Major companies, health care organizations and government agencies are facing a wave of cyberattacks involving ransomware that takes control of computers and denies access until a ransom is paid. These attacks are occurring on a global scale and in some cases are having a significant impact on business and healthcare operations. The cyberattack has disrupted targets throughout the world from Britain’s National Health Service to US Fortune 500 companies, the Russian Foreign Ministry, and universities in China.
The Internet of Things continues to draw broad interest from policymakers and regulators around the globe. Following on the heels of a major distributed denial-of-service attack in October 2016 that leveraged potentially millions of compromised IoT devices, members of Congress have sent letters to US federal agencies regarding the risks posed by insecure IoT devices and held a hearing about what if anything should be the US federal response to such IoT-driven cyberattacks. Against that backdrop, in November 2016 two US federal agencies have issued guidance on securing IoT.
The Cybersecurity Information Sharing Act of 2015 provides limited liability protection and information disclosure protections for private-to-private and private-to-government cybersecurity information sharing. On February 16, 2016, two key U.S. agencies released a set of documents describing how CISA’s provisions are expected to work in practice.
Recent developments in the United States suggest that cybersecurity of the maritime sector will come under increasing focus in 2016. On December 16, 2015, H.R. 3878, “Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015,” passed the House of Representatives. The Bill’s language echoes and expands upon recommendations made by the General Accountability Audit in its June 5, 2014 study Maritime Port Cybersecurity. It also reflects congressional focus on enabling cybersecurity information sharing as seen in the recent passage of the Cybersecurity Information Sharing Act.