At a glance.
- More on the FTC’s call for comment on commercial surveillance rule-making.
- Coinbase accused of employing inadequate user protections.
- NSTAC calls for required inventories of operational technology.
- US CyberCom and NSA join forces to fight election interference.
More on the FTC’s call for comment on commercial surveillance rule-making.
The US Federal Trade Commission (FTC) earlier this month announced its plans to create rules regulating commercial surveillance, defined as the “collection, aggregation, analysis, retention, transfer, or monetization of consumer data and the direct derivatives of that information.” In the advance notice of proposed rulemaking (ANPR), the FTC noted major areas of concern including inadequate data security, the impact on minors, lack of transparency in regards to how data is analyzed, discriminatory practices, and attempts to influence consumer choices. The ANPR notes that by using its Section 18 trade regulation authority, once the rules are created the FTC would be able to impose civil penalties for first-time violations. Cooley offers a list of the main categories of questions the ANPR asks, which include inquiries about how commercial surveillance practices or lax security measures harm consumers (including minors), how the FTC could balance costs and benefits, and how the FTC can go about regulating harmful commercial surveillance. The deadline for submitting comments will be sixty days after the notice is published in the Federal Register
Coinbase accused of employing inadequate user protections.
Cryptocurrency exchange Coinbase has been hit with a class action lawsuit alleging that the platform has been negligent in protecting user data from cyberattacks. The Recorder explains that Coinbase previously incurred large fines for vulnerabilities found on the platform, but the lawsuit claims the exchange's security issues persist, allowing hackers to continue to infiltrate users’ cryptocurrency wallets. Specifically, the suit alleges that Coinbase customer Manish Aggarwal lost more than $200,000 in Bitcoin after cybercriminals hacked into his account. The suit also notes a 2021 breach in which hackers stole the funds of over six thousand Coinbase customers. Coinbase’s website claims the platform’s “best-in-class storage,” “industry-leading security,” and “state-of-the-art encryption” have made it the “most trusted crypto exchange,” but plaintiffs say these claims are false. “Unfortunately, Coinbase’s representations regarding the security of its platform have proven untrue. Despite claiming to be ‘the only crypto exchange to have never been hacked,’ Coinbase has been hacked and had customer funds stolen in multiple instances within the last two years,” the court documents read.
NSTAC calls for required inventories of operational technology.
On Tuesday the National Security Telecommunications Advisory Committee (NSTAC), a group of private sector experts that advise the White House on telecommunications issues, approved a report recommending that the Cybersecurity and Infrastructure Security Agency (CISA) require all Federal civilian agencies to catalog all of their operational technology (OT) devices and systems. MeriTalk notes that the move is the latest response to the Biden administration’s request that NSTAC focus on “enhancing internet resilience in 2021 and beyond.” The report states that the convergence of OT and information technology systems, and the security impact of that convergence, are “poorly understood.” The tech needed to improve OT cybersecurity exists, but the cyber workforce required to implement such tech is scarce. “The biggest gap is that end users, including federal government owners and operators, have not prioritized resources to address the cybersecurity of these systems and networks at the appropriate levels,” the report states. To remediate these issues, the NSTAC urges CISA to issue a binding operational directive (BOD) requiring all Federal civilian agencies to maintain an annually updated inventory of all OT devices, software, systems, and assets. “Once federal agencies clearly understand the vast and interconnected nature of their OT devices and infrastructure, they can then make risk-informed decisions about how to prioritize their cybersecurity budgets,” NSTAC states.
US CyberCom and NSA join forces to fight election interference.
There are just seventy-four days until the American midterm elections, and the US Department of Defense (DoD) offers an overview of the actions US Cyber Command and the National Security Agency (NSA) are taking to defend US election systems against cyberattack. The Cybercom-NSA Election Security Group (ESG), co-led by Air Force Brigadier General Victor Macias and NSA senior executive Anna Horrigan, was established earlier this year to synchronize the two groups’ efforts. Their goals are to generate insights on foreign adversaries who may interfere or influence elections; strengthen domestic defense by supporting information sharing among interagency, industry, and allied partners; and penalize foreign actors seeking to undermine democratic processes. US Army General Paul M. Nakasone, commander of Cybercom and Director of NSA stated, “This is an enduring, no-fail mission for US Cyber Command and the National Security Agency, who bring unique insights and actions to the whole-of-government effort. Together, we bring speed and unity of effort against any foreign adversary who might seek to undermine our democratic institutions.”