On May 10, 2021, the hacking group DarkSide succeeded in shutting down the Colonial Pipeline with a ransomware attack that highlighted the vulnerability of the U.S. energy sector to cyberattacks. The attack led to a panic among many consumers in the Southeast, resulting in a fuel shortage throughout several states. According to media reports, Colonial Pipeline paid $4.4 million in ransom to DarkSide to get its system back online.… More
In Van Buren v. U.S., Supreme Court Clarifies Scope of CFAA, the Federal Anti-Hacking Statute
In Van Buren v. United States, the Supreme Court has issued its first ever opinion interpreting the Computer Fraud and Abuse Act. The CFAA, originally conceived as an anti-hacking statute, broadly prohibits, and imposes civil and criminal penalties for, accessing computers or computer systems “without authorization” or in a way that “exceeds authorized access.” 18 U. S. C. §1030(a)(2). The question before the Court was how far CFAA liability extends under that latter clause—“exceeds authorized access.” Does it apply merely to those allowed to obtain information from some parts of computer systems but not others? … More
Join Us: Cyber Risk, Hacking Ransom, and Insurance
The risks of owning and operating a business continue to change, and we must all adapt to survive and thrive.
Please join Foley Hoag partner Colin Zick- and a great panel of experts and advisors – to learn what you can do to mitigate against the rapidly evolving cyber threats to your business and your customers.
You are invited to a Zoom webinar.
When: Jun 17,… More
U.S. Department of Homeland Security Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators
On May 27, 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable DHS to better identify, protect against, and respond to threats to critical companies in the pipeline sector. (And for those in other business sectors, this is a potential preview of cybersecurity regulation to come.)
“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said Secretary of Homeland Security Alejandro N.… More
Cybersecurity Best Practices for Retirement Plans: How to Prepare for the Coming Department of Labor Cybersecurity Audits
Are your employer-sponsored retirement accounts exposed to cybersecurity threats? How should you and those who are entrusted with your retirement assets mitigate cybersecurity risks? The official who leads the Employee Benefit Security Administration of the U.S. Department of Labor (EBSA) addressed these questions at a recent conference, following EBSA’s April 14, 2021 release of cybersecurity guidance for retirement plans. The guidance outlines what actions plan sponsors,… More
Colonial Pipeline Cyberattack Highlights Vulnerability of Nation’s Energy Sector
This post is a follow up from our recent discussion of the cyberattack that took the 5,500-mile Colonial Pipeline offline last week and the growing threat ransomware poses to our nation’s energy system. On May 10, 2021, a group called DarkSide took responsibility for the ransomware and the FBI has since confirmed the group’s involvement. DarkSide indicated that the attack was financially, not politically, motivated. DarkSide,… More
President Biden Signs Executive Order to Improve Cybersecurity and Protect Federal Government Networks
On May 12, 2021, President Biden signed an Executive Order which is aimed at improving the nation’s cybersecurity and protecting federal government networks. The Executive Order has been in the works for some time, but the timing of its release is a response to the Colonial Pipeline ransomware attack.
According to the Fact Sheet issued by the White House, this Executive Order will:
- Remove barriers to threat information sharing between government and the private sector
- Modernize and implement stronger cybersecurity standards in the Federal Government
- Improve software supply chain security
- Establish a Cybersecurity Safety Review Board
- Create a standard playbook for responding to cyber incidents
- Improve detection of cybersecurity incidents on Federal Government networks
- Improve investigative and remediation capabilities
The overall impact of the Executive Order is limited,… More
Cyberattack Shuts Down Cross-Country Gas Pipeline System
It was not a matter of if, but when. On Friday, Colonial Pipeline Company, the largest U.S. fuel pipeline, closed its entire 5,500-mile pipeline system that carries liquid fuels, including gasoline, from the Gulf Coast of Texas to New York and surrounding communities. Colonial was forced to take these measures as result of a ransomware cyberattack. As of this Monday, Colonial’s main systems remain offline, but the company working to develop a restart plan for its pipeline system.… More
Turning Point Workshop Series: Cybersecurity and What You Need to Know
There’s been a lot of talk about “Cybersecurity”, but most people and business owners don’t fully understand where day-to-day IT stops and where Cybersecurity begins. Our panel of Cybersecurity experts will discuss the following topics from legal, accounting, and technology perspectives:
- What you need to know about Cybersecurity and your risks
- Why you and you clients should care about Cybersecurity
- Cybersecurity compliance issues
- The benefits of maintaining strong Cybersecurity practices
Date: Tuesday,… More
Ransomware Threats to Hospitals: Key Facts and Strategies for Protection
Ransomware Threats to Hospitals: Key Facts and Strategies for Protection
Webinar
Thursday, June 3, 2021 | 12 – 1:15 p.m. ET
Ransomware is a cybersecurity threat that is on the rise. These threats are constantly evolving, and every organization is vulnerable to a ransomware attack, data theft, and privacy breaches. The incidents are time-consuming to address, costly, and take a toll on public confidence in healthcare institutions at a time when you can least afford it.… More