Virtual Currency Platforms and Ransomware Attacks: OFAC Highlights Overlap of Sanctions and Cybersecurity Risks
In the past month, the Office of Foreign Assets Control of the US Department of Treasury has issued two advisories that highlight the heightened...
To further incentivize incident disclosures, Deputy Attorney General Lisa Monaco suggests that a business that tells the DOJ about a cyberattack they’ve experienced could find support from the agency with legal challenges resulting from the incident. Explaining the direct benefits of going to law enforcement, Monaco said the department would purse arrests and financial recovery, […]
Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, says the federal government is broadening how it addresses ransomware attacks and other aggression from Russia, China, and independent cyber actors. She promises “an aggressive, whole-of-government effort aimed at trying to hold the individuals accountable, deny them access to their proceeds, working with the […]
The DOJ has announced two major cyberspace-related enforcement initiatives: The Civil Cyber-Fraud Initiative will pursue FCA actions targeting individuals and entities that receive federal funds and knowingly (1) provide deficient cybersecurity products or services; (2) misrepresent their cybersecurity practices or protocols; or (3) violate obligations to monitor and report cybersecurity incidents and breaches. It will […]
DOJ Announces Civil Cyber-Fraud Initiative to Use False Claims Act to Enforce Cybersecurity Standards...
The announcement of the Civil Cyber-Fraud Initiative reflects a broader focus on cybersecurity across the federal government and ongoing evolution on appropriate cybersecurity standards in a dynamic threat environment. Historically, the government has treated cybersecurity standards as material conditions of government contracts and has used the FCA to pursue cases and damages when a contractor […]
On November 15, CISA will go live with its new Cyber Talent Management System, which gives agency managers more leeway in recruiting and retaining cybersecurity personnel by letting them define both the position and its pay grade. In particular, salaries can be tied to prevailing wages outside the federal government – which are typically higher […]
California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The information needs to be “reasonably protected.” While many other states have similar “reasonable protection” requirements in their data security […]
The Defense Digital Service has launched the SITH (System for Insider Threat Hindrance): a new project to automate DoD processes for tracking and raising earlier awareness of insider threat risks. DDS has awarded a $14.8 million contract to TrussWorks to develop the system, with the goal to deliver a prototype to the Defense Counterintelligence and […]
National Cyber Director Chris Inglis supports developing public-private partnerships with critical infrastructure operators to defend against cyberattacks, but not at the expense of holding those companies liable for failures to follow best practices. The idea of giving such businesses a level of protection from liability in lawsuits over successful attacks on their systems, in exchange […]