Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

The Future of Artificial Intelligence: Autonomous Vehicles and Beyond

Did you know that 90% of vehicle-related deaths are attributable to human error? In this Bottom Line videocast, The Future of Artificial Intelligence: Autonomous Vehicles and Beyond is discussed by Eversheds Sutherland (US) Partner Michael Nelson and Eversheds Sutherland (International) Partner Charlotte Walker-Osborn. By embracing artificial intelligence, companies and consumers need to truly understand the impacts, including: The rate of auto-related deaths will be lowered drastically Our overall transportation, commerce and quality of life will be improved AI is a reality today and will...
Continue Reading

BTI Consulting Group Names Eversheds Sutherland (US) Among Top Cybersecurity Law Firms

We are pleased to announce that Eversheds Sutherland (US) LLP has been singled out as one of the leading cybersecurity and data privacy law firms by BTI Consulting Group in its annual Law Firms Best at Cybersecurity report. Cybersecurity and data privacy is the fastest growing segment of outside counsel spending. It is also the biggest issue keeping clients awake at night. Clients are placing heavy focus on forward-looking, as well as current, cybersecurity issues. The rankings are based on 324 interviews conducted in 2016 with leading legal decision-makers at companies with $1 billion or...
Continue Reading

Senate Committee Holds Hearing on Cyber Threats to Energy Delivery Systems

The U.S. Senate Committee on Energy and Natural Resources held a hearing called “Efforts to Protect Energy Delivery Systems from Cybersecurity Threats.” The focus of the hearing was to examine efforts being made to protect the electric power grid as well as other energy delivery systems from cybersecurity threats. The hearing featured testimony from the chief executive officer of Arkansas Electric Cooperative Corp. as well as testimony from five other panelists including representatives from Idaho National Laboratory, the American Gas Association, the North American Electric Reliability...
Continue Reading

NIST Releases Revised Framework for Public Comment

The National Institute of Standards and Technology (NIST) has released draft revisions to its voluntary “Framework for Improving Critical Infrastructure Cybersecurity.” This update revises the Framework to reflect input from NIST’s December 2015 Request for Information as well as input received during the workshop hosted by NIST in April 2016. The revisions introduce the idea of using metrics to measure the business impact of using the Framework and include a common “vocabulary” to extend the use of the Framework to suppliers and vendors. The updated framework was released in three versions:...
Continue Reading

NIST Issues Cyber Incident Response Guidance

The National Institute of Standards and Technology has issued a new guidance to help organizations develop a “game plan” for responding to cybersecurity incidents. NIST’s Guide for Cybersecurity Event Recovery comes as the federal government prepares to issue its finalized cyber incident response plan prior to President-elect Trump’s inauguration in January. NIST’s new guide consolidates existing NIST guidance and provides a process for organizations to develop a cyber incident recovery...
Continue Reading

Amendment to Criminal Procedure Rule 41 Impacts Data Privacy in U.S. and Abroad

On December 1, 2016, amended Rule 41 of the Federal Rules of Criminal Procedure (FRCP) went into effect, thus expanding federal law enforcement’s power to search and seize electronic data. The new rule will allow law enforcement to seek a warrant from a “magistrate judge with authority in any district where activities related to a crime may have occurred” and use that warrant to legally access and copy data from any computer system that may be “concealing” electronically stored information (ESI) pertinent to, or damaged by, the crime. The rule has caused consternation among privacy activists...
Continue Reading

Report of Cybersecurity Commission Expected to be Released Friday

According to recent news reports (subscription required), the White House is expected on Friday, December 2, to publicly release the report prepared by the blue-ribbon commission on enhancing national cybersecurity. It is anticipated that this report will offer policy initiatives that can be implemented immediately by the next administration, and the report is expected to serve as a basis for cybersecurity related transition discussions between the Obama and Trump administrations. Update: As expected, the presidential Commission on Enhancing National Cybersecurity has released its report....
Continue Reading

China Creates New Cybersecurity Regulation

China has recently released new cybersecurity regulations. The onerous set of rules affects individuals and businesses alike. Individuals are prohibited from sharing content that will “damage national unity” and must register for online services with their real name and other personal information. Corporations must store data locally, which would allow for Chinese surveillance. The Chinese government must also be given the access capability to shut down products and services as the government sees fit when responding to security incidents. Furthermore, all companies operating within Chinese...
Continue Reading

FCC Adopts Order Approving New Rules for ISPs

The Federal Communications Commission (“FCC”) has adopted new data privacy and security rules for internet service providers (“ISPs”). Under the new rules, ISPs must adopt “reasonable” data security and other measures, and obtain their customers’ explicit consent before using or sharing with third parties sensitive data. Sensitive data includes financial and health-related information, children’s information, precise geo-location information, and related data. For non-sensitive data (such as service tier information), the use and sharing of that information will be subject to opt-out...
Continue Reading

ISAO Standards Group Releases Guidelines for Information Sharing

Information and Sharing and Analysis Organizations, or ISAOs, can now look to four new publications for guidance in establishing ISAOs and in sharing cybersecurity information and interacting with the intelligence community, law enforcement agencies, U.S. regulatory agencies, and the Department of Homeland Security (DHS). The guidance documents include: ISAO 100-1, Introduction to Information Sharing and Analysis Organizations, ISAO 100-2, Guidelines for Establishing an ISAO, ISAO 300-1, Introduction to Information Sharing, and ISAO 600-1, U.S. Government Relations, Programs, and Services....
Continue Reading

CFTC Finalizes Rules on Cybersecurity Testing for Futures Industry

Under new rules adopted by the Commodity Futures Trading Commission (CFTC), various entities in the futures industry must undertake cybersecurity testing. At its open meeting on Sept. 8, 2016, the CFTC amended its system safeguards rules for exchanges, clearinghouses, and data repositories to require cybersecurity testing and system safeguards risk analysis. Under the amended rules, specified entities must undertake five types of testing: (1) vulnerability testing, (2) penetration testing, (3) controls testing, (4) security incident response plan testing, and (5) enterprise technology risk...
Continue Reading

White House Cyber Commission Issues Requests for Information

The White House’s Commission on Enhancing National Cybersecurity has announced in a Federal Register Notice that it is seeking information on a variety of cybersecurity topics. The Notice indicates that the Commission is seeking information on topics including critical infrastructure cybersecurity, cyber insurance, research and development, the cyber workforce, federal governance, identity and access management, international markets, the Internet of Things, public awareness and education, and state and local government cybersecurity. According to the Notice, the Commission is seeking...
Continue Reading

Federal Judge Dismisses Class Action Arising from Data Breach

A D.C. federal judge has dismissed a putative class action against CareFirst BlueCross BlueShield that arose from a 2014 data breach. The judge determined that the alleged injuries suffered by the seven named plaintiffs failed to establish standing to sue, finding that “merely having one’s personal information stolen in a data breach is insufficient to establish standing to sue the entity from whom the information was taken.”  Two of the seven named plaintiffs alleged they suffered tax refund fraud because of the breach but the judge determined that this alleged injury was not plausibly tied...
Continue Reading

Cyber Storm V Highlights Need for Greater Info-sharing and Formalized Incident Response

Results from the Department of Homeland Security’s  (“DHS”) “Cyber Storm V” national exercise revealed that challenges remain around information and cyber threat indictor sharing, and that a plan for widespread cyber response would help improve response from government and industry to cyberattacks. Though the exercise showed that challenges remain, it also revealed an increased awareness of DHS’s role and capabilities in information sharing and incident response.  The exercise involved cabinet level participants as well as states, international partners, and approximately 70 companies...
Continue Reading