Bill Toulas reports: The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors. When security research is conducted within the specified boundaries, those responsible will be excluded from criminal liability and the risk of prosecution. “Those who want…
Category: Legislation
Six senators tell Biden administration UN cybercrime treaty must be changed
Suzanne Smalley reports: The Biden administration must fix several provisions threatening human rights and cybersecurity in the United Nations cybercrime convention that is heading to the General Assembly for a vote, six Democratic senators said in a letter sent to administration officials Tuesday. The letter to Secretary of State Antony Blinken, Secretary of Commerce Gina Raimondo, Attorney…
CISA: Proposed Security Requirements for Restricted Transactions Pursuant to Exec. Order 14117
Following up on President Biden’s recent executive order and the Justice Department’s notice of proposed rulemaking, CISA has issued the following: PROPOSED SECURITY REQUIREMENTS FOR RESTRICTED TRANSACTIONS Pursuant to Exec. Order 14117, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern On February 28, 2024, President Biden signed…
Justice Department Issues Comprehensive Proposed Rule Addressing National Security Risks Posed to U.S. Sensitive Data
From the U.S. Department of Justice, October 21: Proposed Rule Would Establish New Program to Implement Executive Order to Prevent Access to Americans’ Sensitive Personal Data by Russia, Iran, China, and Other Countries of Concern Note: Read the Department’s fact sheet on this matter here. The Justice Department today issued a Notice of Proposed Rulemaking (NPRM) to implement…
NYDFS Superintendent Adrienne A. Harris Issues New Guidance to Address Cybersecurity Risks Arising from Artificial Intelligence
October 16, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today issued new guidance to assist regulated entities in addressing and combating cybersecurity risks arising from artificial intelligence. The guidance builds on the Department’s ongoing work to protect New Yorkers and DFS-licensed entities from cybersecurity risks through its nation-leading cybersecurity…
Do the Marriott cybersecurity settlements send the wrong message to CISOs, CFOs?
A report by Evan Schuman about recent Marriott settlements with the FTC and state attorneys general suggests that the settlements leave much to be desired. Both settlements have cybersecurity requirements, and the state settlement has a monetary component, but neither is strong enough as far as some experts are concerned. Here’s a snippet or two…