Cyber Security Practitioner

Volume: 3 Issue: 5
(May 2017)


News

On 11 May 2017 US President Donald Trump signed the ‘Executive Order on Strengthening the Cybersecurity of Federal Network and Critical Infrastructure’ (‘Order’), imposing stricter cyber security regulation on US federal agencies and executive departments. The Order, which took immediate effect, calls for all agencies and executive departments to implement the NIST’s Framework for Improving Critical Infrastructure Cybersecurity, which was first introduced on a voluntary basis by the Obama administration in 2014. The Order states that ‘Agency heads will be held accountable by the President for implementing risk management measures,’ and that they must file a risk management report to the President outlining their current cyber defences within 90 days of the Order being issued. / read more

On 12 May 2017, the WannaCry ransomware virus hit more than 230,000 computers in over 150 countries. The attack exploited a security weakness in unpatched versions of Windows computers, encrypting data and demanding payment in cryptocurrency Bitcoin for its release. Among the organisations impacted by WannaCry were the UK’s National Health Service, Russia’s Ministry of Internal Affairs, and the car manufacturing plants of both Renault and Nissan. / read more


Features

The WannaCry ransomware attack has certainly managed to cause huge disruption all over the world. In the UK, the NHS has been the focus of much of the bad publicity, but it is not alone. Some famous-name global brands were affected, as was the Russian Interior Ministry and, according to the South China Morning Post, many tens of thousands of Chinese and Hong Kong entities. / read more

The PRC Cyber Security Law, set to come into force on 1 June 2017, includes a controversial requirement that all personal data and other important business data which operators of critical information infrastructure collect in China be stored in China and that if export of such data is necessary for business reasons, a security assessment procedure must be passed (the ‘Security Assessment Requirement’). To provide further details on the requirement, the Cyberspace Administration of China (‘CAC’) issued on 11 April 2017 draft ‘Measures on Security Assessment For Export of Personal Information and Important Data’ (the ‘Data Export Measures’) for public consultation. These Data Export Measures, if adopted in their current form, will have a significant impact on multinational companies which store and process personal and important business data on a global basis. Xun Yang, Of Counsel at Simmons & Simmons, provides a breakdown of the Security Assessment Requirement and the concerns surrounding the Data Export Measures. / read more

Robert D. Brownstone and Kevin K. Moore, of Fenwick & West LLP, here leverage their ‘law plus technology synergy’ that the pair offer in their practice to provide a unique perspective on cyber security defence, focusing on the ways that law, technology and employee-training intersect. / read more

On 12 May 2017, as this article was being finalised, the latest cyber attack to hit the headlines spread fear across the globe. The ‘WannaCry’ ransomware attack, estimated to have hit over 150 countries, exploited a flaw in Microsoft Windows identified by (and stolen from) US intelligence. Ransomware demanded payments of $300 (£230) to restore access, doubling the fee after three days and threatening permanent deletion after seven. The most high profile victim was the UK’s NHS, with one in five NHS Trusts said to have been hit by the virus. For these organisations the cost was not just financial, with the freezing of patient data leading to the cancellation of operations and disruption to treatment. Coming hot on the heels of major surveys on the impact of cyber security breaches, the attack acts as a wakeup call to UK businesses. In modern business it is a case of when, not if, a business will suffer a cyber attack. Jennifer Agate, Senior Associate at Foot Anstey LLP, considers in this article cyber security in the wake of the WannaCry cyber attack and statistics released by the UK’s Department for Culture Media and Sport (‘DCMS’) in April 2017. / read more

In March 2017 an interdisciplinary governmental work group finalised its work on Poland’s Strategy for Cyber Security for 2017-2022 (‘Strategy’), which has been approved by a resolution of the Council of Ministers. The main purpose of the Strategy is to achieve a significantly higher level of cyber security in Poland within the next five years. The document is also aimed at offering the Polish Government a set of tools to protect cyber space. Ewa Kurowska-Tober and Łukasz Czynienik of DLA Piper Poland provide an overview of the Strategy and what it aims to achieve. / read more

Over the spring of 2017 the UK’s Cyber Essentials Scheme will be rolled out across Canada. Marlon Hylton, Partner and Head of E-Discovery and Information Governance at Cassels Brock & Blackwell LLP, discusses Canada’s Cyber Security Strategy, the adoption of Cyber Essentials in Canada and the need to proactively combat cyber threats. / read more

Due to rapidly growing industry demand as well as the significant cyber attacks of the past year, the Australian Government’s annual review of its Cyber Security Strategy (‘Strategy’) has resulted in a call by Prime Minister Malcolm Turnbull for new goals to be set. As the Government releases the Australian Cyber Security Sector Competitiveness Plan (‘Plan’), Paul Kallenbach and Leah Mooney of Minter Ellison assess the new goals for cyber security in Australia. / read more

The Computer Misuse and Cybersecurity Act (‘CMCA’) is one of the most often amended pieces of legislation in Singapore. That should come as no surprise as the area of cyber security and computer misuse is rapidly evolving. Since its introduction in 1993, the CMCA has been amended no less than six times, which includes being renamed from the original Computer Misuse Act. It is in the same vein that the Computer Misuse and Cybersecurity (Amendment) Act 2017 was introduced in Parliament in March 2017 and passed in April. The evolution of the sophistication of hacking operations as well as the increasingly transnational nature of cyber crime has resulted in the necessity for this new round of amendments. In addition, Singapore has also indicated that it will seek to beef up its cyber security legislation, probably by enacting general cyber security legislation separate from the CMCA. Bryan Tan, Partner at Pinsent Masons, provides details on this round of amendments to the CMCA, which focus largely on the cyber crime and computer misuse elements. / read more


About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives



Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
Sign up for e-mail alerts
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed