Cyber Security Practitioner

Volume: 2 Issue: 8
(August 2016)


News

The City of London Police force (‘COLP’) are to begin a new scheme to tackle fraud, including cyber fraud, which will involve police handing fraud suspects’ details to external law firms, who will then pursue the recovery of the proceeds of the crime through the civil courts; the scheme was reported on The Guardian website on 14 August 2016. / read more

An overhaul of EU telecom rules, to be revealed by the EU Commission in September 2016, will require ‘over-the-top’ (‘OTT’) services like WhatsApp and Skype to adhere to ‘security and confidentiality provisions’ to bring them in line with existing regulations on SMS text messaging and traditional voice calls, according to leaked documents seen by the Financial Times. / read more

Pakistan’s National Assembly passed the Prevention of Electronic Crimes Act 2016 (‘PECA’) on 11 August 2016, responding to calls for a functional law on cyber crime. PECA adds new offences such as computer hacking and cyber terrorism to the criminal justice system. Despite its intentions, PECA has been widely criticised as vague and unclear. / read more

The Australian Minister for Justice announced on 9 August 2016 that a cyber team to target terrorist financing and financial crime has been established by AUSTRAC - Australia’s primary financial intelligence agency. This follows the commencement of the Australian Government’s Cyber Security Strategy, announced on 21 April 2016, and responds to certain recommendations from the Australian Government’s AML/CTF review in the same month. / read more

The US Government released on 26 July 2016 a Directive on Cyber Incident Coordination for emergency responses to cyber attacks (‘PPD-41’), a presidential policy directive which inter alia will assist in coordinating the US Government’s response to cyber incidents and provide guidance for organisations within the private sector that have experienced a cyber attack as to how they can obtain federal assistance. / read more

A new report on cyber security trends in the Asia Pacific (‘APAC’) region was published on 24 August 2016 by FireEye owned cyber security firm, Mandiant, which indicates that cyber security in the APAC region is lacking. The report reveals five cyber security trends, which include that the majority of breaches in APAC never become public; organisations are often unprepared to identify and respond to breaches; and organisations across APAC allow attackers to dwell in their environment for a median period of 520 days before discovering them. / read more

The US Federal Trade Commission (‘FTC’) has provided advice to businesses on whether complying with the National Institute of Standards and Technology’s (‘NIST’) Cybersecurity Framework means that companies are also complying with the applicable FTC data security requirements in a blog post on 31 August 2016. / read more

Philipp Amann, Head of Strategy at Europol’s European Cybercrime Centre (‘EC3’), said in an interview with The Register on 7 September 2016 that a post-Brexit UK will be “cut off from the full intelligence picture,” noting that the UK would not have the same visibility as a full EU Member State as the UK will lack access to certain systems and will lose its role within certain priority-setting governance groups. / read more

Ciaran Martin, Chief Executive of the UK’s new National Cyber Security Centre (‘NCSC’), confirmed at a Washington conference on 13 September 2016 that British intelligence agency GCHQ is considering the up-scaling of its DNS filtering to include private internet service providers (‘ISPs’), with the intention of protecting those companies and their customers from malicious attacks, for example from malware attacks; the plan has been referred to in the media as the ‘GCHQ firewall.’ / read more


Features

If some of the most hackneyed phrases in the cyber security world are about ‘the Board buying in,’ perhaps some of the most urgent pieces of work on the cyber security to do list are about teaching Board members how to be savvy about their personal cyber risks and the risks they personally present to their organisations. / read more

The US Court of Appeals for the Second Circuit decided on 14 July 2016, In re a Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corporation, that emails stored on Microsoft’s overseas servers were not subject to the warrant provisions of the US Stored Communications Act (‘SCA’). While the decision has been hailed in many quarters as a victory for Microsoft, an interesting facet of the judgment is the concurring opinion of Appellate Judge Lynch and what this suggests about the future of the SCA; Judge Lynch opined that while the SCA clearly precluded extraterritorial application, in the context of data sitting on overseas servers that could easily be accessed in the US, perhaps this should no longer be the case. Peter S. Vogel and Eric S. Levy of Gardere LLP discuss the Microsoft decision and the possible impact of the case. / read more

Two recent Ninth Circuit Court of Appeals decisions arguably expand the application of the US Computer Fraud and Abuse Act (‘CFAA’) - a piece of legislation primarily used to combat hackers - while potentially increasing cyber security. Edward McNicholas and Clayton Northouse of Sidley Austin LLP discuss the implications of both decisions. / read more

Jennifer Agate and Alicia Mendonca of Farrer & Co LLP take a look at the scale of the ransomware threat, governmental advice on responding to ransomware and how ransomware attacks might be prevented by organisations. / read more

On 19 July 2016, Advocate General Henrik Saugmandsgaard Øe issued a non-binding opinion (‘Opinion’) that a national obligation on communications providers to retain data relating to electronic communications may be compatible with EU law, subject to certain strict safeguards. In particular, the legislation must be accessible and the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data. However, it can only be lawful if it is necessary to fight serious crime, and it must be proportionate. Rohan Massey, Partner at Ropes & Gray LLP, discusses the Advocate General’s Opinion and the background to the case. / read more

As seen in jurisdictions such as the US, it has become a recent trend for law enforcement agencies (‘LEAs’) to apply to the courts for an order to compel a communication device or software manufacturer to create solutions for the decryption of encrypted communications. In Hong Kong (‘HK’), the interception of communications is governed by the Interception of Communications and Surveillance Ordinance (‘ICSO’) but there is no specific legislation in HK on the compulsory decryption of encrypted data or information. Dominic Wai, Partner at ONC Lawyers, considers the legal position for LEAs in HK availing of the courts in order to acquire decrypted communications. / read more


About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives



Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed