On May 14, 2018, the Department of Energy (“DOE”) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (the “Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Taken together with DOE’s recent announcement creating the new Office of Cybersecurity, Energy Security, and Emergency Response (“CESER”), DOE is clearly asserting its position as the energy sector’s Congressionally-recognized sector-specific agency (“SSA”) on cybersecurity. Continue Reading Department of Energy Announces New Efforts in Energy Sector Cybersecurity
On May 8, 2018, Senator Ron Wyden (D–OR) demanded that the Federal Communications Commission investigate the alleged unauthorized tracking of Americans’ locations by Securus Technologies, a company that provides phone services to prisons, jails and other correctional facilities. Securus allegedly purchases real-time location data from a third-party location aggregator and provides the data to law enforcement without obtaining judicial authorization for the disclosure of the data. In turn, the third-party location aggregator obtains the data from wireless carriers. Federal law restricts how and when wireless carriers can share certain customer information with third parties, including law enforcement. Wireless carriers are prohibited from sharing certain customer information, including location data, unless the carrier has obtained the customer’s consent or the sharing is otherwise required by law. Continue Reading Senator Wyden Calls for FCC Investigation into Company Sharing Location Data
On April 26, 2018, the U.S. Senate confirmed by unanimous consent all five pending nominees to the Federal Trade Commission. Once installed, the agency will have a full complement of Commissioners for the first time in nearly three years. The FTC will be comprised of three Republicans — Joseph Simons (Chairman), Noah Joshua Phillips and Christine Wilson — and two Democrats — Rebecca Kelly Slaughter and Rohit Chopra.
On March 15, 2018, the Trump Administration took the unprecedented step of publicly blaming the Russian government for carrying out cyber attacks on American energy infrastructure. According to a joint Technical Alert issued by the Department of Homeland Security and the FBI, beginning at least as early as March 2016, Russian government cyber actors carried out a “multi-stage intrusion campaign” that sought to penetrate U.S. government entities and a wide range of U.S. critical infrastructure sectors, including “organizations in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors.” Continue Reading U.S. Blames Russia for Cyber Attacks on Energy Infrastructure
What were the hottest privacy and cybersecurity topics for 2017? Our posts on the EU General Data Protection Regulation (“GDPR”), EU-U.S. Privacy Shield, and the U.S. executive order on cybersecurity led the way in 2017. Read our top 10 posts of the year. Continue Reading Privacy and Information Security Law Blog’s Top 10 Posts of 2017
On October 19, 2017, the White House announced that President Donald J. Trump plans to nominate two individuals to serve as commissioners of the Federal Trade Commission. President Trump selected Joseph Simons to lead the FTC as its chairman for a seven-year term, beginning September 26, 2017. Simons’ background primarily has focused on antitrust matters. From June 2001 to August 2003, he led the FTC’s antitrust initiative as Director of the FTC’s Bureau of Competition.
On August 22, 2017, the National Infrastructure Advisory Council (“NIAC”) issued a report entitled Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure (“NIAC Report”). NIAC was first created in 2001 shortly after the 9/11 attacks and advises the President on information security systems in banking, finance, transportation, energy, manufacturing and emergency government services. The NIAC Report notes that sophisticated and readily available malicious cyber tools and exploits have lowered the barrier to cost and increased the potential for successful cyber attacks. According to the NIAC Report, “[t]here is a narrow and fleeting window of opportunity before a watershed, 9/11-level cyber attack to organize effectively and take bold action.” Continue Reading NIAC Issues Recommendations to Improve Critical Infrastructure Cybersecurity
On May 11, 2017, President Trump signed an executive order (the “Order”) that seeks to improve the federal government’s cybersecurity posture and better protect the nation’s critical infrastructure from cyber attacks. The Order also seeks to establish policies for preventing foreign nations from using cyber attacks to target American citizens.
On April 3, 2017, President Trump signed a bill which nullifies the Broadband Consumer Privacy Rules (the “Rules”) promulgated by the FCC in October 2016. The Rules largely had not yet taken effect. In a statement, FCC Chairman Ajit Pai praised the elimination of the Rules, noting that, “in order to deliver that consistent and comprehensive protection, the Federal Communications Commission will be working with the Federal Trade Commission to restore the FTC’s authority to police Internet service providers’ privacy practices.”
On January 25, 2017, President Trump issued an Executive Order entitled “Enhancing Public Safety in the Interior of the United States.” While the Order is primarily focused on the enforcement of immigration laws in the U.S., Section 14 declares that “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.” This provision has sparked a firestorm of controversy in the international privacy community, raising questions regarding the Order’s impact on the Privacy Shield framework, which facilitates lawful transfers of personal data from the EU to the U.S. While political ramifications are certainly plausible from an EU-U.S. perspective, absent further action from the Trump Administration, Section 14 of the Order should not impact the legal viability of the Privacy Shield framework.