New York SHIELD Act Requires Safeguards to Protect Private Information
On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) went into effect. The SHIELD Act requires any person or business owning or licensing computerized data that includes the private information of a resident of New York (“covered business”) to implement and maintain reasonable safeguards to […]
Tech Industry Voices Concerns about the Pentagon’s Cybersecurity Certification Plan
A group of several technology company alliances – representing over 100 companies – warn that the DoD's Cybersecurity Maturity Model Certification initiative could have...
One Senator Wants Vendors to Ensure their Internet Connectivity Devices are Secure
Senator Mark Warner (D-VA) is urging network device vendors to ensure their products remain secure, as millions of Americans work from home. In letters to Google, Netgear, CommScope, Asus, Belkin, and Eero, Warner expressed concern about their wireless access points, routers, modems, mesh network systems, and “related connectivity devices.” He called on the companies to […]
Coronavirus and Home Working: Cyber Criminals Shift Focus to Target Remote Workers
A new report from Europe’s law enforcement agency details the increase in COVID-19-themed attacks, including phishing emails and spam campaigns designed to trick people into giving up sensitive personal information or banking details. Cyber criminals will increasingly exploit remote working, taking advantage of employees unaccustomed to working from home to conduct phishing and malware attacks […]
Who Should Be Responsible for Critical Infrastructure’s Cybersecurity?
New research finds that the overwhelming majority of IT professionals believe the government should be responsibility for securing critical infrastructure. According to Claroty’s new report, “The Global State of Industrial Cybersecurity,” 87 percent of U.S. respondents said that it’s the federal government’s responsibility to ensure the security of critical infrastructure. This is the lowest number […]
California Attorney General: CCPA Enforcement on Schedule Despite COVID-19
CCPA enforcement will not be delayed by COVID-19. A coalition of nearly sixty business and organizations called on California Attorney General Xavier Becerra to temporarily defer CCPA enforcement by six months until January, due to the pandemic. The wide-ranging coalition argued that a deferral of enforcement would allow businesses to prioritize the needs of their […]
HHS Limited Waiver and Guidance on HIPAA and the Privacy Rule During COVID-19 Pandemic
Since the outbreak of COVID-19, the HHS Office for Civil Rights has issued various guidance documents on compliance with HIPAA. The documents confirm that HIPAA still applies during the pandemic, but that compliance may be relaxed in certain situations to allow healthcare providers to respond more effectively to the current public health emergency. The topics […]
Doctrinal Confusion and Cultural Dysfunction in the Pentagon Over Information and Cyber Operations
Herb Lin of Stanford University sees “doctrinal and conceptual confusions” in Defense Department policy regarding the concepts of “information warfare,” “information operations,” “psychological operations,” and “influence operations.” He suggests that even within the Department of Defense, the terms have had elastic, imprecise, and ambiguous meaning, and are often used interchangeably to describe activities that are […]
Coronavirus Will Not Delay Pentagon’s Contractor Cybersecurity Program, Official Says
The Defense Department has officially entered into an agreement with the nonprofit corporation that will serve as the accreditation body for its Cybersecurity Maturity...
Amid Coronavirus, CISA and NIST Issue Guidelines to Boost Federal Telecommuting
The forced rush to telecommuting has caused many problems, with one of the most concerning being a surge in targeted attacks against strained federal...