After Colonial hack, DHS issues first cybersecurity regulation for pipelines

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

The Department of Homeland Security has issued the first cybersecurity regulation for the pipeline sector.

The regulation, issued Thursday morning, is part of the Biden administration’s efforts to bolster security for national infrastructure after a company that operates the largest fuel pipeline in the country was hit with a ransomware attack earlier this month.

Colonial Pipeline shut down all pipeline operations after it was hacked by a group believed to be Russian criminals, who locked some of its computers and demanded a ransom to set them free.

While Colonial was able to restart operations within five days, it had already become one of the most impactful cyberattacks in American history. The United States issued an emergency order to allow truckers to drive overtime to help transport fuel, and gas stations across the country reported outages. Colonial CEO Joseph Blount told The Wall Street Journal he quickly paid the hackers’ $4.4 million demand, but that their program to restore their systems was so slow he hired outside computer experts to do it instead.

While DHS’ Cybersecurity and Infrastructure Security Agency provides guidance to U.S. companies that handle the country’s infrastructure, there are few federal government requirements for them to have even basic cybersecurity measures in place.

Under the new regulation, roughly 100 pipeline companies will be required to keep a cybersecurity coordinator on call at all times, and to report any incident to the Cybersecurity and Infrastructure Security Agency within 12 hours. 

In a call DHS held with reporters Wednesday evening, one senior agency official, who requested to not be named as part of the terms of the call, said that pipeline companies found out of compliance with the new regulation would face escalating fines starting around $7,000.

“There are financial penalties associated with failure to comply with security directives, and those can be imposed on a daily basis, so they can ramp up pretty significantly over time,” the official said.

Bryson Bort, a cybersecurity consultant and founder of the ICS Village, a nonprofit that advocates for industrial cybersecurity, said that while he didn’t expect the regulation…


Government and industry push bitcoin regulation to fight ransomware

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Government and industry officials confronting an epidemic of ransomware, where hackers freeze the computers of a target and demand a payoff, are zeroing in on cryptocurrency regulation as the key to combating the scourge, sources familiar with the work of a public-private task force said.

In a report on Thursday, the panel of experts is expected to call for far more aggressive tracking of bitcoin and other cryptocurrencies. While those have won greater acceptance among investors over the past year, they remain the lifeblood of ransomware operators and other criminals who face little risk of prosecution in much of the world.

Ransomware gangs collected almost $350 million last year, up threefold from 2019, two members of the task force wrote this week. Companies, government agencies, hospitals and school systems are among the victims of ransomware groups, some of which U.S. officials say have friendly relations with nation-states including North Korea and Russia.

“There’s a lot more that can be done to constrain the abuse of these pretty amazing technologies,” said Philip Reiner, chief executive of the Institute for Security and Technology, who led the Ransomware Task Force. He declined to comment on the report before its release.

Just a week ago, the U.S. Department of Justice established a government group on ransomware. Central bank regulators and financial crime investigators worldwide are also debating if and how cryptocurrencies should be regulated.

The new rules proposed by the public-private panel, some of which would need Congressional action, are mostly aimed at piercing the anonymity of cryptocurrency transactions, the sources said. If implemented, they could temper enthusiasm among those who see the cryptocurrencies as a refuge from national monetary policies and government oversight of individuals’ financial activities, having surged past $1 trillion in total capitalization.

The task force included representatives from the FBI and the United States Secret Service as well as major tech and security companies. It will recommend steps such as extending “know-your-customer” regulations to currency exchanges; imposing tougher licensing requirements for those processing…


Biometrics Experts and New Study Highlight How Behavioral Biometrics Supports Strict Regulation and Offers Better Data Privacy Protections

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

News and research before you hear about it on CNBC and others. Claim your 1-week free trial to StreetInsider Premium here.

New report from Biometrics expert, Goode Intelligence draws insights from BehavioSec and law firm Osborne Clarke to analyze how behavioral biometrics technology can be successfully implemented in compliance with GDPR, CCPA, and similar regulations

BehavioSec, the industry pioneer and technology leader for behavioral biometrics and continuous authentication, today announced new findings that organizations and consumers can feel more comfortable with wider use of behavioral biometrics to safeguard their online digital experiences and identities.

Following a year of digital transformation on a societal level, the demand for better online user experience and a stronger level of digital identity protection has become essential. With a year when the world has seen a combination of personal data theft with new rulings and proposed legislation, like the EU Schrems II in July 2020 and the US National Biometrics Information Privacy Act in August [US Senators Merkley, D-OR and Sanders, I-VT], the need for expert guidance has never been higher. BehavioSec shares this research and a company milestone to highlight how behavioral biometrics can be adopted transparently with clear benefits, and in compliant fashion with comprehensive data protection laws. These include measures like the European General Data Protection Regulation (GDPR), the European Commission’s PSD2/SCA and its Open Banking mandate, the US California Consumer Privacy Act (CCPA) and similar, anticipated requirements of regulations proposed in other regions.

To validate the safe use of behavioral biometrics at a time when headlines are full of allegations about technologies like facial recognition and “deep fake” simulations being abused, BehavioSec sponsored the report, “2021 Global Data Privacy Regulation of Physical & Behavioral Biometrics” by respected industry research firm Goode Intelligence. In the report, Chief Analyst Alan Goode dives into the relevance of current and proposed global privacy and data protection legislation on the successful and…


Data breach notification under e-privacy directive and General Data Protection Regulation – Lexology

Data breach notification under e-privacy directive and General Data Protection Regulation  Lexology
“data breach” – read more