Cybersecurity Developments in the U.S. and the EU
Everyone is talking about cybersecurity. Articles appear almost daily regarding significant cybersecurity events. And over the past two years, the drumbeat for action on the issue of cybersecurity and the protection of the nation’s critical infrastructure has grown louder and louder. In the context of the current debate on cybersecurity, virtually everyone agrees that cyberthreats are real, as evidenced by highly publicized cyberevents, such as the recent denial of service attacks on banks. Virtually everyone also agrees that protecting critical infrastructure is an important goal. Nonetheless, little consensus has been reached, particularly in the U.S. Congress, on the “appropriate” approach to protecting the nation’s critical infrastructure from cyberthreats.
Within the context of ongoing Cybersecurity Developments, virtually everyone agrees that cyber-threats can happen at any time. Virtually everyone also agrees that protecting critical infrastructure is an important goal. But little consensus has been reached, particularly in the U.S. Congress, on the appropriate approach to protecting the nation’s critical infrastructure from cyber-threats.
The U.S. Executive Branch and the EU Commission weighed in on the issue in February 2013. President Obama released his long-awaited and highly anticipated cybersecurity executive order, which directed the U.S. government to take various steps to protect the nation’s critical infrastructure from cyber-threats.
Similarly, the European Commission published a proposed directive on network and information security for “market operators.” The EU directive, once finalized and transposed into member-state legislation, would apply to all “market operators” providing a service in the EU/EEA, including operators of critical infrastructure in the energy, transport, banking, finance, and health sectors, as well as “information society” service providers, such as e-commerce platforms, payment gateways, social networks, search engines, and cloud providers.
While neither the executive order nor the EU directive has been immediately or directly applicable to companies, both point to the fact that legislation is likely coming around the world, and companies should begin to prepare now to comply with the key components of possible cybersecurity legislation.
Learn more about our Privacy + Data Security practice and what sets us apart from our competitors.
Privacy Group of the Year
Legal 500 Media, Technology and Telecoms Regulatory Firm of the Year
“With regard to international data privacy and security issues, they have more lawyers who are knowledgeable in this area, more collective experience and better worldwide resources.” - Chambers USA 2013
Morrison & Foerster Privacy / Data Security Partner Andrew Serwin Joins Board of National Cyber-Forensics and Training Alliance
©1996-2017 Morrison & Foerster LLP. All rights reserved.