At a glance.
- UN struggles to define cybercrime.
- FTC prepares to enforce health data reporting regulation.
- India inaugurates cyber training program for government officials.
UN struggles to define cybercrime.
Last month the United Nations’s (UN) Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes convened for the first time since its creation two years ago. The committee’s purpose is to establish a global treaty that will facilitate international cooperation and coordination on cybercrime by 2024, and one of the committee’s first goals is to agree upon a unified definition of the word “cybercrime. This is a daunting task, as some UN members wish to include “cyber-enabled” crimes like fraud, sexual abuse, and arguably any illicit activities that are expedited or supported by digital technology. Just Security explains that the effort is further complicated by the push from some nations to include content-related activities – inciting terrorism, spreading disinformation, and copyright infringement – a slippery slope that could lead to criminalizing protected expression and violating human rights.
FTC prepares to enforce health data reporting regulation.
The US Federal Trade Commission (FTC) over ten years ago created a Health Breach Notification Rule dictating that data breaches resulting in the compromise of consumers’ identifying health data be reported to the impacted individuals, the FTC and, in some cases, the media. Law.com explains that the FTC has not actively enforced the rule, but now, as developments in healthcare tech like apps, portals, and wearable devices have made the collection of health data more prevalent, the commission is showing signs of changing its approach. Last September the FTC announced it had determined that the rule applies to breaches of most health apps, connected devices, and similar tech. Then in January the commission issued two publications to better explain which entities are covered by the rule and what must be done if a breach occurs. FTC Chair Lina Khan confirmed that the commission will be taking a more aggressive approach to data security practices, stating that they will use available solutions to “reflect the latest best practices in security and privacy.”
India inaugurates cyber training program for government officials.
On Monday, the Indian National Security Council Secretariat launched its National Cyber Exercise (NCX), a cybersecurity training seminar aimed at educating over one hundred forty officials to better fight internal and external cyberthreats. At the inauguration, the Hindustan Times reports, national security advisor Ajit Doval spoke about the importance of safeguarding the country against cyberagression, stating, “Any threats in cyberspace directly impact our social, economic, and national security and therefore we need to safeguard our cyberspace.” He went on to say that the country is undergoing a digital revolution, and the NCX is intended to equip strategic leaders with the tools necessary to combat cybercrime. As the Sentinel Assam explains, the NCX, taking place from April 18 to April 29, is a joint program in association with the National Security Council Secretariat (NSCS) and the Data Security Council of India and supported by the Defence Research and Development Organization. An NSCS official stated, “The participants will be trained on various key cyber security areas such as intrusion detection techniques, malware information sharing platform (MISP), vulnerability handling and penetration testing, network protocols and data flows, and digital forensics.”