On September 27, 2018, as part of the Department of Justice’s (DOJ) cybersecurity roundtable discussion, the DOJ’s Cybersecurity Unit issued Best Practices for Victim Response and Reporting of Cyber Incidents (the Best Practices), including a Cyber Incident Preparedness Checklist. As noted by the DOJ, the Best Practices do not have the force of law, and they are “not intended to have any regulatory effect.” Regardless, the Best Practices provide insight into the DOJ’s concerns with respect to cybersecurity and its expectations regarding organizations’ levels of effort on cybersecurity.
The newly published Best Practices are an update to the Best Practices issued in April 2015. Notable items in the updated Best Practices are:
- Integration of CISA to the Best Practices: The Best Practices incorporate the Cybersecurity Information Sharing Act of 2015 (CISA), which “provides private entities with broad authority to conduct cybersecurity monitoring of their own networks, or a third party’s networks with appropriate consent.” CISA provides an exception to other potentially conflicting laws, such as the Wiretap Act and the Pen Register/Trap and Trace Act, as long as the CISA requirements are met. Under CISA, private entities are permitted to monitor information or an information system for a “cybersecurity purpose,” which means a “purpose of protecting an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity threat or security vulnerability.” CISA is also meant to promote sharing information about cybersecurity threats by affording protections to private entities against certain liabilities (as long as CISA requirements are met).
- Descriptions of basic cybersecurity procedures: The Best Practices describe several protocols as basic cybersecurity procedures. Specifically, they recommend: (i) a reasonable patch management program to address software vulnerabilities; (ii) access controls and network segmentation to limit the data at risk; and (iii) maintenance of copies of server logs Continue Reading