The year 2021 continues to reveal an alarming rise in ransomware attacks. Two of the most notable of such attacks include the ransomware attack on CNA Financial Corp., with resulting payment of $40 million in ransom, and the attack on Colonial Pipeline Co., with a ransom payment of $4.4 million.
With these two recent ransomware attacks—and subsequent payments—receiving massive publicity, congressional law makers have begun to question whether ransom payments should be permitted or remain legal, or if federal law makers should step in to prohibit such ransom payments as a means to curtail these forms of attacks. Although no bill taking that approach has been introduced yet, recent discussions of such a law have given rise to debate on the issue.
Continue reading “Federal Legislation Considers Banning Ransom Payments to Hackers”
The European Commission recently adopted a new set of Standard Contractual Clauses (SCCs) for organizations to use in compliance with the EU General Data Protection Regulation requirements for transfers of personal data from the European Economic Area. The previous SCCs were outdated and did not cover many common data processing scenarios. Organizations will have an 18-month transition period to adopt the new SCCs, but many parties will need this time to re-examine their dataflows and review their internal compliance procedures to meet the exacting new standards.
Continue reading “New Tools for International Data Transfers: European Commission Adopts New Standard Contractual Clauses”
Earlier this year — and five years after the Brexit referendum — the U.K. officially left the EU, giving rise to a new era of international commerce. As businesses work to adapt to this new paradigm, one question should not be overlooked: how does Brexit impact the international movement of data? In the first international episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with Faegre Drinker’s Huw Beverley-Smith and Jonathon Gunn about the data protection and privacy implications of life after Brexit.
Continue reading “Faegre Drinker on Law and Technology Podcast: What Brexit Means for Law, Technology and Your Data”
The National Institute of Standards and Technology, commonly referred to as NIST, recently published a new computer framework for users to consider as a cyber-framework security model — the Zero Trust Architecture Model (ZTA). This new model was officially published in NIST SP 800-207 in late 2020.
Continue reading ““Zero Trust Architecture” Is Officially Here: NIST Publishes New Cybersecurity Framework”
The Homeland and Cyber Threat Act (HACT) was introduced in the U.S. House on March 12, 2021. This bill would allow U.S. citizens to sue foreign governments, agents and officials and to collect monetary damages for personal injury, damage or loss of property resulting from a cyberattack with foreign origins.
This bipartisan bill was introduced because cybersecurity activity and cyber incidents continue to rise, leading to increasing concerns of data security. Rep. Bergman, R-MI, a key sponsor of both this bill and a similar bill introduced in 2019, describes HACT as a tool of accountability for foreign states. The other bill sponsors (Reps. Allred, D-TX; Fitzpatrick, R-PA; Herrera Beutler, R-WA; Neguse, D-CO; and Kim, D-NJ) echo this theme of accountability and point to HACT as a way for Americans to “fight back against foreign cyberattacks.”
Continue reading “New Bill Proposes that Americans Should Be Able to Sue Foreign Hackers”
Disruptionware attacks have become increasingly more common over the last few months. Just last month, I wrote about a dangerous disruptionware attack against a Florida Water Treatment Center that could have been a mass casualty event. For more information on these types of attacks, please refer to our posts on different types of disruptionware attacks and how disruptionware attacks work.
Continue reading “Disruptionware VI: Cyber-Attack against Colonial Pipeline Illustrates Continued Vulnerability of American Energy and Infrastructure Targets”