Category: Cybersecurity

NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18

Share

On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems.  At a high level, the draft report is intended to:

  • provide a functional description for IoT (Section 4);
  • describe several IoT applications that are representative examples of IoT (Section 5);
  • summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
  • describe IoT cybersecurity objectives, risks, and threats (Section 7);
  • provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
  • map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).

Continue reading “NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18”

Information Injury Workshop Covers Non-Financial Harms Faced By Consumers

Share

The Federal Trade Commission held its Information Injury Workshop in December in Washington D.C. The goal of the workshop was to explore how to characterize and measure information injuries to consumers.

Information injury is the harm that a victim suffers as a result of privacy or data security breach. Financial, health and safety injury are the most common types of alleged injuries that the FTC has seen in privacy and data security in the past few years. Yet, injury that does not cause financial harm can be challenging to quantify.

Continue reading “Information Injury Workshop Covers Non-Financial Harms Faced By Consumers”

China Releases New Personal Information Privacy Standards

Share

On January 25, 2018, China released the final version of the Personal Information Security Specification, new voluntary standards on the protection of personal information.  The standards anticipate and address the “issues faced in personal information security during the rapid development of IT technology; with the protection of personal information as their core” and is meant to “regulate all phases of big data operations and related conduct, such as the collection, storage, processing, use and disclosure of personal information.”  The standards will go into effect on May 1, 2018.

The standards will apply to organizations using information systems to process personal information; specific departments that involve network security, third party assessment organizations; and other organizations that deal with the oversight, management, and assessment of personal information security.  Generally, they lay out the following 8 basic principles of personal information security.

Continue reading “China Releases New Personal Information Privacy Standards”

Data Security Concerns Continue in 2018 – Survey Provides New Insight

Share

A vast majority of companies report feeling vulnerable to data breaches and security threats, according to a recent report published by a data security provider and information technology advisory company. It is predicted that companies are planning on spending more than ever before to protect themselves in 2018.

The report, published by Thales eSecurity and 451 Research, summarizes the surveyed responses of more than 1,200 senior security executives employed in the U.S., U.K., Germany, Japan, Sweden, the Netherlands, Korea, and India. Of these respondents, more than one-third had major influence on security-decision making, and nearly half had sole-decision making authority.

Continue reading “Data Security Concerns Continue in 2018 – Survey Provides New Insight”

Building the Blocks of Knowledge – NIST Releases Draft Blockchain Technology Overview

Share

On January 25, 2018, the National Institute of Standards and Technology (NIST) division of the U.S. Department of Commerce released a draft report of Blockchain technology (Overview). Recognizing the growing public awareness of the most well-known application of Blockchain technology – Bitcoin, the Overview draft report provides a high-level discussion of the technical components of Blockchain technology, addressing how data is encrypted, and how the data is verified and then distributed among the participating Blockchain parties. NIST is seeking comments on the scope and completeness of the draft Overview, which are due by February 23, 2018.

The Overview begins with a fairly detailed, yet accessible, overview of the architecture of Blockchain technology, covering both how data that is to be recorded and encrypted in the blocks, and how the individual blocks are then incorporated into the corresponding Blockchain. Discussions of hashing, nonces, forking and Merkle Trees are included, along with helpful charts for those with a preference for visuals.

Continue reading “Building the Blocks of Knowledge – NIST Releases Draft Blockchain Technology Overview”

Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges

Share

The Secretaries of the Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), in early January 2018 issued a draft report to further public discussion about enhancing the resilience of the Internet and communications ecosystem against botnets and other automated distributed threats. This report continues work initiated under Presidential Executive Order 13800, “Strengthening the Cyber Security of Federal Networks and Critical Infrastructure.”  The report seeks additional public comment on known and evolving risks within and to the ecosystem and aims to forge consensus on what approaches warrant consideration for the government either to adopt or to encourage.  Commenters are asked to evaluate a range of proposed goals and actions to achieve a more resilient ecosystem as well as to address the roles various stakeholders play in achieving and maintaining resiliency of the ecosystem nationally and globally. Comments are due on the draft report by February 12, 2018 and the final report is due the president by May 11, 2018.

Six principal themes emerged from the government’s analysis of prior comments on identifying and mitigating botnet and other cyber threats, namely that:

  • Automated distributed attacks are a global problem;
  • While effective tools exist, they are not widely used
  • Products should be secured during all stages of their life cycle.;
  • Improved education and awareness are necessary;
  • Current market incentives are misaligned; and
  • Automated distributed attacks are an ecosystem-wide challenge.

Continue reading “Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy