Cyber – Home

A PubKGroup Product

About

PubKCyber is the go-to source for the most critical regulatory, policy, and oversight developments related to federal cybersecurity. Our coverage includes federal cyber regulations and policy, local and state activity, international law and agreements, federal regulatory body activity, congressional and agency oversight, and industry standards, as well as legal actions and court decisions related to cybersecurity, privacy, and fallout from security breaches.

Job Board

Ability to subscribe and post job announcements and advertisements online

PubKCyber Newsletter

A daily email summarizing the day’s top cyber developments relevant to contractors

PubK Event Board

A weekly community calendar emailed to your inbox

Coming in 2017:

A bimonthly update collecting critical developments, with added insight and context, and links to important resources

Sample Articles

Update: HealthCare.gov Breach Exposed Extensive Data

The Department of Health and Human Services has revealed that a recent breach of the Healthcare.gov site – which it announced with little detail in October – exposed the data of 75,000 individuals, including partial Social Security numbers, immigration status, and other personal information.

The site includes a tool for licensed insurance agents and brokers to search for consumers who have an application stored on the system. HHS discovered in mid-October that some of these accounts were performing excessive searches, apparently being used by an unauthorized party. They immediately disabled those accounts and the search feature itself.

However the data exposed includes much of the personal information that the site stores, including applicants’ identification data, income and tax filing information, reported pregnancy status, citizen/immigrant status, employment information, eligibility for health plans, and any plan they are enrolled in.

The information accessed did not include full Social Security numbers, or information the site does not collect, such as financial account details or general health information.

HHS will provide those whose data was exposed with free identity theft protection services.

More at Healthcare Info Security

DOD Expands Industry Day for Contract on Cybersecurity Testing Teams

The Department of Defense has expanded an event in Orlando, Florida, intended to help it augment its workforce for cybersecurity testing-and-evaluation activities.

The National Cyber Range Complex will add an additional industry day to their NCRC Event Planning, Operations, and Support event, which will now take place Nov. 27-28, followed by of one-on-one informational sessions with attendees.

The event will provide the private sector with an overview of a contract for staffing the NCRC.
The contract will call for subject matter experts that can assist in cybersecurity testing, evaluation, training, and mission rehearsal exercises at multiple government installations housed under the NCRC.

More at FedScoop

New Ohio Law Creates Safe Harbor for Certain Breach-Related Claims

A breach law that just went into effect in Ohio provides covered entities with a legal safe harbor for certain data breach-related claims under Ohio law. It is the first law in the U.S. to offer an incentive to businesses that take steps to ensure that there are policies and procedures in place to protect against data breaches.

To qualify, at the time of the breach the entity must comply with a cybersecurity program that:

  • contains administrative, technical, and physical safeguards for the protection of personal information; and
  • reasonably conforms to one of several “industry-recognized” cybersecurity frameworks.

In addition, the program must be designed to:

  • protect the security and confidentiality of the information;
  • protect against any anticipated threats or hazards to the security or integrity of the information; and
  • protect against unauthorized access to information that is likely to result in a material risk of identity theft or other fraud.

More at Hunton Andrews Kurth LLP

ABA Says Lawyers Must Monitor for Data Breaches, Inform Affected Clients

The ABA’s Standing Committee on Ethics and Professional Responsibility has released an opinion that its Model Rules of Professional Conduct require lawyers to monitor for and prevent data breaches, determine what occurred, restore systems, and inform clients if their sensitive data is breached.

However, it clarified that an ethical violation doesn’t necessarily occur if a hacker successfully hides its activities, “despite reasonable or even extraordinary efforts by the lawyer.”

The ABA uses “reasonable efforts” throughout the opinion when discussing how to ethically deal with current and potential data breaches. It defines their nature and scope based on “The ABA Cybersecurity Handbook,” which focuses on security responses rather than specific software needed.

More at Legaltech News

NIST Offers Insight Into Updated Risk Management Framework

The National Institute of Standards and Technology has issued a Final Draft of Special Publication 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations–A System Life Cycle Approach for Security and Privacy. The draft features several updates aimed at supply chain risk, the NIST Cybersecurity Framework, and the pending update to NIST SP 800-53, Revision 5, which is focused on information security for federal information systems but now with an added emphasis on privacy-by-design.

One of the key changes is the introduction of a new step in the process: “Prepare.” The purpose of this step is to achieve more cost-effective and efficient security and privacy risk management processes. The revised RMF reflects the increasing trend toward approaching risk assessment and risk management as a comprehensive, enterprise-wide responsibility rather than as a series of discrete activities divided into subject matter silos.

Read the full post at Crowell & Moring Data Law Insights

Want to Read more?

Get a free account today.

Get Started

Publish With Us

You can publish with Pub K by sending us information on your blog or entering a post directly with us.

Publish With Us

Post An Event

Submit an event to our community events calendar (Free for Government Employees with an active membership!)

Post An Event

Contact

We'd love to hear from you.

Contact Information

700 6th St. NW Ste. 430
Washington, DC 20001

1-844-PUBKLAW (1-844-782-5529)

Member Support:
[email protected]

Technical Support:
[email protected]

Enterprise Sales:
[email protected]