SutherlandCybersecurity.com
content top

White House Cyber Commission Issues Requests for Information

The White House’s Commission on Enhancing National Cybersecurity has announced in a Federal Register Notice that it is seeking information on a variety of cybersecurity topics. The Notice indicates that the Commission is seeking information on topics including critical infrastructure cybersecurity, cyber insurance, research and development, the cyber workforce, federal governance, identity and access management, international markets, the Internet of Things, public awareness and education, and state and local government cybersecurity. According to the Notice, the Commission is seeking...
Continue Reading

Federal Judge Dismisses Class Action Arising from Data Breach

A D.C. federal judge has dismissed a putative class action against CareFirst BlueCross BlueShield that arose from a 2014 data breach. The judge determined that the alleged injuries suffered by the seven named plaintiffs failed to establish standing to sue, finding that “merely having one’s personal information stolen in a data breach is insufficient to establish standing to sue the entity from whom the information was taken.”  Two of the seven named plaintiffs alleged they suffered tax refund fraud because of the breach but the judge determined that this alleged injury was not...
Continue Reading

Cyber Storm V Highlights Need for Greater Info-sharing and Formalized Incident Response

Results from the Department of Homeland Security’s  (“DHS”) “Cyber Storm V” national exercise revealed that challenges remain around information and cyber threat indictor sharing, and that a plan for widespread cyber response would help improve response from government and industry to cyberattacks. Though the exercise showed that challenges remain, it also revealed an increased awareness of DHS’s role and capabilities in information sharing and incident response.  The exercise involved cabinet level participants as well as states, international partners, and approximately 70...
Continue Reading

EU-U.S. Privacy Shield Adopted

The European Commission has adopted the EU-U.S. Privacy Shield data transfer procedure, which replaces the safe harbor arrangement that was struck down by the European Court of Justice in October 2015. The Privacy Shield provides for additional protection of personal data, including dispute resolution and review procedures. In the United States, the Department of Commerce is responsible for implementation of the Privacy Shield and will begin accepting self-certifications of compliance from U.S. companies on August 1.  
Continue Reading

EU Leaders Approve EU-U.S. Privacy Shield

The European Union’s (EU) Article 31 committee, which is made up EU member states, has voted to approve the EU-U.S. Privacy Shield. This Trans-Atlantic Privacy Shield data transfer procedure replaces the safe harbor data transfer arrangement that was struck down by the European Court of Justice in October of last year.  Formal sign off on the Privacy Shield by EU and U.S. officials is expected Tuesday, July 12.
Continue Reading

Electric Grid Cyberattacks

Utility companies and grids are becoming increasingly vulnerable to cyber attacks. The Manhattan Institute recently released a report warning that although greater grid-Internet connectivity results in greener, smarter grids, these grids are also more likely to be the targets of hackers. The frequency of cyberattacks has increased by 60% annually within the last twelve years, and electric utility companies are a common target of such breaches. Policymakers and industry professionals must develop security technologies to respond to the threat of cyberattacks. Mark Mills, senior fellow at...
Continue Reading

NIST Announces Smart Grid Advisory Committee Meeting

The National Institute of Standards and Technology (NIST) announced that its Smart Grid Advisory Committee will meet July 13-14 at the NIST headquarters in Gaithersburg, Maryland. The meeting will provide an update on the NIST Smart Grid and Cyber-Physical Systems Program activities, and an opportunity to discuss the resiliency and reliability of the electric gird. Written comments may be submitted prior to the meeting....
Continue Reading

NIST Releases Draft Guidance on Cybersecurity Event Recovery

The National Institute of Standards and Technology (“NIST”) released draft guidance that outlines practices for responding to and recovering from cyberattacks. The goal of this publication, according to NIST, is to offer “tactical and strategic guidance regarding the planning, playbook developing, testing, and improvement of recovery planning.” Public comments are being accepted through July 11,...
Continue Reading

DHS Issues Final Information Sharing Guidelines

The Department of Homeland Security has issued final guidance on the implementation of the Cybersecurity Information Sharing Act of 2015. The final guidance documents include: Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015, Privacy and Civil Liberties Final Guidelines, Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government under the Cybersecurity Information Sharing Act of 2015, and Final Procedures Related to the Receipt of Cyber Threat...
Continue Reading

NIST Releases Framework of Standards for Cyber-Physical Systems

The National Institute of Standards and Technology (NIST) has released a preliminary version of a framework for Cyber-Physical Systems (CPS). This framework was created with the goal of establishing a foundation from which CPS can be developed, designed, and built to work seamlessly with other smart systems. The framework was developed over a two-year period by a public-private working group with input from various stakeholders including government agencies and the IT, telecom, and transportation...
Continue Reading

NAIC Task Force Hosts Insurance Data Security Model Law Meeting

On May 24 and 25, the National Association of Insurance Commissioners (the “NAIC”) Cybersecurity (EX) Task Force (the “Task Force”) hosted a meeting in which state insurance commissioners and interested parties were invited to provide comments to and voice concerns about the current draft of the Insurance Data Security Model Law (the “Model Law”).  This Model Law is designed to “establish exclusive standards for data security and investigation and notification of a breach of data security” for “all licensed insurers, producers, and other persons” licensed, authorized, or...
Continue Reading

DHS to Clarify Liability Protections for Companies Sharing Cyber-threat Indicators

The Department of Homeland Security (DHS) intends to issue revised guidance that will clarify liability protections for companies sharing cyber-threat indicators among themselves, and will reissue guidance on information sharing with non-federal entities under the Cybersecurity Act of 2015. DHS intends to revise the initial guidance issued in February to reflect the industry feedback it has received. On June 15, DHS also intends to issue final versions of the interim guidance on operational procedures for government receipt of cyber-threat information and on privacy and civil liberties...
Continue Reading

House Passes Cybersecurity Consortium Act

The House of Representatives passed the National Cybersecurity Preparedness Consortium Act, which will allow the Department of Homeland Security (DHS) to establish a consortium to address cybersecurity threats and incidents. The consortium would provide training to state and local first responders and officials, conduct training and simulation exercises, and help states develop information sharing programs. The bill now moves to the Senate, where it will be considered by the Committee on Homeland Security and Governmental...
Continue Reading

DHS Announces Public Hearings and Requests Comments on Handling of Critical Infrastructure Information

  The Department of Homeland Security (“DHS”) announced that it will hold a series of public hearings and request comments on revising its regulations regarding the handling of protected critical-infrastructure information (“PCII”) in an automated and electronic format.  According to the notice published in the Federal Register, DHS is requesting comments on revising its rules regarding: “(1) automated submissions and an expansion of categorical inclusions, (2) marking PCII, (3) sharing PCII with foreign governments, (4) regulatory access, (5) safeguarding, (6) oversight and...
Continue Reading