By Ilona Korzha   As is every year, eWhite House Watch had the opportunity to report on the annual International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington D.C. on April 19-20 this year.    The world’s biggest privacy conference was especially important this year as its more than 3,000 attendees pondered answers to such questions as what impact does the newly adopted European Union’s General Data Protection Regulation (GDPR) have on the U.S. companies that do business in Europe, how to deal with ever increasing cybersecurity risk, how to manage rising customer expectations and effectively handle government investigations of data breaches.

Today the Administration released the Fiscal Year 2016 FISMA Annual Report to Congress.  The Office of Management and Budget (OMB) publishes this report annually and in accordance with the Federal Information Security Modernization Act of 2014, Pub. L. No. 113-283, § 3553 (Dec. 18, 2014) (codified at 44 U.S.C. § 3553). OMB obtained information from the Department of Homeland Security (DHS) and Chief Information Officers and Inspectors General from across the Executive Branch to compile this report. This report primarily includes Fiscal Year 2016 data reported by agencies to OMB and DHS on or before November 13, 2016 in accordance with 44 U.S.C. § 3553.

President Trump's second Week of Action included meeting with cyber security experts during a “listening session” with cyber security experts to help fulfill his campaign promise of securing America against cyber threats. Later in the month, White House National Economic Council Director announced Senior Staff appointments including that of Grace Koh who will serve as Special Assistant to the President for Technology, Telecom, and Cyber-Security Policy. Koh previously served as Deputy Chief Counsel to the Subcommittee on Communications and Technology of the Energy and Commerce Committee in the U.S. House of Representatives. READ MORE

By Sarah Austin and George K. Sarris     NetDiligence held its annual Cyber Risk and Privacy Liability Forum on June 6-8th in Philadelphia.  The event primarily focused on providing practical advice for cybersecurity insurance brokers, attorneys and Chief Information Security Officers (CISOs). eWhite House Watch was invited to cover the forum as part of the NetDiligence Press Corps.   On June 6th, the event opened with a session called “Cyber Claims & Loss Updates” where leading experts in cybersecurity insurance discussed the types of claims being covered, examination costs, and claims notice and handling. The panel discussed how policyholders of cyber insurance can improve their methods of dealing with privacy and notice issues after a breach. The panel stated that within the risk pool, only twenty-percent to thirty percent of organizations at risk are covered.  This is largely due to the misconception that breaches are targeted. Chris Novak, the co-founder and Managing Principal of the Verizon Investigative Response Unit, emphasized that recent studies indicate that the “majority of the breaches are opportunistic and not targeted.” Further, the panel discussed how the security industry has not reached the level of maturity needed to combat cybersecurity risks.  For example, the industry struggles to “patch” IOT devices after they are breached.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) published the Cyber-Related Sanctions Regulations that became effective on December 30, 2015. The new regulations implement Executive Order 13694 and authorize the imposition of economic sanctions on those found to be responsible for, as well as those who significantly benefit from, malicious cyber attacks or cyber theft. The regulations do not identify specific individuals or entities who will be sanctioned, nor do they indicate any sort of immediate compliance obligations for U.S. companies. Some notable regulations include: Sanctions on identified entities who participate in cyber-enabled activities that are reasonably likely to have resulted in a significant threat to the national security, foreign policy, economic health or financial stability of the United States. Sanctions on identified entities who trade or engage in other transactions with people named on OFAC’s SDN List pursuant to E.O. 13694.     You can find more details about the Cyber-Related Sanctions Regulations here.

The Georgetown University Law Center held its annual Cybersecurity Law Institute on May 20 and 21, 2015.  The event, billed as the only cybersecurity conference geared primarily for attorneys, focused on providing both practical how-to advice for attorneys working on cybersecurity while also discussing the future of cybersecurity.  eWhite House Watch had the opportunity of attending the conference as part of the Institute’s Press Corps, and found the sessions and networking opportunities fascinating.   The highlight of the event came on its first day when both James B. Comey, the director of the FBI, and Leslie Caldwell, Assistant Attorney General in charge of the DOJ Criminal Division, spoke to the assembled conference goers.  Director Comey demonstrated a solid understanding of the cybersecurity threats facing the nation.  He repeatedly emphasized the importance of private companies' collaborating with the FBI to address the most pressing of cyber threats.  He noted that even though the FBI has not always had a stellar record in working with the private sector, it hastaken great steps to improve its relationship with private enterprise since the financial attacks of 2012.