends in cybercrime and cyberthreats, as well as security spending and overall manage of these growing business risks. This year, a record 79 percent of respondents detected a security incident during the past 12 months, with…
Continue reading...

New Federal Cybersecurity Legislation and Regulations Proposed in Washington DC

This week, new legislation and regulations have been proposed to address cybersecurity concerns in new automobiles and the nation’s Bulk Electric System. On Tuesday, Senators Edward J. Markey (MA) and Richard Blumenthal (CT) introduced new legislation to address the hacking risks associated with “connected vehicles.”  The Security and Privacy in Your Car Act of 2015 would mandate that sensitive software systems be isolated and additional safeguards be added “to protect consumers from security and privacy threats to their motor vehicles”.  The legislation followed a 2014…
Continue reading...