Why Cybersecurity Legislation Will Likely Come Up Short — Again

From: American Banker

by Victoria Finkle

WASHINGTON — The threat of cyberattack is an increasingly hot topic in Washington, but political interest alone appears unlikely to provide enough momentum to get cybersecurity legislation supported by banks passed this year.

The issue continues to gain widespread attention in the wake of numerous attacks on banks and other companies in recent years, with some, including former Defense Secretary Leon Panetta, warning about the prospect of a future “cyber-Pearl Harbor” that could cause widespread damage to financial networks, the power grid or other key sites.

Could the SEC’s Cyber Disclosure Gudiance Put Companies in an Untenable Position?

From: CRE

The SEC has issued Gudiance on corporare disclosure of material cyber risks and attacks.  A front page article in today’s Washington Post, however, raises concerns that there could be circumstances in which companies may not be able to disclose materials known facts about their cybersecurity.  Although it is not clear whether any federal contractors were even involved in the theft of information about weapons systems, it is possible that even if one or more publicly traded companies, were involved, they may prohibited by federal law from disclosing the matter.  The Post article explained that the information about the cyber-theft was contained in “a confidential report….”

Addressing healthcare mobile security from a legal standpoint

From: HealthITSecurity

Author Name Patrick Ouellette

When healthcare organizations’ IT and compliance staffs converge to implement a mobile platform for clinical staff users, technical and policy concerns are usually at the forefront of the decision-making process. But there’s also the legal aspect to mobile strategy that helps these organizations weigh the amount of risk involved with allowing clinicians to use mobile devices. Stephen Wu, a partner at the law firm Cooke Kobrick & Wu LLP, works with and advises many healthcare clients that are deliberating the best ways to provide mobile solutions within their organizations and secure the data that runs through those devices.

US weapon plans compromised by China: report

From: Sydney Morning Herald

Ellen Nakashima/Washington Post

Washington: Designs for many of the US’s most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defence industry.

Among more than two dozen major weapons systems whose designs were breached were programs critical to US missile defences and combat aircraft and ships, according to a previously undisclosed section of a confidential report prepared by the Defence Science Board for Pentagon leaders.

Cyber Security Regulation as a Potential Technical Barrier to Trade: An Example

Editor’s Note:  CRE discussed the need for the transatlantic coordination of cybersecurity regulation to prevent cyber defenses from becoming potential trade barriers, here.   The NHTSA plans to protect vehicle-to-vehicle communications and other automotive cyber systems discussed below provides a concrete example of how such protections could become a non-tariff trade barrier.  Specifically, vehicles manufactured in Europe (and Asia) will need the American cybersecurity requirements.  Unless the EU either forgoes development of comparable cybersecurity requirements or adopts the American plan, manufacturers will be faced with the need to develop multiple and potentially redundant and/or conflicting compliance measures.   Coordination between the EU and the US on regulatory cybersecurity could prevent such needless conflicts from occurring.  It should be noted that CRE discussed the issue of NHTSA regulation of automotive cybersecurity here with respect to protecting the integrity of vehicle’s data.