Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

DOE Creates Cybersecurity Office

The Department of Energy (DOE) has created a new office for energy security and cybersecurity. The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will work on energy infrastructure protection and DOE’s role in national security. As Secretary of Energy Rick Perry noted in his statement regarding the creation of the office, “DOE plays a vital role in protecting our nation’s energy infrastructure from cyber threats, physical attack, and natural disaster, and as secretary, I have no higher priority…This new office best positions the department to address the...
Continue Reading

US Partner Michael Bahar Comments on Intelligence Capabilities

Eversheds Sutherland Partner Michael Bahar is quoted in this New Yorker article regarding Chinese intelligence capabilities. “They are a professional service,” said Michael. “They do their homework.” Learn more.
Continue Reading

Tech Giants Brace for Europe’s New Data Privacy Rules

With the deadline for the new rules now just a few months away, Silicon Valley’s tech behemoths have been scrambling to get ready. Facebook and Google have deployed hundreds of people to make sense of the regulations. Many of the companies have overhauled how they give users access to their own privacy settings. Some have redesigned certain products that suck up too much user data. And in some cases, companies have removed products entirely from the European market because they would violate the new privacy rules. Learn...
Continue Reading

Securing the Cloud

Eversheds Sutherland Partner Michael Bahar is quoted in the Winter edition of USA Today Homeland Security regarding increasing efforts to keep data safe in the ‘new normal.’ “Particularly this summer, we’ve seen attackers going further – to extortion, data manipulation, disruption and even destruction,” said Michael. “What is increasingly critical is to respond to the rapidly evolving new normal.” He added, “It’s like washing your hands frequently during cold season. These attacks are remarkably unsophisticated and deeply human. You don’t need to be technically savvy to adopt good practices,...
Continue Reading

G-7 guidance on cybersecurity in the financial sector

The G-7 countries recently published important guidance on cybersecurity for the financial sector. While the aim of this guidance was harmonization, the practical reality remains one of piecemeal- and at times even conflicting – global, regulatory direction. To navigate this regulatory patchwork, international banks and financial institutions have to constantly assess the applicable legislation and regulation, and they have to make a decisions about their level of compliance with potentially overlapping or conflicting requirements. Read this Cyber Security Practitioner cover article, which:...
Continue Reading

Cyber Attacks on U.S. Power Grids Can Be Deterred With Password Changes

A key to preventing cyber attacks from crippling U.S. power grids could be changing passwords on internet routers, wifi-connected thermostats and smart lawn-sprinklers. “A significant share” of internet attacks result from unchanged factory default passwords on web-connected devices that allow hackers to break in and and install malware, according to a Jan. 18 report by the Advanced Energy Economy Institute. Learn more....
Continue Reading

US Partner Michael Bahar Comments on Surveillance Tools

Eversheds Sutherland Partner Michael Bahar is quoted in this Politico article regarding the ongoing legislative debate involving the recent passage of a long-term extension of the government’s online surveillance tools. “It’s not really a pendulum swing as much as it is part of the start of a very long, complicated discussion on the role of privacy, not just in the United States, but globally,” said Michael. Learn more.
Continue Reading

DoT to Unveil Revised Autonomous Vehicle Regulations

At the Detroit auto show, Secretary Chao announced that the Department of Transportation will release revised self-driving vehicle regulations this summer. The regulations are expected encompass trucks and transit vehicles in addition to automobiles. Learn more.
Continue Reading

Mnuchin: Bitcoin firms subject to anti-laundering rules

Treasury Secretary Steven Mnuchin on Friday warned traders and firms offering services related to cryptocurrencies like bitcoin that anti-money-laundering and know-your-customer rules apply to them — and regulators are watching closely. Learn more.
Continue Reading

Senators Warren and Warner Introduce Cybersecurity Bill Aimed at Consumer Reporting Agencies

Senators Warren (D-Mass.) and Warner (D-Va.) introduced a bill today that would establish an Office of Cybersecurity at the FTC, charged with promulgating cybersecurity regulations and monitoring security of consumer reporting agencies, such as Equifax, require consumer reporting agencies to notify the FTC within 10 days of a breach, andimpose strict liability penalties for breaches of consumer data, beginning at $100 per consumer affected. The text of the bill can be found here. Senator Warren’s press release regarding the bill is...
Continue Reading

2017 Cybersecurity Litigation Year in Review and Forecasts

Cyber-related litigation continues to be volatile, with 2017 witnessing several momentous developments including rulings on standing, the extent of insurance coverage, the fate of the Fourth Amendment’s third-party doctrine in the digital age, and the emerging standard of care for cybersecurity. At the same time, Europe is seeing its own tectonic shifts in how it handles data, including data that is shared with the US. All of this creates some very serious fault lines that will need to be watched closely in 2018. Read this New York Law Journal article, which discusses: The current state of...
Continue Reading

NIST Releases Second Draft of Revised Cybersecurity Framework

The ever-smartening supply chain presents increasing cybersecurity risks to companies, and the importance of internal assessments has never been greater.  Accordingly, the National Institute of Standards and Technology (NIST) has released the second draft of Version 1.1 of the “Framework for Improving Critical Infrastructure Cybersecurity” for public comment. NIST provides valuable guidance in this draft, highlighting the importance of communication to manage cybersecurity within supply chains, and addressing identity proofing and the vulnerability disclosure lifecycle. This second draft...
Continue Reading

Triton Malware Shuts Down Industrial Plant

Cybersecurity experts at FireEye have issued a warning after a recent hacker attack caused “operational disruption to critical infrastructure” at an unnamed industrial plant. The hackers introduced a malware program that FireEye is calling “Triton” into the security system, likely in preparation for a larger attack. Learn more.
Continue Reading

Nearly a third of U.S. businesses experienced a data breach: Survey

A recent survey for The Hartford Steam Boiler Inspection and Insurance Company (HSB) found that 29 percent of U.S. businesses experienced a data breach in the previous year. Nearly half of those breaches were caused by a vendor or contractor working for a business, 21 percent were the result of employee negligence, and 20 percent were the result of lost or stolen mobile devices or storage media. Learn more.
Continue Reading