Tag Archive for: Reporting

Final Rule Places New Cybersecurity Reporting Requirements On Banks – Finance and Banking

/in



United States:

Final Rule Places New Cybersecurity Reporting Requirements On Banks

09 March 2022


Crowe & Dunlevy



To print this article, all you need is to be registered or login on Mondaq.com.

Last month, the Federal Reserve System’s Board of Governors,
the Federal Deposit Insurance Corporation and the Office of the
Comptroller of the Currency approved a final rule that places
reporting requirements on banks and banking service providers.
Under this new rule, banks must report cybersecurity incidents
within 36 hours to federal regulators. In addition, banking service
providers must notify banks as soon as possible after suffering a
computer security incident. This new rule also requires banks to
inform customers of any computer security incident lasting more
than four hours.

This new rule is part of a current trend of requiring critical
infrastructures to report cybersecurity incidents. This rule goes
into effect starting April 1, 2022, and banks are required to be in
compliance by May 1, 2022. While the rule doesn’t go into
effect until next year, there are several ways that banks and
service providers can get prepared.

  1. Determine who will be responsible for reporting the
    incident to the regulators.     Cybersecurity incidents are
    stressful. While the rule provides a more extended deadline than
    the 12-hour reporting requirement for pipelines, 36 hours is still
    a quick turnaround. Taking the time now to identify the person
    responsible will…

Source…

China’s plans for a national cybersecurity barrier. A US Federal role in the open-source software supply chain? A look at proposed reporting deadlines.

/in


CISA: Federal Agencies Taking Steps to Address Log4j Flaw (Decipher) CISA said that thousands of internet-connected assets have been mitigated by federal agencies under its Emergency Directive that addressed the Log4j flaw.

CISA Still Helping Federal Agencies Remediate Log4j Vulnerability (MeriTalk) The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that it is continuing to help Federal agencies remediate the Log4j vulnerability that CISA first warned about in December.

Lesson from Log4j: Open-source software improvements need help from feds (POLITICO) The tech industry is readying solutions to the security risks posed by the collaborative software that underpins modern-day computing — but aid from Washington could be essential to the project’s success.

The Case for Cyber-Realism (Foreign Affairs) Geopolitical problems don’t have technical solutions.

Russian troops intervene in protest-roiled Kazakhstan, where security forces have killed dozens of demonstrators (Washington Post) Russian troops landed in Kazakhstan on Thursday after the Central Asian country’s president asked for help to quell sweeping anti-government protests — a major test of a Moscow-led military alliance as the Kremlin deepened its role in the crisis.

Kazakh president gives shoot-to-kill order to put down uprising (Reuters) Kazakhstan’s president said on Friday he had ordered his forces to shoot-to-kill to deal with disturbances from those he called bandits and terrorists, a day after Russia sent troops to put down a countrywide uprising.

Kazakhstan unrest: From Russia to US, the world reacts (Al Jazeera) Bloody protests have drawn the attention of regional powers Russia and China, as well as Western capitals.

West must stand up to Russia in Kazakhstan, opposition leader says (Reuters) The West must pull Kazakhstan out of Moscow’s orbit or Russian President Vladimir Putin will draw the Central Asian state into “a structure like the Soviet Union”, a former minister who is now a Kazakh opposition leader told Reuters.

How Kazakhstan could shift Putin’s calculus on Ukraine (Atlantic Council) The unrest poses a question for Putin: Should he continue…

Source…

Federal Agencies Announce a New 36-Hour Cybersecurity Incident Rule Reporting Requirement | Cozen O’Connor

/in


On November 18, 2021, the Office of the Comptroller of the Currency (“OCC”),  the Board of Governors of the Federal Reserve System (“Board”), and the Federal Deposit Insurance Corporation (“FDIC”) (collectively, the “Agencies”) issued a new rule (the “Rule”) that requires banking organizations and their bank service providers to report any “significant” cybersecurity incident within 36 hours of discovery, as set forth in the Federal Register (see 12 CFR Part 53 for the OCC, 12 CFR Part 225 for the Board and 12 CFR Part 304 for the FDIC). Due to the frequency and severity of cyberattacks on the financial services industry, the Rule is intended to promote the timely notification of “computer-security incidents” (as defined below) that may materially and adversely affect entities regulated by the Agencies. The Rule takes effect on April 1, 2022, with full compliance required by May 1, 2022.

Which entities does this Rule apply to?

The Rule applies to FDIC, Board, and OCC regulated “banking organizations.” The definition of a banking organization differs based on the applicable federal regulator:

  • FDIC: an FDIC-supervised insured depository institution, including all insured state nonmember banks, insured state-licensed branches of foreign banks, and insured state savings associations
  • Board: a U.S. bank holding company, U.S. savings and loan holding company, state member bank, the U.S. operations of foreign banking organizations, and an Edge Act or agreement corporation
  • OCC: a national bank, federal savings association, or federal branch or agency of a foreign bank

The Rule also applies to a “bank service provider,” which is defined as a “bank service company” or other person who performs “covered services,” which are services performed by a “person” that are subject to the Bank Service Company Act (“BSCA”) (12 U.S.C. §§ 1861–1867). Services covered by the BSCA include check and deposit sorting and posting, computation and posting of interest, preparation and mailing of checks or statements, and other clerical, bookkeeping, accounting, statistical, or similar functions such as data processing, online banking, and mobile…

Source…

How reporting on the Middle East prepared one journalist to cover Facebook

/in


For Sheera Frenkel, a New York Times reporter and the co-author of An Ugly Truth: Inside Facebook’s Battle for Domination covering the social media giant was a result of “happenstance.” 

As a freelance foreign correspondent, Frenkel published her first big stories from Israel, although she actually got her start in South America. Frenkel, who speaks Hebrew and Arabic, moved to the Middle East in search of stories to report just before Israel’s disengagement from the Gaza Strip in 2005.

“I left stuff with a friend in Argentina because I was so sure that I was just going to be gone for six months,” she recalled. “I have not been back to Argentina since then, and who knows what happened to my suitcases.”

She joined The New York Times in 2017, assigned to the cybersecurity beat. “I was very, very pregnant, and pretty much immediately after joining, I went on maternity leave,” Frenkel told Jewish Insider in a recent phone interview. The end of her maternity leave coincided with the departure of the paper’s Facebook beat reporter, who left to write his own book on the company. 

“They needed somebody that could fill in for a couple months while he was off writing his book,” Frenkel recalled. 

Four years later, Frenkel has become a must-follow reporter on the Facebook beat — an auspicious place to be, as news about the company’s pursuit of profit at all costs continues to emerge. Last week, Frances Haugen, a former Facebook employee-turned-whistleblower,  testified to Congress about how Facebook executives, including CEO Mark Zuckerberg, suppressed internal research demonstrating the harms of the company’s products, especially Instagram. Frenkel felt vindicated.

“It was, I would say, incredibly satisfying to see the receipts, in a way, for everything we had been told for years,” she said.  

In conversation with JI, Frenkel talked about what covering authoritarian governments taught her about the social media giant, how to use Facebook responsibly and why she separates her Jewish identity from her reporting. 

This conversation has been edited and condensed for length and clarity. 

Jewish Insider: To start with recent…

Source…