Department of Defense: Interim Rule on CyberSecurity

Data Breach

The Department of Defense has issued an Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS).

The specific focus is on new rules  which require contractor reporting on network penetrations.

Additionally, this Rule implements DoD policy on the purchase of cloud computing services.

The Interim Rule is here.

According to the Federal Registry:

This interim rule requires contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support. DoD is working to establish a single reporting mechanism for DoD contractor reporting of cyber incidents on unclassified information systems.

In addition, this rule also implements DoD policies and procedures for use when contracting for cloud computing services. The DoD Chief Information Officer (CIO) issued a memo on December 15, 2014, entitled “Updated Guidance on the Acquisition and Use of Commercial Cloud Computing Services” to clarify DoD guidance when acquiring commercial cloud services (See memo here: http://iase.disa.mil/cloud_security/Pages/docs.aspx). The DoD CIO also released a Cloud Computing Security Requirements Guide (SRG) Version 1, Release 1 on January 13, 2015, for cloud service providers to comply with when providing the DoD with cloud services (See SRG here: http://iase.disa.mil/cloud_security/Pages/index.aspx). This rule implements these new policies developed within the DoD CIO memo and the SRG in the DFARS to ensure uniform application when contracting for cloud services across the DoD. The combination of the two statutes as well as the cloud computing policy will serve to increase the cyber security requirements placed on DoD information in contractor systems and will help the DoD to mitigate the risks related to compromised information as well as gather information for future improvements in cyber security policy.

Data Breach
Florida Court Finds Data Breach Not Covered by Travelers / St. Paul CGL Insurance Policy

A federal court in Florida has ruled that the “personal injury” provisions of a Travelers / St. Paul commercial general liability (CGL) policy does not cover a data breach caused by third party hackers.  The court left unresolved the question whether the “property damage” or the costs of compliance with …

Data Breach
Christopher Hopkins Speaks to ASIS International (Broward / Fort Lauderdale) Regarding Anatomy of a Data Breach Lawsuit

Special thanks to ASIS International (Broward County, Florida chapter) for inviting me to speak to them about data breach and cyber security litigation. You can review my powerpoint, here, which explains data breaches in general and then discusses how claims / litigation arises.  Most importantly, we discussed how companies can …

Data Breach
Want to Try Anonymity on the Internet or the Dark Web? New Tor Browser 8 is here… and free

The Tor browser, which helps anonymize your internetting, has been updated to version 8.  It’s free and worth having on your desktop. First, these steps simple install a secondary browser on your computer.  No spyware.  It’s not illegal.  It’s just a simple browser. Download it here.  It will ask you …