Archive for April, 2018
From: The National Law Review
In a recent post, we discussed the Canadian Cabinet’s announcement that Canada’s new data breach regulations go into effect on November 1, 2018. Despite announcing the effective date, Canada had not yet finalized these regulations. However, on April 18, 2018, Canada unveiled the Breach of Security Safeguard Regulations: SOR/2018-64 (“Regulations”).
To highlight some of the finer points, in order to trigger notification requirements, the Regulations require organizations to determine if a data breach poses a “real risk of significant harm” to any individual had their information accessed in the breach. If an organization meets this harm threshold, then the affected organization must notify the Privacy Commissioner of Canada, as well as the affected individuals.
From: NATO Cooperative Cyber Defence Centre of Excellence
NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) welcomes the decision of Australia to become a member of the NATO-accredited cyber defence hub. Australia announced their decison today during an opening of Australia´s pop-up embassy in Estonia.
“Accession of Australia expands the reach and cooperation of like-minded nations in cyber defence beyond the Euro-Atlantic area, making our cyber defence hub truly global. We are glad to welcome Australia becoming a member nation,” said Merle Maigre, Director of the NATO Cooperative Cyber Defence Centre of Excellence.
From: Center on National Security at Fordham Law School
Amid flaring trade tensions between the world’s two largest economies, the Trump administration zeroed in last week on two of China’s top technology companies. On Monday, regulators in Washington restricted U.S. companies from selling equipment to ZTE Corp. for seven years, saying the Shenzen-based telecom giant ran afoul of a sanctions violations settlement deal last year.
From: Maui Now
Senators Mazie K. Hirono (D-Hawai‘i) and Cory Gardner (R-Colo.) applauded the Department of Homeland Security’s inclusion of the Korea Internet and Security Agency, South Korea’s lead cybersecurity agency, in its Automated Indicator Sharing system that enables the exchange of cyber threat indicators between international, federal, state, local, and private sector entities at machine speed.
Threat indicators are pieces of information like malicious IP addresses or the sender address of a phishing email. In November 2017 Hirono and Gardner led a letter to then-acting DHS Secretary Elaine Duke expressing support for increased cybersecurity cooperation with South Korea given the shared cyber threat from North Korea and urging DHS to expedite its participation in the AIS system which Japan joined last year.
From: Business Insider
- The CEO of the cybersecurity firm Darktrace says hackers are increasingly targeting unprotected “internet of things” devices, such as air-conditioning systems and CCTV, to get into corporate networks.
- She told the WSJ CEO Council Conference that in one incident, a casino was hacked through the thermometer in its lobby aquarium.
- A former director of the UK’s Government Communications Headquarters also called for laws outlining minimum security standards for internet-of-things devices.
Eagan gave one memorable anecdote about a case Darktrace worked on in which a casino was hacked via a thermometer in an aquarium in the lobby.
From: NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)
Next week NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) organises Locked Shields 2018, the largest and most advanced international live-fire cyber defence exercise in the world. The annual exercise is a unique opportunity for national cyber defenders to practise protection of national IT systems and critical infrastructure under the intense pressure of a severe cyber attack. Media accreditation deadline to the exercise is April 23rd.
In 2018 Locked Shields taking place from April 23rd to 27th will highlight the growing need to enhance dialogue between various experts and decision-making levels. CCDCOE integrates the technical and strategic game, enabling participating nations to practice the entire chain of command in the event of a severe cyber incident, from strategic to operational level and involving both civilian and military capabilities. Considering the current cyber threats that are concerning nations the most, the exercise will address the protection of vital services and critical infrastructure.