Cyber Security Practitioner

Volume: 3 Issue: 11
(November 2017)


The UK’s Information Commissioner Elizabeth Denham published on 10 October 2017 her views on the rules on incident reporting proposed within the European Commission’s (‘EC’) draft Implementing Regulation pursuant to Article 16(8) of the Network and Information Systems (‘NIS’) Directive (the ‘Implementation Regulation’), the consultation period for which ended on 11 October 2017. The Implementing Regulation aims to provide ‘further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact.’ Denham, who leads the Information Commissioner’s Office (‘ICO’), which is the UK’s proposed competent authority for the regulation of digital service providers (‘DSPs’) under the NIS Directive, commented that “setting overly rigid parameters […] may be undesirable and may lead to a failure to report incidents which nevertheless have a substantial impact on the users of the service.” / read more


By the time this issue of Cyber Security Practitioner is published there will only be six months left before the GDPR comes into force, placing controllers and processors of personal data in peril of the mandatory breach disclosure rules. These rules require controllers to report certain kinds of personal data breaches to the data protection regulators and sometimes to the people affected (processors will be expected to notify controllers of incidents). In earlier editorials I have predicted that personal data breach disclosure will usher in a new era of litigation and compensation claims, as well as regulatory investigations and enforcement actions. / read more

Estonia’s digital mindset influences its approach to cyber security, an area that takes on even greater importance in a country where in recent local elections 31.7% of votes were cast online. Liina Areng, Director of International Relations at the Estonian Information System Authority, explains in this article Estonia’s approach to cyber security, which includes extensive efforts to educate the Estonian public about cyber awareness, and a view of the digital domain as an ecosystem. / read more

As the implementation date for the General Data Protection Regulation (‘GDPR’) looms ever closer, the Article 29 Working Party (‘WP29’) on 3 October 2017 published a guidance document entitled ‘Guidelines on Personal data breach notification under Regulation 2016/679’ (the ‘Guidance’) in order to provide clarity on the boundaries and expectations of handling data breach notification under the GDPR. Richard Jeens and Mohan Rao, of Slaughter and May, analyse the WP29’s new Guidance. / read more

The discovery of a significant security flaw - revealed publicly on 16 October 2017 - in the security certification protocol Wi-Fi Protected Access II (‘WPA2’), a protocol used by a large majority of Wi-Fi transmissions, is a timely reminder that security cannot be taken for granted. Liz Fitzsimons and David Cook, of Eversheds Sutherland, assess the risks to WPA2 networks from the discovered vulnerability, and the legal and technical issues that could arise from the vulnerability being exploited. / read more

The European Commission has recently published its 11th Security Union Report (the ‘Report’), which includes a set of operational and practical anti-terrorism measures (COM (2917) 608 of 18 October 2017). The package presented aims at tackling terrorism and security threats to citizens in the EU, in particular those threats utilising cyber technologies and networks, as well as building resilience against those threats. With this initiative, the Commission is responding to the increased vulnerabilities in the EU and is striving to implement the measures over the next 16 months. The proposed measures are manifold and directed towards cutting terrorist financing, countering online radicalisation, boosting cyber security, enabling decryption where required to break into terrorist networks, and strengthening cross-border cooperation and information exchange between the relevant authorities, as well as removing obstacles for obtaining financial transaction data. In this article, Dr Alexander Duisberg, Partner at Bird & Bird, discusses the Commission’s Report and the possible implications in the field of cyber security. / read more

As connected and autonomous vehicles (‘CAVs’) continue to develop, the UK Government has sought to advise developers by publishing on 6 August 2017 ‘The key principles of vehicle cyber security for connected and autonomous vehicles’ (the ‘Principles’). Chris Jackson, Partner and Head of Transport, and Lucy Pegler, Senior Associate in the transport sector team at Burges Salmon, analyse the Principles and the cyber security concerns CAV developers will need to consider moving forward. / read more

The US Federal Trade Commission’s (‘FTC’) lawsuit against D-Link Systems (‘D-Link’) had certain claims dismissed by the United States District Court for the Northern District of California (‘Court’) for failing to claim actual consumer injury arose from D-Link’s behaviour. Ted Claypoole and Taylor Ey of Womble Bond Dickinson (US) LLP analyse the Court’s order in this case, which was a response to D-Link’s Motion to Dismiss, noting that this decision by the Court mirrors the changes in FTC policy under the current US administration. / read more

About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed