A recent report by researchers at the Helmholz Center for Information Security (CISPA), Singapore University of Technology and Design, and the University of Oxford has revealed that Bluetooth technology is vulnerable to a new type of hacking which allows for an attacker to carry out data theft on a Bluetooth-enabled device without the user’s knowledge or permission so long as the cyber-criminal is within Bluetooth range of the targeted device.
NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment
In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.
Continue reading “NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment”
Data Privacy Exposure Hits the Public Sector: Lessons from the OPM Data Breach Class Action, Whistleblower Actions, and the GAO Cybersecurity Report
Data privacy litigation and enforcement actions continue to roil the private sector, most recently with the FTC’s announcement of a $425 million settlement with Equifax in the wake of the Equifax data breach. Less discussed is the fact that data privacy and security remains a real threat in the public sector. As we recently reported, the 2019 Verizon Data Breach Investigations Report found that 16% of confirmed data breaches were in the public sector. Three recent developments highlight the breadth and scope of the threat, reflecting that federal agencies and government contractors remain vulnerable to cyberattacks and may be subject to liability for cybersecurity failures.
An Update on Federal Policy Regarding Chief Data Officers and Data Governance: New OMB Memo
The Office of Management and Budget (OMB) has issued a recent memorandum that moves the federal government forward in embracing the importance of the “governance” of data.
Recent FinCEN Advisory Details Dramatic Increase in Frequency and Severity of Business Email Compromise Fraud Schemes
On July 16, 2019, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issued an “Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes” (the “Advisory”). The Advisory provides a detailed and helpful overview of trends in Business Email Compromise (“BEC”) schemes affecting U.S. financial institutions and other businesses.
Second Circuit Holds That Blocking Users’ Access To Presidential Twitter Account Violates First Amendment
On July 9, 2019, the U.S. Court of Appeals for the Second Circuit held that the First Amendment prohibits the government from blocking social media users from accessing the Twitter account @realDonaldTrump. See Knight First Amendment Institute at Columbia University v. Trump, — F.3d –, 2019 WL 2932440 (2d Cir. July 9, 2019).
The Court noted that President Trump “concedes that he blocked the Individual Plaintiffs because they posted tweets that criticized him or his policies,” and “that such criticism is protected speech.” However, the government contended that when the President took that action “he was exercising control over a private, personal account,” the character of which had not changed since it had been opened as a social media platform in 2009 to share opinions on popular culture, world affairs, and politics. The government further argued that the Twitter account is not a public forum or, in the alternative, if the Court were to find that the account was a public forum, that blocking the individual plaintiffs “did not prevent them from accessing the forum.”