At a glance.
- The difficulties of clawing funds back from thieves’ wallets.
- “China’s GDPR.”
- New pipeline cybersecurity directive.
The difficulties of clawing funds back from thieves’ wallets.
Politico explains the technical and political reasons why the US may struggle to address cybercriminals’ cryptocurrency abuses. Not only do threat actors hide laundered funds in hard-to-reach self-hosted wallets and privacy-oriented decentralized exchanges, but the hundreds of exchanges that exist across the globe are governed by different, occasionally conflicting rules. Pakistan, Myanmar, Syria, and Ghana are hotbeds of crypto crime, for example, as developing nations’ regulatory maturity lags. The enforcement powers of the Financial Action Task Force—the international body charged with coordinating global crypto standards—are limited, while the US State Department’s cyber efforts are scattered, and the US Treasury Department’s Financial Crimes Enforcement Network’s resources are strained.
Possible solutions include tying foreign aid to crypto regulations, rallying G7 and G20 allies to unify standards, and sanctioning exchanges that won’t get on board.
JD Supra introduces a series unpacking the industry impact of Beijing’s proposed Personal Information Protection Law (PIPL). The first article of the series highlights probable increases in damage claims, public interest litigation, and awarded damages. The piece also describes the shift to the presumption of fault, which places the burden of proof on the data handling defendant, and underscores the importance of careful recordkeeping.
New pipeline cybersecurity directive.
JD Supra dives into the Transportation Security Administration’s (TSA’s) second pipeline Security Directive, “Security Directive Pipeline-2021-02: Pipeline Cybersecurity Mitigation Actions, Contingency Planning, and Testing,” as well. As we’ve seen, the non-public Directive requires owners and operators of designated pipelines and liquefied natural gas operations to create an emergency plan, undertake annual cybersecurity assessments, and enact anti-ransomware and other mitigations. TSA also plans to update its voluntary guidance for non-critical operations, but regulators may still pursue compulsory industry-wide rules.