Crossroads Blog | Institute National Security and Counterterrorism

Cybersecurity, Data Breaches, Federal Trade Commission, NIST

Cyber Round Up: Cybersecurity in Federal Procurement, FTC to Police Cybersecurity, NIST Cyber Standards Report

  • Guidance Memorandum Drafted to Improve Cybersecurity (The National Law Review):  The Office of Management and Budget (“OMB”) issued a draft memorandum aimed at improving cybersecurity protections in the Federal acquisitions sector.  The proposed guidance imposes requirements on two types of systems: 1) systems “operated on behalf of the government” such as data processing services; and 2) “internal contractor systems” used to provide a product or service for the government where Controlled Unclassified Information (“UCI”) is processed incidental to the performance of the contract.  The OBM advises the Federal Acquisition Regulatory Council to amend the Federal Acquisition Regulation (“FAR”) to include contract clauses that address five cyber-related areas: 1) security controls, 2) cyber incident reporting, 3) information system security assessments, 4) information security continuous monitoring, and 5) business due diligence. Read the full article here.
  • Cybersecurity Within FTC’s Purview (Reuters.com):  On August 24, a U.S. Circuit Court of Appeals in Philadelphia held that the FTC has the authority to regulate corporate cyber security.  The ruling allows the FTC to pursue lawsuits against corporations for failing to properly protect consumers’ information.  This case involves hackers that breached hotel operator Wyndham Worldwide Corp’s computer system stealing credit card and other customer information, leading to over $10.6 million in fraudulent charges.  Read the full article here.
  • NIST Publishes Cybersecurity Standards Objectives (The National Law Review):  The National Institute of Standards and Technology (“NIST”) published a draft of its objectives for cybersecurity standardization.  Instead of adopting government specific standards, the draft suggests that federal agencies should support development of international consensus standards in cybersecurity areas such as cryptographic techniques, IT system evaluation, identity management, network security, software assurance, and supply chain risk.  The report includes a matrix that may be used by agencies and industries as a roadmap for developing cybersecurity standards. Read the report here.

Leave a Reply

Bitnami