A
really interesting article about a really interesting question.
Merck
cyberattack’s $1.3 billion question: Was it an act of war?
… NotPetya’s
impact on Merck that day — June 27, 2017 — and for weeks
afterward was devastating.
… In
all, the attack crippled more than 30,000 laptop and desktop
computers at the global drugmaker, as well as 7,500 servers,
according to a person familiar with the matter. Sales,
manufacturing, and research units were all hit. One researcher told
a colleague she’d lost 15 years of work. Near Dellapena’s
suburban office, a manufacturing facility that supplies vaccines for
the U.S. market had ground to a halt. “For two weeks, there was
nothing being done,” Dellapena recalls. “Merck is huge. It
seemed crazy that something like this could happen.”
As
it turned out, NotPetya’s real targets were half a world away, in
Ukraine, which has been in heightened conflict with Russia since
2014. In the former Soviet republic, the malware rocketed through
government agencies, banks, power stations — even the Chernobyl
radiation monitoring system. Merck was apparently collateral damage.
… Merck
did what any of us would do when facing a disaster: It turned to its
insurers. After all, through its property policies, the company was
covered — after a $150 million deductible — to the tune of $1.75
billion for catastrophic risks including the destruction of computer
data, coding, and software. So it was stunned when most of its 30
insurers and reinsurers denied coverage under those policies. Why?
Because Merck’s property policies specifically excluded another
class of risk: an act of war.
… In
early 2020, experts will
testify behind closed doors as to what constitutes an act
of war in the cyber age. The case could be settled at some point —
or it could drag on for years before going to trial.
The
challenge for insurers is to show that NotPetya was an act of war
even though there’s no clear definition in U.S. law on what that
means in the cyber age.
(Related)
When
do cyberattacks deserve a response from NATO?
… These attacks been a concern within the
United States as well, which has lead
to new approaches that
involve daily engagement in cyberspace as a way to confront or delay
these events.
… “States have a huge responsibility to talk
about their understanding of international law … That’s how you
create the understanding of what it would be that would facilitate
answering those questions,” she said.
As an example, Jordan mentioned the position taken
by the UK attorney general, who acknowledged in May 2018 that a
cyber operation, no matter how hostile, never violates sovereignty.
On the other hand, the French outlined a stance in September 2019
that remote cyber operations that cause effects are, indeed, a
violation of sovereignty.
The United States has yet to officially state an
opinion on this subject.
Just
regular, everybody does it, espionage?
North
Korea Hackers Breached Indian Nuke Reactor In Search For Advanced
Thorium Technology
North
Korea is trying to get its hands on advanced nuclear technology at
any cost. One of India’s largest nuclear plants, the Kudankulam,
located in the southern state of Tamil Nadu was recently attacked by
North Korean hackers.
Privacy
theater?
Portland, Oregon,
aims to ban the use of the controversial technology not only by city
government, but also by private companies.
The
impact of CCPA. No need to block personalized ads if personal data
was never collected.
Google
Will Enable Websites to Block Personalized Ads Under CCPA
With
just weeks to go until the California Consumer Privacy Act (CCPA)
goes into effect in January 2020, Internet companies such as Google
are already taking early, proactive steps to ensure that they will be
in full compliance. At the end of November, Google announced that it
would enable websites and apps to block personalized ads as part of
its CCPA compliance efforts. This new law is similar to the European
General Data Protection Regulation (GDPR) in that it
requires companies give customers the right to opt-out of personal
data collection. Since personalized ads require detailed
information that has been collected from a user’s personal profile
in order to be targeted effectively, it is easy to see why these ads
would be covered under the new CCPA.
Some
tips for building a Best Practices approach.
Talend
Report Showcases Low GDPR Compliance Rates for Data Subject Access
Requests
More
than 18 months after the European General Data Protection (GDPR) went
into effect, companies and public sector organizations worldwide are
still having a very difficult time complying with a key GDPR
provision that requires them to respond to any Data Subject Access
Request (DSAR) in less than a month. In fact, Talend’s
new survey shows
that less than half (42%) of all companies and public sector
organizations were able to respond to a Data Subject Access Request
within the stipulated time period.
Futurist
perspective.
From
algae to AI, the 12 themes experts predict will shape the world in 50
years
Here
are the 12 main themes that emerged:
Specific
sites my students should avoid. (Wink, wink)
No comments:
Post a Comment