Episode 364: Does Good Ransomware Coverage Have To Be Boring? – Know-how
Episode 364: Does a Good Ransomware Policy Have to Be Boring?
June 03, 2021
Steptoe & Johnson LLP
To print this article, all you need to do is register or log in to Mondaq.com.
Download the 364th episode (mp3).
- We don’t get very far into my interview with the authors of a widespread Ransomware Task Force report before I argue that most of its recommendations are “boring” procedural steps that do not directly address the ransomware scourge. This leads to a lively dialogue with Philip Reiner, Executive Director of the Institute for Security and Technology (IST), the sponsoring organization of the report, Megan Stifel from the Global Cyber Alliance and Chris Painter from the Global Forum on Cyber Expertise Foundation. Indeed, among the nearly 50 proposals in the report, we find several new and by no means boring recommendations.
- In the news summary, Dmitri Alperovitch has an answer to my question: “Is Putin getting a grip on US social media?” Not just Putin, but every other major authoritarian government is finding ways to take control of Google, Twitter, and Facebook. In the case of Russia, the method is first a token fine, then a gradual throttling of service delivery that makes domestic competitors look better compared to the Silicon Valley brand.
- Mark MacCarthy obstructs Epic’s lawsuit against Apple. The judge is clearly determined to raise concerns on both sides that the case will not go well. And our best guess is that Epic might get some form of relief, but not the result they were hoping for.
- Dmitri and I are amazed at the speed and consensus on regulatory approaches to the Colonial Pipeline ransomware event. It is very likely that the attack is fueling cyber incident reporting laws (and without any liability cover) and aggressive security regulations from the competent authority – TSA. I offer a cynical Washington perspective on why the TSA acted so decisively.
- Mark and I are concerned with the signing and immediate lawsuit of Florida social media regulation that attacks common content moderation issues. Florida will face an uphill battle, but none of us will be convinced by the tech press claim that the law is being “laughed at out of court.” Almost everything in the law is serious except for the absurd (and likely severable) exception for Florida theme park owners.
- Dmitri is running the DeHyping Machine over reports that the Russians have responded to Biden government sanctions by delivering another cyberpunch in the form of hijacked USAID emails. It found that the attack was cyber espionage for garden varieties, that the compromise did not include access to USAID networks, that it started before sanctions and did not get very far.
- Jordan Schneider explains the impact of S.’s government policy on the wireless industry and the appeal of Open RAN as a way to end the current incumbent. US industrial policy could be changed by the shape-changing Endless Frontier Act.
- Jordan and Dmitri explain how. I wonder if we see deep convergence in industrial policy on both sides of the Pacific after President XI delivered a technology policy speech that could have been given by half a dozen Republican or Democratic senators.
- Finally, Dmitri is reviewing cryptocurrency regulation bids in both the White House and London.
In short hits we cover:
- The decision by the European Court of Human Rights to suppress, but not entirely kill, the GCHQ’s bulk data surveillance programs and cooperation with the US, offers a possible explanation for the court’s caution.
- A court motion that strongly suggests the Biden administration will not abandon a controversial Trump administration rule that requires visa applicants to register their social media addresses with the US government. I speculate why.
- And finally, a festival of EU competition law Brussels attacks on Silicon Valley, from Germany to France.
As always, The Cyberlaw Podcast is open to feedback. Be sure to keep in touch with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember, if your proposed guest shows up on the show, we’ll send you a much sought-after Cyberlaw podcast mug!
The content of this article is intended to provide general guidance on the subject. Expert advice should be sought regarding your specific circumstances.
POPULAR ARTICLES ON: Technology Made in the United States