© 2014 western digital corp. all rights reserved. company confidential legislative & regulatory...
TRANSCRIPT
© 2014 WESTERN DIGITAL CORP. ALL RIGHTS RESERVED. Company Confidential
Legislative & Regulatory Activities Involving Cyber Security
Bob BowenMay 2015
© 2014 WESTERN DIGITAL CORP. ALL RIGHTS RESERVED. Company Confidential2
Cyber SecurityLegislative & Regulatory Activities
Data Breach Safeguards and Remedial Actions
~47 different state standards re: notification and remedial actions sense that this is untenable but no consensus on a single federal
standard major interests: financial services, retailers, and privacy/consumer
rights
Information Sharing
companies seek liability protection re: sharing threat or attack information
potential legal problems could include failure to safeguard PII, antitrust questions, investor lawsuits, and confidentiality/privilege waiver risks.
could also be discoverable through FOIA requests some points of agreement but significant divergence remains
fate of PII, recipient of data, usage of data, scope of protection major interests: ross-industrial business interests, privacy
advocates, law enforcement, and national security officials
© 2014 WESTERN DIGITAL CORP. ALL RIGHTS RESERVED. Company Confidential3
Cyber SecurityData Breach - Particulars
Data Breach in the Legislative Branch
currently 6 bills in the Senate and 3 bills in the House many cater to particular interests (financial services, retailers,
privacy/consumer, etc.) and, in so doing, are opposed by competing interests
Ex: the financial services industry supports the Carper/Blunt bill but opposes the Warner bill; the retail industry opposes the Carper/Blunt bill but supports the Warner bill. Neither support the Leahy bill.
unlikely that any of these bills will move over the summer
Data Breach in the Executive Branch
National Institute of Standards and Technology Framework and Roadmap from 2014
currently the leading documents on voluntary measures by the private sector
Federal Trade Commission “Start with Security” initiative aimed primarily at initial design of products for the Internet of Things
Growing Securities and Exchange Commission interest public statements that Boards must pay greater attention to cyber
security Increasing Federal Communications Commission attention
recent guidance to internet service providers
© 2014 WESTERN DIGITAL CORP. ALL RIGHTS RESERVED. Company Confidential4
Cyber SecurityInformation Sharing - Particulars
Information Sharing in the Legislative Branch
2 bills passed the House in April (one sponsored by Devin Nunes) bills differ in oversight entity – Department of Homeland
Security vs. Office of the Director of National Intelligence 4 bills at varying stages in the Senate (including companions to
those passed by the House) movement will likely pivot on how PII is scrubbed, held, and
deleted.
Information Sharing in the Executive Branch
Executive Order 13691 in February 2015 pulls from 2003 law establishing Information Sharing and
Analysis Organizations encourages establishment of ISAO’s under the direction of the
Department of Homeland Security to gather, analyze, and disseminate cyber threat information
recent DHS notice of availability of $11M grant to fund an ISAO Standards Organization.