Report: Cyber security becoming top concern for energy industry

From: FuelFix (Statoil)

by Simone Sebastian

Cyberattacks and other IT security issues have become a top industry concern for the first time in the history of Ernst & Young’s recurring survey of energy executives, ranking No. 9 on the list of most important industry concerns of 2013.

IT security, particularly the threat to companies’ operations and energy infrastructure, was a new entrant this year in the list of Top 10 risks to the oil and gas industry. The No. 1 concern remained “the risk of a health, safety or environmental incident,” as it was in the last survey.

The Most Important Cybersecurity Case You’ve Never Heard Of

Editor’s Note:  Additional CRE coverage of the FTC/Wyndham case may be found here, here, here and here.

From: Lawfare

Paul Rosenzweig

The case is Federal Trade Commission v. Wyndham Worldwide Corporation, a civil suit brought in the District of Arizona by the FTC relating to a cybersecurity breach at Wyndham.  To understand why the case matters quite a bit, we need to step back and understand the FTC.

HHS Development of a Risk-Based Regulatory Framework and Strategy for Health Information Technology

Editor’s Note:  The HHS advance Federal Register notice is attached here.  Below is an excerpt

From:  HHS/Office of the Secretary


The Food and Drug Administration (FDA), Office of the National Coordinator for Health Information Technology (ONC), and Federal Communication Commission (FCC) seek broad input from stakeholders and experts on the elements we should consider as we develop a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework for health IT, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication. To that end, we are requesting comments on the topics identified in Section III.


Built-in security could start with a common lexicon

From: GCN

By William Jackson

It makes sense to buy products and services with some degree of security built-in rather than to add security piecemeal as vulnerabilities are found. That is one of the goals of an interagency working group developing plans for cybersecurity requirements in federal acquisitions.

The Joint Working Group on Improving Cybersecurity and Resilience through Acquisition, a cooperative effort between the Defense and Homeland Security departments and headed by the General Services Administration, has issued a request for information on how best to include cybersecurity requirements in contracts. Such requirements are not entirely absent from Federal Acquisition Regulations, but the working group is tasked with making them more consistent — both across government and with industry requirements — and focusing them on risk management rather than boiler-plate contract language.

N.Y. Wants Info on Insurers’ Online Security Measures

From: Dow Jones Business News

–New York seeks details on how insurers protect policyholder records

–Governor says information provided to insurers is “a virtual treasure trove for hackers”

–Companies ask for information include Aetna, AIG, Humana, MetLife, Travelers and others

(Adds comments from MetLife, Prudential in the sixth paragraph.)

By Debbie Cai

New York Gov. Andrew M. Cuomo is seeking details on how insurers are protecting customers and companies’ health and financial records from online security threats, the New York State Department of Financial Services said in a statement.