Uncategorized

Obama’s Cybersecurity Initiative: Substance? Or Hot Air?

Success of the President's proposed cyber legislation hinges on the willingness of corporations to share their data with the government.  But why would a company want to share data with the government? While the Sony hack was shocking to most, it’s unlikely that corporations will be willing to trust the government with their customers most sensitive data. For one, businesses owe a duty to their customers to maintain their data in accordance with their agreements with and expectations of their customers.  Also, despite billions of dollars in funding, the federal bureaucracy has failed to meet its own federal cybersecurity standards. Using data from General Accounting Office, George Mason University researchers found that in 2006, there were more than 5,503 cyber-breaches on federal IT systems, in 2013 - 61,213 cyber-breaches. Since 2002, the federal government has had its own legislation similar to the one proposed by the President last week, and despite $78.8 billion in funding, the number of IT security breaches has increased more than 10 times since 2006. Critics argue criminalizing cybercrime will not prevent what Americans fear - industrial espionage and oversea hackers. Summary of President’s proposal: 1.      Cyber information sharing between private sector and government, with liability protection for companies 2.      Expanding RICO to include cyber-crime 3.      Criminalizing the sale of botnets and the sale of banking information overseas 4.      Greater restrictions on selling spyware 5.      Gives Courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity 6.      Making rogue insiders punishable by the CFAA (Computer Fraud and Abuse Act) 7.      Uniform national data breach notification - 30 days within attack 8.      Establish a consumer policy bill of rights Additionally, critics argue that the law could hinder U.S. internet users who have no intention of committing cybercrimes but who may be out of compliance with a U.S. judgment in an effort to debilitate cybercrime. What is lacking from this bill is a mechanism that actively seeks out global cyber threats; and while the new legislation may reign in domestic cybercriminals - it does nothing to relieve our increasing threat - rapidly emerging economies with no form of legal redress for victims of cybercrimes. Despite bills that promise to reign in cybercriminals, it remains incumbent on companies to strengthen their own defenses.

SOTU Watch: Obama Cybersecurity Boost

SOTU Watch: Obama Cybersecurity Boost   With great expectation that Cyber Policy will be a significant focus of the upcoming State of the Union address (SOTU) – more than any other of this administration’s past SOTUs – we feature our SOTU Watch series leading up to, during, and after January 20th’s main event.   Earlier this week, President Barack Obama vowed to introduce three new pieces of legislation aimed at providing online protections for consumers and students. Obama labeled the new legislation the “consumer privacy bill of rights” and promised that his proposals aim to protect consumer privacy and “ensure that private industry can keep innovating.”   President Obama is launching this program at a time when consumers and industry leaders are still coming to terms with the devastating hack of Sony Entertainment this past December, among other high-profile breaches. Ironically, on Monday the Administration witnessed another embarrassing example of the potential power of hackers when people claiming to be supporters of ISIS took control of the Pentagon’s social media accounts scoring a propaganda move for the group.   President Obama outlined three new pieces of legislation:   A consumer privacy bill of rights, a set of rules about how technology companies can use and store sensitive information about their consumers.   A set of standards as for when a company must reveal that it has been breached and when a credit card or bank is breached - at present states have their own rules.   A bill that would place limits on data that is collected on students using technology in the classroom.   In theory these are uncontroversial ideas, but the politics of cybersecurity in the United States is not so clear cut. Especially since the Edward Snowden incident pitted privacy activist against the government security establishment. Additionally, it unclear whether Republicans share the same definition of “cybersecurity” as the President. While google and yahoo lobby budgets continue to grow, it will be interesting to see just what shape a “cybersecurity” definition will take. Nevertheless, President Obama says that he hopes that Congress will join him in making his proposed laws the law of the land.

A New Kind of Attack

Five Chinese military hackers who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army were indicted by a grand jury in the Western District of Pennsylvania on charges of computer hacking, economic espionage, and other offenses directed at six American victim entities. This case marks the first time

Read More

Malware Crackdown

Over the past two months, the FBI has cracked down on multiple fraud scams and Internet malware programs.   In late April 2014, the FBI brought to our attention that retailers in nine states across the country had been affected by a group of Nigerian criminals

Read More

What Is a Jerk, Exactly? More Important, Why Does the FTC Care and What Does the Internet of Things Have to Do With All of This Attention?

Fernando M. Pinguelo and Sarah Austin   For starters, merriam-webster.com defines “jerk” as "a stupid person or [one] not well-liked or who treats other[s] . . . badly."

Read More

April 1, 2014: Internet Scam Day – no joke . . .

By Fernando M. Pinguelo and Sarah Austin   April Fool’s Day is meant to be one of the most light hearted days of the year, but pranks and jokes turn sinister when hackers and scammers online trick innocent people into sharing their private information. This year, fraudsters use tricks both old and new to collect private information, steal money, and infect systems with malware.

Read More