On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts: The first is to amend the Telecommunications Act to promote the security of the Canadian telecommunications system; The second is to enact the Critical Cyber … Continue reading
On May 11th, 2017, the White House released an executive order on strengthening the cybersecurity of federal networks and critical infrastructure (the “Order”). The Order marks the administration’s first successful effort to address cybersecurity, after an earlier draft executive order on cybersecurity was postponed in January. The Order is divided into three substantive sections covering … Continue reading
On July 26, 2016, the White House issued the United States Cyber Incident Coordination Directive (Presidential Policy Directive PPD-41, including an Annex). The Directive sets forth the principles governing the Federal Government’s response to cyber incidents, including incidents affecting private entities that are part of U.S. critical infrastructure. The Directive is designed to improve coordination … Continue reading
On April 1, 2015, President Obama issued Executive Order 13694, creating a new sanctions program that targets the growing and evolving threat posed by cyber-attacks. The Order authorizes sanctions against those who seek to use cyber-attacks to harm critical infrastructure, target network availability, and steal sensitive information, such as trade secrets and personal financial information. … Continue reading
On January 22, 2015, the Netherlands proposed legislation introducing breach notification requirements for critical infrastructure industries, including utilities (electricity, gas and drinking water), telecom, financial services, government (surface-water management bodies) and transport (main ports Rotterdam and Schiphol airport). The proposed law would require notification in the event of a breach of security or loss of … Continue reading
The ISSA Journal recently included an article, Sharing Cyber Threat Information: A Legal Perspective, authored by Utsav Mathur and I (David Navetta) concerning potential legal risks associated with intra-industry sharing of cyber-threat information. The article summarizes recent efforts by the US government to encourage more information sharing concerning cyber threats and data-security incidents within industries. Recent Department of Justice and Federal Trade Commission … Continue reading