Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Cyber and National Security

Subscribe to Cyber and National Security RSS Feed

Wake-Up Call: Second Circuit Declares NSA’s Mass Telephone Surveillance Program Illegal

Posted in Cyber and National Security

Whatever your opinion of Edward Snowden, the shockwaves from his leaks of classified material continue to roil all three branches of the federal government.

The latest wave broke last week when the United States Court of Appeals for the Second Circuit held in ACLU v. Clapper that the National Security Agency’s mass telephone metadata collection progra… Continue Reading

Is Wi-Fi Security Keeping You Awake on the Road?

Posted in Cyber and National Security


Sometimes it’s hard to get a good night’s rest out on the road. Accessible Wi-Fi in hotels, airplanes, coffee shops, and other hospitality locations has quickly gone from a luxury to a  necessity for customers who need continuous access to the Internet. Yet serious security gaps in the majority of hospitality Wi-Fi networks are causing restless nig… Continue Reading

Are Regulatory Fears Impeding Industry Cyber Sharing?

Posted in Cyber and National Security, Policy and Regulatory Positioning

Business leaders confess that concerns of adverse regulatory actions are impacting industry willingness to share cyberthreat information with authorities

They say that no good deed goes unpunished. And when it comes to cyber sharing, industry leaders are concerned that their only “reward” for helping the government identify and respond to cyber… Continue Reading

General Counsel, Is Your Website Vulnerable?

Posted in Cyber and National Security, Technology, Workplace Privacy

A report just released by security startup, Menlo Security, found that one-third of the top one million websites have already been compromised with malware or are running outdated or unpatched software that is vulnerable.

The problem is two-fold:

1. Does your website contain vulnerabilities?
As the report notes, these website vulnerabilities are easi… Continue Reading

GAO Puts Cybersecurity and Privacy High Atop High Risk List

Posted in Cyber and National Security

Agency Assessment Comes as President Signs Executive Order Increasing Cyber Sharing with the Private Sector

Late last year, this post speculated whether 2015 would become “the Year of Cybersecurity.” Though 2015 is still young, it certainly feels like the prediction was accurate given the continued attention that cybersecurity is receiving from … Continue Reading

White House Big Data Working Group Claims “Significant Progress” On Executive Branch Privacy Initiatives, But Blames Congress and Big Data Stakeholders for Delaying Important Privacy Legislation and Voluntary Actions

Posted in Cyber and National Security, Policy and Regulatory Positioning

On February 5 the White House big data and privacy working group released an “Interim Progress Report” (hereinafter “the Interim Report”) summarizing its “progress in furthering the majority of the recommendations made” in its May’s 2014 report, “Big Data: Seizing Opportunities, Preserving Values” (hereinafter “the Big Data R… Continue Reading

Farewell, Federal Cybersecurity Incentives?

Posted in Cyber and National Security, Policy and Regulatory Positioning

Administration Takes Private Sector Incentives Off the Table, While Obama Calls for $14 Billion in FY 2016 Budget to Strengthen Government’s Cybersecurity Efforts

The White House’s Cybersecurity Coordinator Michael Daniel announced on Monday that the government will not offer incentives for private sector businesses to adopt… Continue Reading

World Economic Forum Releases Framework to Quantify Cyber Threats

Posted in Cyber and National Security

In conjunction with its annual meeting this week, the World Economic Forum released a report on its current efforts to develop a common framework to model and quantify the impact and risk of cyber threats.  The report highlights that “even well-guarded [organizations] face the threat of a cyberattack.”

The report embraces the value-at-risk mathem… Continue Reading

Cybersecurity: The Human Factor

Posted in Cyber and National Security

Financial institutions are under a constant and growing cyber assault from hacktivists that want to cause online mischief, criminals that want to steal consumer data and nation-states that are looking for a military, political or economic advantage. In this increasingly costly war, the focus is often on the latest hardware, software and analytics to fo… Continue Reading

Advisory Alert: A Corporate Counsel’s Guide to Cyber Insurance

Posted in Cyber and National Security, Data Protection

On an almost daily basis, you are reminded of why you should worry about the security of your company’s data and information systems. Whether it be from headlines in hard copy, broadcast, or online media, your senses have been slammed with one sensational story after another about increasingly massive data breaches. You may have even read about malware t… Continue Reading

Congress Funds Cybersecurity: Spending Bill Allocates over $1 Billion to Cybersecurity

Posted in Cyber and National Security, Policy and Regulatory Positioning

The final spending bill of the 113th Congress, which keeps the government doors open until September 30th of 2015, was passed by the House on December 11th, the Senate on the 13th, and signed by the President on December 16th. It is a $1.1 trillion omnibus spending bill that will direct well over $1 billion toward cybersecurity. Among other things, it will pro… Continue Reading

Congress Confirms NIST’s Role in Cybersecurity – and the Continuation of the Cybersecurity Framework

Posted in Cyber and National Security, Policy and Regulatory Positioning

The Cybersecurity Enhancement Act of 2014 (CEA) was passed by the House and the Senate on December 11th, and signed by the President on the 18th. The bill formalizes the role of the National Institute for Standards and Technology (NIST) in continuing to develop the voluntary Cybersecurity Framework. Through five “titles,” the bill includes provisio… Continue Reading

Congress Passes Cybersecurity Workforce Legislation

Posted in Cyber and National Security, Policy and Regulatory Positioning

The Border Patrol Agent Pay Reform Act of 2014 was passed by the Senate on September 18th, by the House on December 10th, and signed by the President on December 18th. It contains provisions from the Cybersecurity Workforce Recruitment and Retention Act of 2014, which allows the Secretary of the Department of Homeland Security (DHS) to establish cybersecu… Continue Reading

Congress Passes The Federal Information Security Modernization Act of 2014: Bringing Federal Agency Information Security into the New Millennium

Posted in Cyber and National Security, Policy and Regulatory Positioning

The Federal Information Security Modernization Act of 2014 (FISMA) was passed by the Senate on December 8th, by the House on December 10th, and by the President on December 18th. It is a comprehensive bill intended to bring federal agency information security practices into the new millennium – to better respond to evolving cybersecurity threats. FISM… Continue Reading

Congress Passes the National Cybersecurity Protection Act: Codifies National Cybersecurity Center & Creates Federal Agency Data Breach Notification Law

Posted in Cyber and National Security, Policy and Regulatory Positioning

The National Cybersecurity Protection Act of 2014 (NCPA) was passed by the House on December 8th, by the Senate on December 10th, and signed by the President on December 18th. Senate Committee on Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del.) issued the following statement regarding the NCPA: “Cybersecurity is one of the … Continue Reading

Cybersecurity Legislation Focuses on Federal Government Initiatives – Leaves Private Sector Reforms for 2015

Posted in Cyber and National Security, Policy and Regulatory Positioning

One of the few things the parties in Congress can agree upon these days is cybersecurity – at least when it comes to directing the federal government’s cyber activities.  In its final days, the 113th Congress reached agreement on several major pieces of legislation intended to improve the nation’s cybersecurity: the National Cybersecurity ProteContinue Reading

Federal Financial Institutions Examination Council Releases Cybersecurity Assessment Results: Boards of Directors and Senior Management Need to Engage

Posted in Cyber and National Security

The Federal Financial Institutions Examination Council (FFIEC) released general observations yesterday from a cybersecurity assessment of over 500 community financial institutions. The cybersecurity assessment evaluated the institutions’ preparedness to mitigate cyber risks. It ultimately found that due to the critical dependence of finan… Continue Reading

Federal Financial Institutions Examination Council Launches Cybersecurity Webpage and Begins Cybersecurity Assessments

Posted in Cyber and National Security, Data Protection, Financial Services, Marketing and Consumer Privacy

For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers.” Thomas J. Curry, Comptroller of the Currency

In comments before the Risk Management Association’s Governance, Compliance, and Operation… Continue Reading

“…Because That’s Where the Money Is.” OCC Head Highlights Oversight of Cybersecurity for Financial Industry—Will All Vendors Cooperate?

Posted in Cyber and National Security

Why are banks often tempting targets for criminals and terrorists alike? Thomas Curry, the head of the Office of the Comptroller of the Currency (OCC), recently reminded us: “…because that’s where the money is.” But what most worries the Comptroller is not a modern-day Bonnie & Clyde or John Dillinger attacking banks from without, but rather … Continue Reading

Managing Risk in an Inhospitable Environment: The Restaurant and Hospitality Industries are an Alluring Destination for Cyber Thieves

Posted in Cyber and National Security, Data Protection, Retail/Hospitality

The recent onslaught of cybersecurity incidents and payment card thefts dominate daily headlines and have captured the nation’s attention—from the diner whose credit card was compromised during a data breach to the President of the United States who recently advocated passage of national data breach legislation: everyone has a stake in this issue… Continue Reading

Government Officials Continue to Reference NIST Framework

Posted in Communications/Media, Cyber and National Security, Data Protection

On Thursday, June 12, 2014, while delivering remarks on cybersecurity at the American Enterprise Institute in Washington, D.C., Federal Communications Commission Chairman Tom Wheeler challenged businesses to be more proactive in addressing increasingly prevalent threats to their cybersecurity, urging them to embrace a “new paradigm” in whic… Continue Reading

SEC Commissioner Calls on Corporate Boards to Address Cybersecurity—Refers to NIST Cyber Framework as “the Bible”

Posted in Communications/Media, Cyber and National Security, Data Protection

While attending the “Cyber Risks and the Boardroom” Conference at the New York Stock Exchange on Tuesday, June 10, 2014, U.S. Securities and Exchange Commissioner Luis Aguilar called on corporate boards to make sure they are taking the necessary steps to address and oversee their companies’ cybersecurity risks. In a prepared statement, … Continue Reading

United States Charges China with Cyber-Espionage in Unprecedented Indictment

Posted in Cyber and National Security, Global
This morning, the U.S. Department of Justice (DOJ) announced that a grand jury in the Western District of Pennsylvania has indicted five Chinese military officials on charges of computer hacking, economic espionage, and related offenses. The indictment marks the first time that the DOJ has filed charges against a state actor for cyber-theft and cyber-e… Continue Reading