Saturday, October 16, 2021

Subscribers Only

Free

Opinion: A Rising Tide Lifts All Boats in Maritime Cybersecurity

In an op-ed for CyberScoop, Senator Angus King (I-ME) and Representative Michael Gallagher (R-WI), say that recent physical disruptions in the maritime supply chain highlight the critical importance of securing the sector’s IT infrastructure. “While these recent disruptions were not caused by hacks or bad actors in cyberspace, they demonstrate the vulnerable chokepoints in the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OMB Issues Endpoint Security Directive to Federal Agencies and CISA

A new memo from the Office of Management and Budget directs agencies to work with CISA to protect their network endpoints such as workstations and servers. OMB has set a 90-day deadline for CISA to access agencies’ current endpoint detection and response deployments, followed by a timeline for a series of additional steps to improve […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OFAC Issues Updated Advisory on Sanctions Risks for Facilitating Ransomware Payments

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently issued an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” This advisory continues prior advisory comments strongly discouraging companies from making ransomware payments and suggests proactive steps for mitigating ransomware risks, including actions that OFAC would consider to be “mitigating […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

OFAC Issues Second Ransomware Advisory and Designates Virtual Currency Exchange for Sanctions

On September 21, the Treasury’s Office of Foreign Assets Control released an updated advisory to “highlight the sanctions risks associated with ransomware payments”—almost one year after issuing the first such guidance—and simultaneously imposed sanctions on SUEX, a virtual currency exchange accused of facilitating illegal transactions related to ransomware attacks. These developments highlight OFAC’s continuing focus […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Guest Post: Three Ways to Avoid Cyber-Related D&O Costs

In a guest post on D&O Diary, Rachel Soich, FCAS, MAAA, and a consulting actuary at Milliman, considers steps that companies can take to avoid cyber-related D&O costs. “Alphabet Inc. (parent of Google) and Marriott are two high-profile examples of firms subject to cyber-related directors and officers (D&O) lawsuits,” Soich writes. “It is unclear how […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Transition Period for Old Standard Contractual Clauses Ends

On September 27, 2021, the transition period allowing companies to continue using the old EU Standard Contractual Clauses for new transfers from the EU to a third country ended. Companies entering into new transfer agreements must now use the new SCCs published by the European Commission on June 4, 2021. However, transfers from the UK […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

The United Arab Emirates Announces New Federal Data Protection Law

On 5 September 2021, the UAE announced plans to introduce a new federal data protection law (“UAE Data Law”) in the coming weeks, its first-ever comprehensive data privacy and protection law to be issued.  The new law forms part of the UAE’s Projects of the 50, a set of economic and developmental initiatives designed to […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Bill Would Prioritize Security for Key US Critical Infrastructure

House Homeland Security Committee Ranking Member John Katko (R-NY) has introduced the Securing Systemically Important Critical Infrastructure Act, which would direct CISA to identify...

New Bills in House and Senate Would Require Ransom Notifications to DHS

Democrats in the House and Senate have introduced legislation requiring ransomware victims who pay hackers to notify DHS within 48 hours of doing so, and direct DHS to release an annual report anonymously disclosing information about payments. Senate sponsor Elizabeth Warren (D-MA) also wants DHS to study the role cryptocurrency plays in ransomware attacks. Representative […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

FTC Affirms Health Apps and Connected Devices Are Subject to Health Breach Notification Rule

According to recent guidance from the Federal Trade Commission, providers of health apps and connected devices that collect consumers’ health information must comply with the FTC’s Health Breach Notification Rule, and therefore are required to notify consumers and others when their health data is breached. The statement is intended to clarify the scope of the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.