Beginning in April 2018, the General Services Administration (GSA) will publish for 60 days of public comment updates to its cybersecurity requirements for eventual integration into the GSA Acquisition Regulation (GSAR). [GSAR Case 2016-G511, Information and Information Systems Security, 83 Fed. Reg. 1941 (Jan. 12, 2018).] Then, beginning in August 2018, the GSA will publish for 60 days of public comments updates to its cyber incident reporting requirements for GSA contractors. [GSAR Case 2016-515, Cyber Incident Reporting, 83 F.R. 1941 … Read More
A recent GAO decision denying a contractor’s protest because of cybersecurity concerns offers contractors four lessons on how to avoid making the same mistakes.
I. Background Facts and Decision
Syneren Technologies Corporation was one of 20 contractors who responded to a Navy RFP to award an ID/IQ contract for IT systems and software to support human resource operations involving a variety of business enterprise services. The work was to be performed at a government facility and involved DoD and Navy … Read More
Ohio is poised to lead the nation by incentivizing businesses to implement certain cybersecurity controls, which can be an affirmative defense to a data breach claim based on negligence. Under the proposed legislation, if a business is sued for negligently failing to implement reasonable information security controls resulting in a data breach, the business can assert its compliance with the cybersecurity control as an affirmative defense at trial.
For years we have counseled our clients to implement a comprehensive data … Read More
You may have heard news recently that federal government agencies were directed to stop using products made by the computer security vendor Kaspersky Lab because of potential security risks from links between Kaspersky officials and the Russian government. The directive was issued by the U.S. Department of Homeland Security (DHS) Secretary Elaine Duke on Sept. 13, 2017.
Kaspersky products have broad access to files and elevated privileges on the computers on which they are installed. As a result, the DHS … Read More
A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.
Q: I have been hit with a ransomware attack, what are my options?
A: You can pay the ransom with the hopes of getting your … Read More
Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.
- Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your
The saga surrounding the St. Louis Cardinals hacking scandal concluded with the issuance of a final punishment from MLB. The scandal stemmed from the actions of the former Cardinals scouting director Chris Correa, after he illegally accessed the e-mail accounts of members of the Houston Astros front office as well as their scouting database. The Cardinals were ordered to forfeit their top two selections in the upcoming 2017 amateur draft to the Astros and pay them two million dollars within … Read More
One overlooked aspect of cybersecurity is training for the employees at your company in proper data management practices. All of the technical measures that a company employs to guard against intrusions do not matter when an employee knowingly or unknowingly circumvents those measures. Proper training can help to reduce the number of incidents and lower your chances of suffering from a data breach.
- Password Management – Proper password management is key to any cybersecurity program. The technical barriers to entry
Guides and best practices against cyber-attacks often provide only the illusion of security. In an attempt to turn that illusion into reality, the National Cybersecurity Center of Excellence at the National Institute of Standards and Technologies (NIST) intends to create a lab environment to simulate, test, and address cybersecurity problems for robotic-based and chemical manufacturing processes through standards-based solutions using commercially available software.
The intent is to produce a series of NIST Cybersecurity Practice Guides for four cybersecurity capabilities for … Read More
To effectively guard against an enemy of any kind it’s important to know your enemy. This strategy is just as effective when fighting an online battle to protect your company’s data.
Before you can effectively defend against cyberattacks, it is important to educate yourself on potential threats and how to handle them. We invite you to join us on September 7 for part two of the Columbus Cybersecurity Series featuring FBI agent David Fine returns. During this portion of the … Read More
The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).
However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a … Read More
The U.S. Department of Defense published its Network Penetration Reporting and Cloud Computing Services regulations as an interim rule in August 2015 and updated them in December 2015. Watch this new webinar replay at your convenience to learn about the regulations, how they may impact your business, and the concerns of industry groups. Click HERE to watch the webinar in its entirety.
Manufacturers and utilities that incorporate widely-available, low-cost internet protocol devices into their industrial control systems are at an increased risk for cyber-attacks. The National Institute of Standards and Technology (NIST), which is responsible for developing information security standards and guidelines to protect the nation’s critical infrastructures, recently published the Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, Revision 2, released May 2015. This publication provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory … Read More
This is the first of a three-part series on the implications of cybersecurity threats on boards of directors.
Now, more than ever, corporate boards face an immense challenge to ensure that their companies are prepared for cybersecurity threats before they occur. It is not question of if a corporation will be hit by a cybersecurity incident or data breach, but when.
The Existing Cybersecurity Landscape and Associated Risks
The landscape that corporate boards face has never been more treacherous, with … Read More