Over the last several years, the Federal Communications Commission (FCC) has been taking a more active role both in anticipating the need for ever greater communications network security measures necessary to counter threats as well as potentially forging a new role in protecting the integrity of data that flows through the Internet. The latest evidence of this security consciousness is a recent Notice of Inquiry (“Notice”) adopted by the FCC seeking information to better understand the scope of Border Gateway Protocol (BGP) routing system security vulnerabilities, and the means to address them.
Author: Discerning Data Editorial Board
Faegre Drinker on Law and Technology Podcast: A Deeper Dive Into Cybersecurity Frameworks
Last year, we provided a brief primer on prominent cybersecurity frameworks. In this episode of the Faegre Drinker on Law and Technology Podcast, Jason G. Weiss chats with guests Jim Watkins, former deputy laboratory director in the FBI’s Orange County Crime Lab and current certified technical assessor for the ANSI National Accreditation Board, and Nate Shiflett, the director of posture and compliance for Sylint, an internationally recognized cybersecurity and forensics firm, to take a deeper look into the leading cybersecurity frameworks.
Ransomware Attacks in 2022 – Things are NOT Getting Better: A Call to Arms
The success of ransomware attacks in 2021 has only emboldened cyber threat actors around the globe to continue these nefarious attacks on innocent victims. Ransomware attacks are only going to be growing in 2022. This conclusion comes from a recent international partner advisory (Advisory) jointly issued by The Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA.
Continue reading “Ransomware Attacks in 2022 – Things are NOT Getting Better: A Call to Arms”
Department of Commerce Seeks Public Comment on a Range of Broadband Infrastructure Issues Arising from the 2021 Infrastructure Investment and Jobs Act
On the eve of the U.S. Senate’s confirmation of Alan Davidson as the new Administrator of the National Telecommunications and Information Administration (NTIA), NTIA published a request for public comments on January 10, 2022, on a range of broadband infrastructure issues, paving the way for Davidson’s reported top priority in his term. The request is the first of a series, which together are to establish three new NTIA programs under the appropriations from the November 2021 Infrastructure Investment and Jobs Act: the Broadband Equity, Access, and Deployment (BEAD) Program, the “Middle Mile Infrastructure” Program, and the Digital Equity Inclusion Program.
Feds Hope to Tighten Timeline for Agency Reporting of Cyberattacks as Congress Debates Federal Data Breach Notification Law
On December 6, 2021, in the Memorandum for the Heads of Executive Departments and Agencies, the Office of Management and Budget took a more aggressive position on strengthening the nation’s cybersecurity posture. Under this memorandum, federal agencies are now mandated to report “major” cyberattacks within one hour of discovery to the Cybersecurity and Infrastructure Security Agency (CISA) and to the Office of Management and Budget (OMB). It also directed that affected agencies update reports within one hour of determining that an already-reported incident is determined to be “major.”
FTC Staff Report on ISP Privacy Practices Paves the Way for an FTC Privacy Rulemaking in the New Year
Following up on a mandatory 2019 request for information issued by the Federal Trade Commission (FTC) to the largest Internet Service Providers (ISPs) in the United States, the FTC staff in late October issued a Report titled – A Look at What ISPs Know About You: Examining the Privacy Practices of Six Major Internet Service Providers. Among the agency staff’s general findings on ISP data collection and use practices, the most striking perhaps is the apparent degree of integration among ISPs and advertisers with respect to their data collection and use practices. The report also highlights the tools ISPs offer to customers to either manage or control many types of ISP data collection and use.
The information presented in the Report is aggregated and de-identified and has been supplemented with information gathered from follow-up FTC staff questions and meetings with the ISPs that were the subjects of the FTC information request. The Report’s summary of information on real-world ISP data practices could prove useful as Congress wrestles with the potential for federal privacy legislation and states review the need for legislation.