At a glance.
- Satellite Cybersecurity Act reintroduced.
- CJEU rules on GDPR breach damage compensation.
- The expansion of the Counter Ransomware Initiative.
Satellite Cybersecurity Act reintroduced.
Last week US Senators Gary Peters, a democrat out of Michigan, and John Cornyn, a Republican from Texas, reintroduced the Satellite Cybersecurity Act, a bill focused on defending commercial satellite operators. As Via Satellite explains, the law advanced in the Senate when originally introduced last year but was not passed. The legislation requires the Cybersecurity and Infrastructure Security Agency (CISA) to consolidate voluntary satellite cybersecurity recommendations for companies and make satellite-specific cyber resources publicly available online. It also calls for the Government Accountability Office to conduct a study to better “understand how network vulnerabilities in commercial satellites could impact critical infrastructure.” Coryn stated, “Nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests. This bipartisan piece of legislation directs CISA to publish voluntary cybersecurity best practices for companies that own these satellites and ensure our most critical infrastructure is secure against foreign cyber threats.” Referencing Russia’s attack on Viasat’s KA-SAT ground network in Ukraine, Peters added, “We’ve already seen the impacts of attacks on satellite systems by our adversaries abroad, and the potential effects on our lives and livelihoods could be catastrophic if American systems were similarly attacked. This bipartisan bill will ensure that commercial satellite owners and operators have the tools and resources they need to strengthen their cybersecurity defenses.”
CJEU rules on GDPR breach damage compensation.
A landmark court decision from the Court of Justice of the European Union (CJEU) has set a precedent for damages compensation for breaches of the EU’s General Data Protection Regulation (GDPR). In the case in question, Österreichische Post, the company responsible for postal service in Austria, was found to have gathered data on the political affinities of the Austrian population in order to sell this information for election advertising purposes. The claimant said his info was collected without his consent and sued 1,000 euros in compensation for nonmaterial damage for internal harm. Dismissed in lower courts, the case went to the Austrian Supreme Court, which asked the CJEU to determine whether mere infringement of the GDPR was enough to justify the right to compensation. The CJEU determined that no, it was not, according to Article 82(1) of the GDPR. As the experts at Cooley explain, companies are likely pleased with the verdict, as it indicates they will not be expected to offer compensation for future GDPR infringements.
The expansion of the Counter Ransomware Initiative.
At a Ransomware Task Force event on Friday, White House Deputy National Security Adviser Anne Neuberger said that the Counter Ransomware Initiative has considered banning ransomware payments as a means to fight the rise of such attacks. “Fundamentally, money drives ransomware. For an individual entity, it may be that they make a decision to pay. But for the larger problem of ransomware, that is the wrong decision,” Neuberger stated. “There may be an individual entity – a major hospital or emergency services – that we just are committed to bringing those services back up as quickly as possible.” Still, she said, the Counter Ransomware Initiative has not yet made a decision, noting that while several states have banned government entities from meeting attackers’ ransom demands, there seems to have been no decrease in attacks. The Record adds that many experts predict a ban could cause more harm to victims. Recorded Future ransomware expert Allan Liska explains, “It may wind up reducing ransomware attacks in the longer term, but there will be a lot of pain in the short term, and by short term I mean years,” he said. The Record is an editorially independent unit of Recorded Future.”
Neuberger also discussed the Counter Ransomware Initiative’s evolution since its inception in 2021, including the establishment of the International Counter Ransomware Task Force, which is headed by Australia. She went on to emphasize the importance of international cooperation in the fight against ransomware, highlighting recent partnerships between the UAE, Israel, Nigeria, Germany, Singapore, and the UK. Neuberger explained, “Now, in this third year, we're focused on first expanding the tent, doing exercises. India and Lithuania each conducted an exercise in their region, recognizing the differences in time zones, so that countries can learn from each other.”