Thursday, December 31, 2015
Cybersecurity and Internet of Things in the Last Quarter
Cybersecurity and internet of things did capture Capitol Hill in this last quarter of 2015, pardon the football metaphor, and needless to say net-neutrality as well. With physical objects being interconnected and collecting user data and sharing data as well, regulators and privacy groups saw the improved efficiency accompanied with the torment of loss privacy and weakened security for our personal information. To the innovators legally counseled to promote their illuminating and startling ideas, greater opportunities are being created seamlessly integrating the physical objects of our life with computerized hardware through cyber means. This innovative wave is not only touching your refrigerator, iPad, Fitbit, automobile, mobile pay system, but also your neighboring nuclear power plant, airport’s air traffic control tower, and ubiquitous mosquito-like drones. This interconnectedness is accompanied with greater vulnerabilities for our privacy, financial accounts, and personal safety from cyber hacking efforts and the concerns have, as said before, captured Capitol Hill.
For instance, the Nuclear Regulatory Commission (NRC) seeing this concern has issued a startling statement about needed security requirements adding ‘cybersecurity notification requirements’ upon event detection. This alarming awareness of a regulatory requirement comes after the NRC has ‘become’ aware of the likelihood of terrorist cyber intrusions which will require nuclear reactors to notify agency regulators of security breach events. One would think that this intuitive step is overdue and that a nuclear power plant would already have in place security advisory procedures to not only apprise the regulatory agency but as well apprise the public. Let’s be thankful that they see it as a critical need.
Also, early this December the Fixing America’s Surface Transportation Act (FAST Act) was signed into law covering a plethora of initiatives. One worthy of note was relaxing the banking requirement under Gramm-Leach-Bliley (GLB) of submitting privacy notices, electronically (consent required) to customers. This relaxation under Section 75001 is effective so long as there were no changes to the financial institution’s information sharing requirements and that there information sharing does not require a customer opt-out. The Act as well touches upon privacy concerns regarding the sharing of confidential financial information, enacting the Driver Privacy Act of 2015, securing and improving means of communications using Internet of Things to improve transportation in communities and their outlying areas. The Act also requires the reporting to Congress by the Secretary of Transportation on the use of Internet of Things by states, cities and communities, on privacy and security best practices, among other issues related to transportation.
Moreover, the House Cybersecurity Caucus is embroiled with the White House and other agencies over the need to assess the restrictions on legitimate exports of ‘security intrusion software’ and the redefinition of ‘defensive security’ and offensive security.’ State, the Commerce Department and the Department of Homeland Security, are deliberating over the reclassification of the technology and the allowance of the export to facilitate integrity network testing from overseas and improve detection of malicious cyber events. With the intention for implementing improved notice requirements, easily transferred ‘defensive security technology’, and securing information sharing we may possibly all have a happy new year.
Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.