Crossroads Blog | CYBER SECURITY LAW AND POLICY

Cybersecurity, Cyberwar

Cyber Round Up: Emerging Legalities in a post-Wyndham World, Creating a Culture of Cybersecurity, One for All and All for One, US Authorities name Chinese Firms Involved in Hacks

  • Important Lessons in Cybersecurity post-Wyndham (Security, Privacy and the Law): According to an article by Colin Zick, the Wyndham case has brought cybersecurity issues into the forefront.  Zick’s article states some very basic premises, namely that a firm has to be cognizant of, and in compliance with its own security and privacy policies.  The article indicates that the Wyndham outcome sends a message that the most rudimentary actions are expected to be taken, some of which include:
    • Encrypting credit card data [Personally Identifiable Information (PII)],
    • Monitoring networks that contain PII,
    • Limiting third-party access to company networks and networked devices,
    • Maintaining firewalls, and
    • Changing default passwords.

Zick’s article also highlights a recent Securities and Exchange Commission (SEC) settlement with an investment adviser (R.T. Jones) that allegedly failed to establish cybersecurity procedures and suffered a breach.  While the PII of over 100,000 people was compromised there was no damage; however merely failing to establish cyber procedures resulted in SEC action, according to the article.  The full text of the article can be found here, and the SEC press release can be found here.

  • Creating a Culture of Cybersecurity (Business Wire): A cybersecurity firm, Cybergy Holdings, commented on cybersecurity in an article by the Business Wire.  In the article, Cybergy expresses the view that one of the keys to a successful cybersecurity program is ensuring that employees are involved and aware.  The article posits that since so many attacks target individual users, it is of paramount importance that organizations actively engage their employees to ensure that the individual understands their role in cybersecurity.  In the article, Cybergy indicates that starting with employees fosters the creation of a cyber culture in which people have a personal stake in ensuring overall cybersecurity.  This personal responsibility coupled with cyber knowledge transfer allows employees to enhance, rather than weaken a cybersecurity program, according to the article.  The article can be found here.
  • One for All and All for One (Next Gov): According to this article, the House of Representatives Inspector General Theresa Grafenstine states that the U.S. is in the middle of a cyberwar.  Congress is attacked on a daily basis, from a variety of sources ranging from individual youths, to nation-states, according to the article.  The IG goes on to say that the U.S. will need the assistance of every able-bodied individual to aid help win this “war”, reports Next Gov.  The article states that government agencies, industry leaders, and academia will have to join resources and work collaboratively in order for the U.S. to succeed.  The full text of the article is available here.
  • U.S. Authorities name Chinese Firms Involved in Hacks (The Hill): According to an article in The Hill, U.S. authorities have named the following Chinese companies as being in receipt of stolen U.S. trade secrets: Chinalco, China’s largest aluminum company, Baosteel, a large Chinese steelmaker, and SNPTC, a Chinese nuclear power firm.  The article indicates that the Chinese People’s Liberation Army (PLA) coordinated the hacking efforts and this subsequently resulted in indictments being filed against five PLA Officers.  In the PLA indictment, the U.S. victims were identified as: Westinghouse Electric, subsidiaries of SolarWorld, Alcoa, Allegheny Technologies, and U.S. Steel, according to the article. The article can be found here.

Leave a Reply