cybersecurity

Subscribe to cybersecurity

On April 18, 2019, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) requesting comments on proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-012-1. As written, CIP-012-1 will require responsible entities to implement controls to protect communication links and data transmissions in an effort to mitigate cybersecurity risks to communications between

On 12 March 2019, the European Parliament issued its first position on the text proposed by the European Commission for a Regulation of the European Parliament and of the Council on ENISA (the European Union Agency for Network and Information Security), also known as the EU Cybersecurity Act.

Initiatives to build strong EU-wide cybersecurity

The EU Cybersecurity Act was proposed in 2017 to:

i) Provide a permanent mandate for ENISA (to replace its limited mandate that would have expired in 2020);

ii) Allocate more resources to ENISA to enable it to fulfil its goals; and

iii) Establish an EU framework for cybersecurity certification for products, processes and services that will be valid throughout the EU.

The European Parliament, Council and Commission reached an informal trialogue agreement on the proposal of the EU Cybersecurity Act in December last year. Now that the European Parliament adopted its first-reading position, it is expected that the European Council will adopt the proposed Regulation without further amendments. The Regulation will then be published into the EU Official Journal and will enter into force 20 days following that publication.Continue Reading The European Parliament adopts first stance to proposed EU Cybersecurity Act

China’s National Information Security Standardization Technical Committee issued draft amendments (Amendments) to the standards that govern the protection of personal information, “Information Security Technology – Personal Information Security Specification” (Standards, effective May 1, 2018) on February 1, 2019. The Standards provide guidance on interpreting China’s Cybersecurity Law (CSL) and set out best practices for the

On January 25, 2019, a settlement agreement was reached between a utility company, which allegedly violated the Critical Infrastructure Protection (CIP) Reliability Standards, and the North American Reliability Corporation (NERC). Through this settlement, NERC provides guidance to the electric industry for compliance with the CIP Reliability Standards. The substantial penalties should prompt companies to educate

In late 2018, the Federal Energy Regulatory Commission (FERC) published a final rule updating and adding to the Critical Infrastructure Protection (CIP) Reliability Standards, which are intended to help protect the bulk electric system (BES) in North America against cybersecurity risks. The final rule:

  • Creates a new Supply Chain Risk Management Reliability Standard (CIP-013-1)
  • Updates

Singapore has set up a new Telecom Cybersecurity Strategic Committee (TCSC) to develop a plan to tackle ‘next-generation cyber threats’ in the telecommunications sector.

The committee is expected to publish a strategy report and outline a roadmap for telecommunications operators to develop cybersecurity capabilities later in 2019. The report and roadmap will include recommendations for new initiatives such as capability development, technology innovation, regulation and international partnerships.

In his opening address at the inaugural Infocomm Media Cybersecurity Conference on 25 January 2018, Dr Janil Puthucheary, senior minister of state for the Ministry of Communications and Information, highlighted the following points.

As “Singapore aims to be a Smart Nation and a leading digital economy”, there is a vital need for cybersecurity. He added that the telecom industry is key and fundamental to secure Singapore’s connectivity infrastructure and services.

The government and telecommunication industry players should collaborate on cybersecurity matters. To date, some examples of such collaborative efforts include:

  • The Infocomm Media Development Authority of Singapore (IMDA)’s launch of the Infocomm Singapore Computer Emergency Response Team in 2015 to respond to cybersecurity threats within the telecommunications and media sectors; and
  • IMDA’s revision in 2018 of the Telecommunications Cybersecurity Code of Practice to ensure that best practices from the industry can be applied to the telecom space.
  • The TCSC will identify challenges, key telecommunication technologies and market developments that will shape the cyber threat landscape. This is to ensure that Singapore keeps up to date on global, technological and industry trends.

Continue Reading Singapore announces series of initiatives to boost cybersecurity in the telecoms sector

On 10 December 2018, the European Parliament, the Council of the European Union, and the European Commission reached agreement on the cybersecurity proposal put forward by the Commission.

The aim of the Commission’s proposal is to build strong cybersecurity standards in the EU, allowing the EU to become a global leader in cybersecurity. The proposal will benefit member states, businesses, and consumers by expanding the mandate of the European Union Agency for Network and Information Security (ENISA) to deal with cyberattacks across the EU and establishing an EU-wide certification process for businesses.

Commissioner Mariya Gabriel, who is in charge of Digital Economy and Society, has explained the motivation behind the proposal by stating: “Enhancing Europe’s cybersecurity, and increasing the trust of citizens and businesses in the digital society is a top priority for the European Union.”

Continue Reading Informal agreement reached on EU cybersecurity proposal

In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system.

The

The Food and Drug Administration (FDA) published a draft update to its premarket cybersecurity guidance for device makers on October 18, 2018. The expanded draft guidance includes recommendations on tiered classification of cybersecurity risk, trustworthiness, cybersecurity bill materials, and device cybersecurity labeling that are specific enough to be helpful to manufacturers while at the same

China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” went into effect on November 1, 2018. It is the latest regulation passed by China’s Ministry of Public Security that executes China’s Cybersecurity Law, which took effect in June of last year. The regulation gives China’s Public Security Bureaus (PSBs) broad