Volume 4, Issue 1, 2023
Welcome to the first issue of Decoded for 2023. As we all know, the world of technology moves fast. Changes are constant and the impacts of those changes affect every aspect of our personal and business lives. We are committed to bringing you top news stories, trends and an understanding of those changes with each issue of Decoded.
We hope you enjoy this issue and, as always, thank you for reading.
Nicholas P. Mooney II, Co-Editor of Decoded, Chair of Spilman’s Technology Practice Group, and Co-Chair of the Cybersecurity & Data Protection Practice Group
and
Alexander L. Turner, Co-Editor of Decoded and Co-Chair of the Cybersecurity & Data Protection Practice Group
Big Boosts to Cybersecurity and Tech Funding in $1.7T Omnibus Bill Signed by Biden
“The bipartisan fiscal 2023 omnibus spending agreement includes $2.9 billion for the Cybersecurity and Infrastructure Security Agency, a $313 million increase over its current budget as well as $1.6 billion for the National Institute of Standards and Technology, an increase of $397 million for the agency.”
Why this is important: With cybersecurity risks increasing and evolving moving into 2023, the federal government is taking steps to help secure our cyber infrastructure. The recent passing of the 2023 omnibus spending agreement included additional funds for a variety of federal agencies in order to strengthen our cybersecurity apparatus. The Cybersecurity and Infrastructure Agency (“CISA”) received $1.3 billion for its cybersecurity programs. This is a $230 million increase over last year. While this increase in funding is intended to help CISA improve the country’s cybersecurity, it does come with some significant strings. CISA is currently a year late in providing Congress with its force structure assessment, which includes its organizational planning, staffing, and budgeting. In order to force CISA to provide the necessary documentation for Congressional oversight, the omnibus funding included a caveat that CISA will be fined $50,000 for every day it is late in providing Congress with its quarterly briefing. Congress is getting serious about holding CISA accountable, and will not allow it to continue to skirt Congressional oversight.
The omnibus also included additional cybersecurity funding for other federal agencies. $200 million has been allocated for the Department of Energy’s Cybersecurity, Energy Security, and Emergency Response (“CESER”) in order to protect our vulnerable power grid. The Treasury Department also received $100 million in funding for the Treasury Department’s Cybersecurity Enhancement Account, which is a $20 million increase over last year. Congress also allocated $50 million funding to protect against cyberattacks by foreign adversaries like Russia, China, Iran, and North Korea. This included tasking the Federal Trade Commission to collect and report on international cyberattacks committed by foreign actors. While this increase in funding indicates that Congress is taking cybersecurity more seriously, the U.S. still lacks a comprehensive cybersecurity law that streamlines cybersecurity compliance throughout the entire country. As it stands now, companies operating nationally have to comply with a myriad of cybersecurity and privacy laws, which leads to confusion and increased costs. If Congress wants to positively impact cybersecurity in the U.S., it needs to pass comprehensive cybersecurity and privacy legislation. — Alexander L. Turner
FBI Blames North Korea for $100 Million Crypto Heist
“The bureau said ‘a portion’ of the $60 million was frozen, but did not specify how much.”
Why this is important: This article provides an update to earlier articles about a hack committed by threat actors linked to the North Korean government in which they were able to steal approximately $100 million in cryptocurrency from Harmony, a California-based cryptocurrency firm. U.S. government officials are concerned that the North Korean government will use the proceeds of this and similar compromises to fund its illicit nuclear and ballistic weapons program. The article explains, without revealing details, that the threat actors attempted to launder over $60 million of the money stolen in the compromise, and the FBI was able to freeze an undisclosed portion of it. In addition to hacks like this one, North Koreans have posed as people from other countries to gain employment at cryptocurrency firms. Once employed, they have used their positions to send funds back to North Korea. This article shows the need to be vigilant against cyberattacks perpetrated through hacks and compromises, but also highlights the need to be aware of compromises that can take place outside of the cyber realm. — Nicholas P. Mooney II
U.S. Supreme Court Seeks Biden Administration View on Florida, Texas Social Media Laws
“The justices are considering taking up two cases involving challenges to the state laws – both currently blocked – brought by technology industry groups NetChoice and the Computer & Communications Industry Association that count Twitter , Meta Platforms Inc’s (META.O) Facebook and Alphabet Inc’s YouTube (GOOGL.O) as members.”
Why this is important: Both Texas and Florida have passed statutes that undercut efforts by social media companies to block users based on the companies’ determination of what material is objectionable. Both laws restrict these blocking attempts, but apparently current federal law does not. Current federal court cases block the application of these state laws, and the U.S. Supreme Court is considering this matter. It has asked the executive branch to weigh in on this issue. — Hugh B. Wellons
Contech Trends to Watch in the New Year
“As builders adapt to economic, supply chain and labor challenges, they’re turning to technology to boost performance.”
Why this is important: All of the turmoil of 2022 (the war in Ukraine, supply chain issues, inflation, and labor shortages) have left contractors working hard to keep their businesses afloat. This article discusses some of the ways that construction technology, or contech, is helping. New software applications that manage employees and schedule workflows are becoming more prevalent. Like virtually every other industry, the construction industry also needs to be mindful of cybersecurity issues and take advantage of available software applications and best practices. Financial technology, or fintech, applications may change the way contractors are paid and address the always-present issue of late payments (which cost contractors $208 billion in 2022). At bottom, contech solutions are becoming a welcome way for contractors to address some of the problems inherent in the industry and some that came about as a result of the turmoil of 2022. Contractors should consider how these and other technology solutions can aid them in keeping their businesses thriving. — Nicholas P. Mooney II
Maryland and Mississippi Lawmakers Consider Biometric Data Protection Bills
“Consent must be collected, whether in written or digital form, and restrictions would be applied to disclosing or selling biometric data.”
Why this is important: Your biometric data tells the tale of who you are in intricate detail. Often, your biometric data is used to verify your identity at work or school. Currently, Illinois has the most comprehensive biometric privacy law in the country with the Illinois Biometric Information Privacy Act. Maryland and Mississippi look to join Illinois in protecting their citizens’ biometric data. Maryland has already had the first reading of HB 33, the Commercial Law-Consumer Protection-Biometric Data Privacy bill. HB 33 would require private companies that hold the biometric data of Maryland citizens to “publish policies, establish a retention schedule and data destruction guidelines within certain timeframes.” HB 33 will also require companies to obtain consent from a consumer before collecting the consumer’s biometric data, and it establishes a set of security requirements. Importantly, HB 33 establishes a private right of action, along with being enforceable pursuant to the Maryland Consumer Protection Act.
Mississippi’s proposed Biometric Identifiers Privacy Act is similar to Maryland’s HB 33 insofar as it requires companies to “publish policies for the biometric data they hold, including a retention schedule and data destruction policy[,]” and requires the consumer to consent to the collection of the consumer’s biometric data. Mississippi’s proposed legislation allows employers to collect employee’s biometric data, but limits the use of the data, including preventing the use of employee biometric data to track the employee. While the Mississippi Biometric Identifiers Privacy Act allows for a private right of action just like Maryland’s proposed legislation, Mississippi’s proposed legislation also allows consumers to “demand information about what biometrics of theirs are held, the source of the data, what it has been used for, whether it was disclosed to any third parties, and if so who those third parties are.” If your company needs assistance complying with the data privacy and biometric privacy laws in the states you operate in, please contact Spilman’s cybersecurity and data privacy practice group. — Alexander L. Turner
Scammers are Now Impersonating the Agency Tasked with Going After Scammers
“The Federal Trade Commission reports it is now being used in ‘imposter scams,’ where crooks impersonate government, law enforcement or legal enforcement agencies in an attempt to get people to send money to resolve an ‘issue.’”
Why this is important: A long-time scam of home invasion crews has been to cover front door cameras and bang loudly, claiming they are the police. Most homeowners let them in! Like a low budget science-fiction movie, the…
