Cyber developments and insights for the government contracts community

Latest Developments


End-of-Support Devices on Networks Weakening Cyberdefenses

A new report from IT solutions provider Softchoice examined more than 212,000 Cisco networking devices at 350 organizations across North America and found that nearly three quarters of businesses have devices operating on their networks that are no longer supported…

Major Tech Firms Enrolling in Privacy Shield

Tech giants including Google and Dropbox have registered with the Privacy Shield, the joint U.S.-EU framework enabling companies to exchange personal data files in compliance with EU data protection requirements. Microsoft and Amazon previously announced their intention to join. More…

How Brexit Affects Data Privacy Regulations Between the US and UK

The UK’s vote to leave the European Union means the country will no longer be bound by the data privacy framework negotiated by the U.S. and EU. Britain may now have to negotiate new agreements with both entities, meaning multinational…

FTC Will Enforce Privacy on Set-Top Boxes

The Federal Trade Commission intends to ensure companies like Google adhere to the same privacy rules as cable providers if the Federal Communications Commission allows them to produce their own set-top boxes. FTC has advised FCC to require manufacturers entering…

Are Cybersecurity Lawyers Necessary for Organizations?

This op-ed suggests companies may not need to hire a lawyer specializing in cybersecurity, but keeping one on retainer to assist when a security incident occurs might be a good idea. Cyber attorneys can bring specialized expertise for cyber breach…

GSA Failed to Timely Notify 8,200 Individuals Affected by PII Breach

According to a new report from the General Services Administration’s Office of Inspector General, GSA failed to timely notify more than 8,200 individuals affected by a September 2015 breach that their personally identifiable information may have been exposed. GSA attempted…

How Federal Agencies Can Improve Cybersecurity with Better Data Encryption

In this commentary, Rob Roy, federal chief technology officer at HP Enterprise Security Products, says agencies can do a better job protecting their data by adopting encryption. Data-at-rest security helps when equipment is lost or stolen, but is not sufficient…

Significant Security Control Weaknesses Put Key FDA Systems at Risk

The Food and Drug Administration has taken steps to safeguard its key information systems, but a significant number of security control weaknesses continue to put the confidentiality, integrity, and availability of FDA’s systems and data at risk, according to a…

Webinar Provides Advice on Responding to Data Breach

In the second of three presentations, Lisa Sotto, head of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP, discusses data breach notification obligations and actions to take to manage regulatory activity in the aftermath of a breach.…

FTC May Have Some Cyber Jurisdiction Over Nonprofits

Although the Federal Trade Commission has traditionally lacked authority to regulate nonprofit organizations, its oversight was expanded under specific circumstances by the Fair and Accurate Credit Transactions Act, which enabled the Red Flags Rule—which requires covered entities to have plans…

EU General Data Protection Regulation, Binding Corporate Rules and Privacy Shield Training Requirements

In this commentary, Daniel Solove, president and chief executive officer of TeachPrivacy and a law professor at the George Washington University Law School, warns entities covered by the EU’s General Data Protection Regulation to not overlook the regulation’s requirement to…

Compliance Requires Cooperation Between Legal, CISO Teams

Strong communication and cooperation between the legal and information security offices can help ensure a company keeps current on legal and regulatory requirements related to cybersecurity, and avoid some serious repercussions in the aftermath of a breach. More at Search…

LabMD Appeal of FTC Action Has Wider Implications for Data Security

The outcome of LabMD’s appeal of the Federal Trade Commission’s enforcement action against it carries several implications for data security practices. If FTC wins, it likely will continue exercising its enforcement authority over data security issues, even when—as in the…

Q&A with Hogan Lovells on Security in the EU GDPR

In this interview with Varonis’ Inside Out Security Blog, Bret Cohen and Sian Rudgard from the Hogan Lovells Privacy & Cybersecurity practice discussed new data security requirements in the EU’s General Data Protection Regulation, including when a data protection impact…

New Bill Would Give Tax Credits for Cyber Insurance

Representative Ed Perlmutter (D-CO) has introduced a bill that would provide a 15 percent tax credit to companies that purchase data breach insurance and adopt NIST’s Cybersecurity Framework—or a similar standard approved by the Treasury Department—to protect their systems. Perlmutter…

DHS Readying Draft Cyber Incident Response Plan

The Department of Homeland Security is preparing to release a long-awaited draft of the National Cyber Incident Response Plan. In part, the plan will fill in details not addressed in Presidential Policy Directive 41, which established roles and responsibilities for…

DHS, Commerce Officials Disagree on Whether New Laws Can Ease Liability Fears Over Cyber Threat Information Sharing

During a recent U.S. Chamber of Commerce event, Department of Commerce Secretary Penny Pritzker proposed a “reverse Miranda protection” for firms that share the details of cyber breaches with government. Pritzker says that such a rule would prevent information disclosed…

NY State’s New Cyber Rules for Banks

Critics of New York’s proposed new cybersecurity regulations for the financial and insurance sectors say the new rules will merely add more paperwork for big firms, who already have to comply with federal regulations and industry standards. More at CNBC


Upcoming Events