Category Archives: regulatory enforcement

Anatomy of an "Aggressive" Cybersecurity Measure by the Razorbacks

Where: Arkansas

The legislation: Senate Bill 632 (2019 | AR)

What does SB632 do?

  • Creates the Cyber Initiative
  • Housed within the Economic Development Commission
  • mitigate the cyber-risks to Arkansas
  • increase education relative to threats and defense
  • provide the public and private sectors with threat assessments and other intelligence
  • foster growth and development around tech, IT and defense
  • create a “cyber alliance” made up of partnerships with a variety of insitutitions like…

Regulatory TREND. What do I need to know about Active Cyber Defense?

Active Cyber Defense uses private sector cyber bounty hunters and hackers  to protect critical infrastructure.

Who is behind this concept?

  • An Atlantic Council report,
  • by, Frank Kramer, Assistant Secretary for International Security Affairs for the Clinton administration
  • and by, Bob Butler, Deputy Assistant Secretary for Space and Cyber in the Obama administration

How would this private sector system work?  the private sector hackser would be deputized  “certified active defenders” to assist…

Regulatory TREND. Anatomy of the Cybersecurity Solarium Commission

The U.S. Cybersecurity Solarium Commission is taking inspiration from the 1950s era commission that studying nuclear strategy.

The 14 member Cybersecurity Solarium Commission will be comprised of:

  • 4 current lawmakers
  • director or deputy director of National Intelligence
  • drector or deputy director of Defense
  • director or deputy director of the FBI
  • director or deputy director of Homeland Security
  • academics
  • industry representatives

Strategies to develop:

Anatomy of a Data Security Bill in North Carolina

The legislation: HB 904 (2019 | NC)

How does it impact businesses: Creates a duty on businesses to maintain reasonable security procedures and practices

Notification time frame: 15 days

Free credit freezes, thaws and monitoring? yes, yes and yes

Consent: Requires consent to access a consumers credit report

NC Attorney General Talking Points on HB 904 

Lege TREND. Revisiting How one State Responded to Equifax Breach

State: Massachusetts

Legislation: H 4806 (2018 |MA)

What did Massachusetts enact?

  • consumer consent before any third party can obtain the consumer’s credit report
  • free credit freezes and thaws
  • entieis that have suffered a data breach have enhanced reporting requirements
  • free credit monitoring to affected consumers

Leominster Champion | Governor Signs Bill to Enhance Credit Data Security

 

Regulatory TREND.Biometric Security Oversight Commissions. Forward Thinking Procurement Opportunities.

Where: Australia

What group is recommending a Biometric Security Oversight Commission? The Parliamentary Joint Committee on Law Enforcement

In its report  the joint committee found that:

  • need to protect biometric data collected and shared among law enforcement agencies
  • increase IoT security awareness
  • review of biometric and persoinal information security legislation to keep it up to date,
  • consider hybrid storage facilities
  • consider advanced techniques like  artificial intelligence for…

Business TREND. Industry Calls for First Amendment Rules with Data Privacy Rules.

Who: Facebook

What does Facebook want? It wants to know the rules of the game for political speech and the Constitution

Why? The government rather than a private comapny, like facebook shuld detemrine constitutional limitations

Variety | Facebook’s Mark Zuckerberg Says ‘We Need New Rules’ Regulating Political Speech

Regulatory TREND. Anatomy of a State Cyber Office. How to hold agencies accountable to the Executive Branch?

West Virigina HB 2452 (2019 |WV)  created the a new Cybersecurity Office within the Office of Technology.

Goals of the a new Cybersecurity Office:

  • risk assessment across state agencies
  • establish unifying security standards among state agencies
  • will leverage a risk management approach
  • provide for “apples-to-apples comparison of cyber-risk assessments across all agencies within the Executive Branch.”  

Stems from WV’s 2018 particiaption in the National Governors Association (NGA)…

Data Security new Threats to Water and Wastewater. Regulatory & Legislative Fixes on the Horizon.

IN March 2019 hackers got into a small Colorado water utility.

Are there regualtory parallels that can be made to secure the water and waste water systems? Yes, Water utilities & power distributors share similar industrial control systems

Which states have taken water security measures forward? NJ, NY 

E& E News | Hackers force water utilities to sink or swim

Regulatory TREND. Security Gaps in Medical Equipment

New data breach lingo: The Internet of Medical Things (IoMT)

Why does this matter? Health care data breaches are thepriciest at $08 per record

What’s the latest breach of medical devices? ultasound equipment that can be hacked and have images swppaed by hackers

Dark Reading | Ultrasound Machine Diagnosed with Major Security Gaps

Politico | Why 2020 contenders need to worry about hackers now