February 2011

Many cyber-security threats involve theft of trade secrets. Trade secrets are traditionally protected under state law, with many states having adopted a version of the Uniform Trade Secrets Act. Many different types of confidential information may be protected as a trade secret, potentially including items such as software and code, business plans, customer lists, and supplier lists. To qualify as a trade secret, the information generally must have been not generally known to the public, must have been subject to reasonable efforts to maintain its confidentiality, and must be of actual or potential economic value. Persons who gain access to or secure trade secrets by improper means - which could include hacking, improper copying of computer files, or walking out the door with hard copy materials - may be liable for trade secret violations. Trade secret statutes typically provide for broad civil remedies, including injunctive relief, compensatory damages (or a reasonable royalty), and a form of punitive damages. Of course, the specifics can vary from state to state, so check with a lawyer licensed in your jurisdiction for more specific information. Particularly in the cyber context, there are federal laws, such as the Computer Fraud and Abuse Act, that may also provide remedies.

This post continues after the jump.

read more

CBC reported yesterday regarding a potentially major cyber attack on Canadian government systems. The attack involved three government agencies, including the Defence Research and Development Canada, the Finance Board and the Treasury Board. According to the report, the attack permitted access to confidential data, and forced the Finance Board and Treasury Board to go off line for an extended period. CBC is also reporting that the attack was traced back to servers in China. Click here to access the CBC article. The Chinese government subsequently denied responsibility.

The attack on a sophisticated western government underscores the risk of hacking and cyber attacks. Although there is no proof that the Chinese government was involved in this episode, concerns about state sponsored attacks are increasing. A private hacker, however, can do plenty of damage, as can a disgruntled insider. The risks are increasing, as is the need for vigilance.

read more

In our blog, Roy and I (as well as our other contributors) try to keep readers aware of developments regarding cloud computing and cyber security, as well as available resources. Here is a link to an informative article from EurActive.com that covers many of the key issues (from a European point of view). The article contains links to many additional resources. The article is worth reading.

read more

In today’s environment where cyber attacks are often launched to disrupt businesses or for political purposes, most C-level executives don’t realize that cyber attacks are happening every day and that the primary target of most of these attacks are their companies’ trade secrets.

According to a recent report by the security firm McAfee, the oil and gas industries have been the victims of repeated attempts to steal sensitive company information. According to the McAfee report, many if not most of these attacks are believed to originate from hackers in China. McAfee has given these attacks a name, “Night Dragon,” and outlines in their report how the attackers penetrate a company’s networks through compromised desk top computers and web servers, often by-passing safety guards by misusing company administrative credentials and other remote administrative tools.

More on this topic, after the jump.

read more

Roy Hadley and I were recently interviewed by Steve Berstler of Lexis/Nexis on legal issues involving cloud computing for its legal business community. Click here to listen to the podcast.

We enjoyed talking to Steve and hope you enjoy the podcast. read more

The recent security breaches at Nasdaq have raised serious questions about the integrity of the country’s computerized trading systems. As we move more and more to cloud based computer operations, the need for information security is becoming even more important.

Apparently, Nasdaq recently discovered several breaches of its computer systems. This is concerning because Nasdaq apparently handles almost 20 percent of the United States’ stock trades. You can read more about the breach here. While it does not appear that the actual trading systems were compromised, other systems were. Obviously, this is concerning to Nasdaq’s business partners whose data is on the Nasdaq systems.

People trade on Nasdaq because they believe that it is secure and trust that the playing field is level. People buy from your business because they trust that your systems are secure. Are they? read more

Deutsche Welle is reporting that NATO is working with IBM to consider a private cloud-based system for its operations. The reasons include lower cost, interoperability, and access to information across multiple jurisdictions. Potential barriers include privacy concerns, legal and regulatory issues across multiple jurisdictions and obtaining consent among NATO's 28 member countries. All of these issues are familiar to readers of this blog. read more