Cybersecurity and Corporate Social Responsibility

Posted Leave a commentPosted in Cyber Risks, Cyber Surveillance

My article Cybersecurity, Encryption, and Corporate Social Responsibility has been published in the current edition of the Georgetown Journal of International Affairs.  I argue in this paper that “[c]ompanies such as Apple should recognize that they have a social responsibility to work with governments on security issues, and such a corporate social responsibility norm should […]

Bot Code, Norms, and Law

Posted Leave a commentPosted in Cyber Risks, Internet Governance

There’s a good post on Dark Reading by Ido Safruti about norms and etiquette for bot code.  According to Imperva’s most recent bot traffic report, bots comprise the majority of Internet traffic.  May bots are intentionally disruptive or misleading — for example, bots that create comment link spam on blogs.  Others are useful — for example, […]

Tabletop for NJSBA Second Annual Cybersecurity Conference

Posted Leave a commentPosted in Cyber Compliance / Regulation, Cyber Risks

Here is a tabletop exercise I drafted that we’ll be running at the Second Annual NJSBA Cybersecurity Conference. Acme Corp. manufactures and sells industrial control systems (ICS).  ICS devices integrate computer chips, hardware and software and can be programmed to monitor, regulate and control various components of commercial manufacturing, assembly and packaging plants.  For example, […]

WannaCry Ransomware and Legal Fault

Posted Leave a commentPosted in Cyber Insurance, Cyber Risks

The WannaCry Ransomware attack has spread throughout the world over the past week.  Fingers are pointing at Microsoft for the vulnerability in earlier versions of Windows, at the NSA for creating the leaked exploit, and at North Korea for allegedly perpetrating the attack.  There is blame to go around, but if we were to assess […]

Presentation on Cybersecurity and the Economic Loss Doctrine

Posted Leave a commentPosted in Cyber Risks, Data Breach Litigation

Here are the slides for my presentation on cybersecurity and the economic loss doctrine at the NJICLE 2016 Cybersecurity Conference.

Presentation on Law Firms and Cybersecurity

Posted Leave a commentPosted in Cyber Risks

Here are the slides for my presentation on law firms and cybersecurity at the NJICLE 2016 Cybersecurity Conference.

LabMD Enforcement Stayed

Posted Leave a commentPosted in Cyber Risks, FTC

The FTC’s enforcement action against LabMD has been stayed in an unusual grant of emergent relief by the Eleventh Circuit.  The FTC’s Opinion in LabMD essentially established a negligence balancing test for cybersecurity compliance.  A negligence balancing test requires a rough evaluation of the burden of avoiding a risk (B) compared to the probability of […]

The FTC, Ransomware, and You

Posted Leave a commentPosted in Cyber Compliance / Regulation, Cyber Crime, Cyber Risks

“Ransomware” is malicious software that enables attackers to hold computer data or a computer network hostage until a ransom is paid.  Ransomware often encrypts all the files on a system, making them unusable until the attacker supplies an encryption key.  An FBI Alert issued last week stated that ransomware infections are at an “all-time high.”  […]