Category: Cybersecurity

U.S. Government Restricts the Use of Kaspersky Cybersecurity Software

Share

Earlier this month, the Department of Homeland Security (DHS) issued a binding order restricting the government’s use of cybersecurity software developed by Moscow-based Kaspersky Labs.

Government departments and agencies have 90 days to remove or discontinue use of any Kaspersky Labs software products—but the buck doesn’t stop there. Kaspersky boasts more than 400 million users and 270,000 corporate clients, meaning organizations that provide any services involving federal information systems would be wise to investigate whether they, either directly or indirectly, use Kaspersky products and services. Continue reading “U.S. Government Restricts the Use of Kaspersky Cybersecurity Software”

Equifax Breach: Good Data Security Practices Matter

Share

The Equifax breach affecting as many as 143 million U.S. consumers highlights the segmented legal landscape surrounding data security as well as the challenges of regulating it.  News reports indicate that federal agencies, including the FTC, and a number of  state Attorneys General either are or have been called to investigate Equifax and a number of class actions have already been filed.

Some commentators have suggested that the Equifax breach requires a regulatory response, but it is not clear that regulation would have prevented the breach.

Continue reading “Equifax Breach: Good Data Security Practices Matter”

Pending IoT Legislation Would Impose Significant Obligations on Manufacturers

Share

With the House and Senate returning to Washington in September, two recently-introduced Senate bills seek to address perceived vulnerabilities in the security of Internet of Things (IoT) devices sold to the federal government and medical devices which regularly connect to the Internet.

Among the key takeaways in the legislation:

  • Legislation covers both products sold to the federal government and medical devices;
  • Legislation addresses “life of device” obligations of IoT device manufacturers;
  • Disclosure and Certification Requirements could create additional liability for manufacturers of Internet of Things devices.

Continue reading “Pending IoT Legislation Would Impose Significant Obligations on Manufacturers”

White House Issues ATC Report and Seeks Comments on IT Implementation Plan

Share

On August 30, the Trump administration unveiled an ambitious plan to upgrade the federal government’s cyberdefenses by shifting digital functions to the cloud and prioritizing security upgrades for the government’s most important systems.  In this plan, which in many ways continues the cyberefforts of the Obama administration, the White House’s American Technology Council (ATC) justified this large-scale approach due to what it characterized as the federal government’s longstanding less-than-adequate cyberefforts in the face of years of mounting digital threats.

The plan, grounded in the President’s May 2017 Executive Order (EO) 13,800,   tasked  the Director of the ATC to coordinate the preparation of a report to the President from the Secretary of the Department of Homeland Security (DHS), the Director of the Office of Management and Budget (OMB), and the Administrator of the General Services Administration (GSA), in consultation with the Secretary of Commerce (Commerce), regarding the modernization of Federal Information Technology (IT).  In accordance with EO 13,800, a draft IT Modernization report was submitted to the President last week.

Continue reading “White House Issues ATC Report and Seeks Comments on IT Implementation Plan”

Cybersecurity and Adware: The FTC’s Settlement with Lenovo

Share

The FTC and 32 state attorneys general announced a settlement with Lenovo Inc., one of the largest computer manufacturers, resolving allegations that Lenovo harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.

The FTC’s complaint alleged that in August 2014 Lenovo began selling consumer laptops that came with preinstalled ad-injecting software known as VisualDiscovery, which was developed by Superfish, Inc.  This adware delivered pop-up ads of similar-looking products sold by Superfish’s retail partners whenever a consumer’s cursor hovered over the image of a product on a shopping website. To facilitate its injection of pop-up ads into encrypted https:// websites, Visual Discovery installed a self-signed root certificate in the laptop’s operating system, which caused consumers’ browsers to automatically trust the VisualDiscovery-signed certificates.  Digital certificates are part of the Transport Layer Security protocol that, when properly validated, serve as proof that consumers are communicating with the authentic https:// website and not an imposter.

Continue reading “Cybersecurity and Adware: The FTC’s Settlement with Lenovo”

Death, Taxes and Cybersecurity

Share

If Ben Franklin were alive today, he would add cybersecurity to his famous quote “…in this world nothing can be said to be certain, except death and taxes.”  Cybersecurity is top of mind in every organization in part because of the recent massive ransomware attacks, new federal and state regulations (including the New York Division of Financial Services’ Cybersecurity Regulation) and the upcoming effective date of the European Union’s General Data Protection Regulation (GDPR).  There is no one-size-fits-all solution for organizations that want to shore up their cybersecurity vulnerabilities, but there are a lot of useful reports and advice from federal government agencies.

Continue reading “Death, Taxes and Cybersecurity”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy