SEC Examiners to Review How Asset Managers Fend Off Cyber Attacks

Editor’s Note: The SEC’s increasing focus on cybersecurity was evident in their FY 2013 budget request.  See here.  CRE has explained that the SEC should coordinate their cyber security regulatory activities with our European trading partners through the TTIP process.

From: Reuters

(Reuters) U.S. regulators said Thursday they plan to scrutinize whether asset managers have policies to prevent and detect cyber attacks and are properly safeguarding against security risks that could arise from vendors having access to their systems.

“We will be looking to see what policies are in place to prevent, detect and respond to cyber attacks,” said Jane Jarcho, the national associate director for the Securities and Exchange Commission’s investment adviser exam program.

Cybersecurity struggle

From: PoliticoPro


Part of a POLITICO Pro Special Report series on the Obama administration’s executive action and regulatory agenda.

The partisan squabbling on Capitol Hill often precludes lawmakers from acting as quickly as the speedy iPhones and self-driving cars that they’re supposed to help regulate.

It has also paved a digital fast lane of sorts for President Barack Obama.

Some of the most pressing technology issues in Washington — from the security of the country’s networks to the way government handles patents or hires tech experts — are being adjudicated predominately by the White House, an unavoidable go-it-alone approach in debates that matter to tech giants in Silicon Valley and profit-makers on Wall Street.

Obama Trying Executive Action for Cyber Fixes

Editor’s Note: For information about a forthcoming presentation on the limits of executive authority, see here.

From: DefenseNews 


WASHINGTON — Following up on President Barack Obama’s State of the Union theme of executive action regardless of congressional approval, the Defense Department (DoD) and General Services Administration (GSA) announced late Wednesday they were moving ahead with six “planned” reforms to improve cybersecurity in the federal acquisition system.

The announcement of the reforms coincided with the release of “Improving Cybersecurity and Resilience Through Acquisition,” a joint DoD/GSA report dated November 2013. That report outlines suggestions for training and accountability for cyber to make sure security is baked into products, but most importantly, includes the idea of instituting “baseline” security requirements for contractors.

Pentagon, GSA map out acquisition cybersecurity; tester finds issues remain

From: Reuters

By Andrea Shalal-Esa

(Reuters) – The U.S. Defense Department and General Services Administration on Wednesday mapped out six broad reforms to improve the cybersecurity of more than $500 billion in goods and services acquired by the U.S. federal government each year.

The guidelines come as the Pentagon’s chief weapons tester warned that military missions remained at “moderate to high risk” since local network operators were not always able to defend networks against determined cyberattacks.

A report released by the tester on Wednesday said scans of the networks used by weapons still showed missing software “patches” and vulnerabilities that allowed teams of government “hackers” to penetrate and exploit networks.

FTC Affirms Data Security Authority Over HIPAA-Covered Entities

From: iHealthBeat

In a case involving a security breach of thousands of patients’ personal health data, the Federal Trade Commission has ruled that HIPAA-covered entities also can be subject to security enforcement by the commission, FierceHealthIT reports.

Background on Case

In 2013, FTC filed a complaint against LabMD, a cancer-detection services company, for two privacy breaches in 2008 and 2012 that affected about 10,000 patients (Bowman, FierceHealthIT, 1/28).

In the complaint, FTC wrote that LabMD’s “failure to employ reasonable and appropriate measures to prevent unauthorized access to personal information” violated the agency’s regulations.

Read Complete Article