At a glance.
- Important deadlines for platforms covered by the Digital Services Act.
- Making the Bureau of Cyber Statistics a reality.
- Police operation takes down international cybercrime gang.
- US National Cyber Director retires.
Important deadlines for platforms covered by the Digital Services Act.
The EU’s Digital Services Act (DSA), which came into effect last November, is a broadening of the Electronic Commerce Directive aimed at holding online platforms responsible for removing illegal content. Cooley offers a primer for companies to make sure they’re compliant with this new regulation. The DSA applies to all intermediary service providers that have a “substantial connection” with the EU. In other words it not only applies to companies established in the EU, but any company that has a significant number of users in an EU country or targets their activities toward an EU member state. These companies have until February 17, 2023 to publicly disclose the average monthly active recipients of their service in the EU, and must update this every six months. The European Commission will use this information to determine which providers should be considered “very large online platforms” (VLoPs). And all online intermediaries subject to the DSA have until February 17, 2024 comply with the measure’s new requirements.
Making the Bureau of Cyber Statistics a reality.
Among the many recommendations from the US’s Cyberspace Solarium Commission was a call to establish a Bureau of Cyber Statistics (BCS). While raw data on US cyber incidents is plentiful, only a fraction of the information is being properly analyzed. Outgoing national cyber director Chris Inglis has been vocal about the need for a dedicated bureau to correct the cyber data gap. “I think all would agree that in the absence of this information, we are going to be episodic, we are going to be uneven, and perhaps less-than-optimal in our response to any of these threats which reflect all of us,” Inglis stated last year. However, nearly three years have passed since the Commission’s recommendation and the BCS has not materialized. CyberScoop discusses how to make the BCS a reality sooner rather than later. Creating a new bureau from scratch is a challenging undertaking, but an incremental approach could allow the organization to start small, and expand its scope over time. A first phase could focus on collecting data from federal agencies and anonymized data reported to the Cybersecurity and Infrastructure Security Agency under the Cyber Incident Reporting for Critical Infrastructure Act. By starting with a smaller pool of data, the BCS would have a chance to test out its techniques and processes while demonstrating its worth, making more organizations willing to share data with the bureau. As well, applying a clear structure to the reporting process would make technical analysis more effective and help the BCS ensure the reporting mechanism is user-friendly.
Police operation takes down international cybercrime gang.
Law enforcement agencies in Spain, Panama, and the US, along with Europol, conducted an operation that took down an international cybercrime ring based in Madrid and responsible for stealing more than $5.3 million. Using a combination of phishing, social engineering, smishing, and vishing techniques, the gang conducted an advanced scheme that convinced American firms and individuals to part with their banking details. Security Week reports that the fraudsters registered over one hundred bank accounts, defrauding over two hundred victims with the total losses possibly surpassing $7.5 million. In addition to arresting eight individuals in Madrid and one in the US state of Florida, authorities also seized big-ticket items like jewelry and electronic devices including mobile phones, tablets, and laptops. Law enforcement also blocked seventy-four bank accounts, freezing over $500,000 in assets.
Ave atque vale, Mr. Inglis.
Chris Inglis retires today as National Cyber Director. He was the first occupant of that office, and he acquitted himself with distinction.
Vishaal ‘V8’ Hariprasad, CEO of Resilience, offered a brief and grateful appreciation of Chris Inglis's tenure as the first US National Cyber Director. "Chris Inglis’ departure comes at a time when integrating cyber defenses as part of our national defense has never been more important. He strove to bring together public and private enterprise under a “shared understanding of a common threat,” and what he wrote about the importance of that goal has proven prescient. Mr. Inglis, who plans to step down next week, wasted no time working to forge a unified effort to protect not just American cybersecurity interests, but to rebuild trust in a digital world."
Bruce Byrd, Executive Vice President and General Counsel from Palo Alto Networks, also offered a warm farewell: "As the country’s first National Cyber Director, Chris Inglis has added to his distinguished public service career and built an invaluable team to help protect the United States from cyber adversaries. We thank him for his partnership as we look forward to continuing to work alongside his successors in the Office of National Cyber Director."
We join these and others in extending thanks for his service, and our sincerest best wishes as Chris enters the next phase of a distinguished life.