Legal Issues

 

 

https://sm.asisonline.org/Pages/December-2018-Legal-Report.aspxDecember 2018 Legal ReportGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-12-01T05:00:00Zhttps://adminsm.asisonline.org/pages/megan-gates.aspx, Megan Gates<h4>​Judicial Decisions​</h4><p><strong>Cybercrime.</strong> A Russian national pleaded guilty to his role in operating one of the largest botnets on the Internet that infected at least 50,000 computers.</p><p>Botnets are networks of computers that have been infected with malicious software that gives third parties the ability to control the network without the knowledge—or consent—of the computer owners.</p><p>Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty to one count of causing intentional damage to a protected computer, one count of conspiracy, one count of wire fraud, and one count of aggravated identity theft.<br></p><p>“Since the late 1990s until his arrest in April 2017, Levashov controlled and operated multiple botnets, including the Storm, Waledac, and Kelihos botnets, to harvest personal information and means of identification (including email addresses, usernames and logins, and passwords) from infected computers,” according to the U.S. Department of Justice (DOJ). “To further the scheme, Levashov disseminated spam and distributed other malware, such as banking Trojans and ransomware, and advertised the Kelihos botnet spam and malware services to others for purchase in order to enrich himself.” Kelihos, one of the Internet’s largest botnets, infected at least 50,000 computers.<br></p><p> Levashov also moderated and participated in online forums where stolen identities, credit card numbers, malware, and other cybercrime tools were traded and sold.</p><p>He participated in this activity until apprehended by Spanish authorities in April 2017 and extradited to the United States. His sentencing is scheduled for September 6, 2019. <em>(U.S. v. Levashov, </em>U.S. District Court for the District of Alaska, No. 3:17-cv-00, 2018)</p><p><strong>Corruption.</strong> Former manager of a U.S.-based logistics and freight forwarding company Juan Carlos Castillo Rincon, 55, pleaded guilty to a foreign bribery charge for his role in a scheme to secure contracts and extensions for Venezuela’s state-owned and state-controlled energy company.<br></p><p>Castillo pleaded guilty to one count of conspiracy to violate the Foreign Corrupt Practices Act (FCPA) for conspiring with others between 2011 and 2013 to bribe a Petroleos de Venezuela S.A. (PDVSA) official, Jose Orlando Camacho, 46.<br></p><p> In exchange for the bribe, Camacho helped Castillo’s company obtain PDVSA contracts, contract extensions, and favorable terms. Camacho also gave Castillo inside information about the PDVSA bidding process and supported Castillo’s company in meetings on purchasing decisions.</p><p>Camacho also pleaded guilty to conspiracy to commit money laundering, admitting in his plea that he conspired with Castillo to launder the proceeds of their bribery scheme.<br></p><p>The two men’s guilty pleas led to additional charges by the DOJ against 18 individuals—14 have pleaded guilty—as part of a larger ongoing investigation into PVDSA. (<em>U.S. v. Castillo, </em>U.S. District Court for the Southern District of Texas Houston Division, No. 18-cr-200, 2018) ​</p><h4>Regulations</h4><p><strong>Elections.</strong> U.S. President Donald Trump signed an executive order that allows the United States to issue sanctions in the event of foreign interference in a U.S. election.</p><p>“Although there has been no evidence of a foreign power altering the outcome or vote tabulation in any United States election, foreign powers have historically sought to exploit America’s free and open political system,” Trump said in the order. “In recent years, the proliferation of digital devices and Internet-based communications has created significant vulnerabilities and magnified the scope and intensity of the threat of foreign interference, as illustrated in the 2017 Intelligence Community Assessment.”</p><p>Under the executive order, the U.S. federal government must create a process to assess the extent of foreign interference after every U.S. election. The order requires the U.S. director of national intelligence to assess information indicating whether a foreign government—or individual acting on that government’s behalf—acted with the intent to interfere in an election. </p><p>The director then must deliver the assessment to the president, the U.S. attorney general, and the secretaries of state, treasury, defense, and homeland security, who will analyze the information and make recommendations about responsive actions the U.S. government can take in response.</p><p>This includes blocking any property or interests of those involved in interfering with an election, along with additional economic sanctions against businesses in a country whose government authorized or directed interference in an election. ​</p><p>“In the Untied States, primary responsibility for managing elections resides with state, territory, and local authorities,” Trump said. “The federal government, however, plays an essential role in identifying and deterring foreign interference and supporting state and local officials to secure election infrastructure.”</p><div><br></div><h4>Legislation</h4><p><em><strong>United States</strong></em><br><strong>Disclosure.</strong> The U.S. House of Representatives Homeland Security Committee passed a bill that would require the U.S. Department of Homeland Security (DHS) to create a vulnerability disclosure process.</p><p>Under the bill (H.R. 6735), DHS would be required to create a vulnerability disclosure policy for outside researchers to report weaknesses they uncover in DHS’s websites or information systems.<br></p><p> To create this system, DHS’s secretary will consult the attorney general, the secretary of defense, the administrator of general services, and nongovernmental security researchers. The policy would then be made publicly available.</p><p>DHS would then be required to report to Congress the number of unique security vulnerabilities reported through the process, the number of previously unknown security vulnerabilities mitigated or remediated, the number of unique parties that reported security vulnerabilities, and the average length of time between the reporting of the vulnerability and its remediation.<br></p><p>U.S. Representative Kevin McCarthy (R-CA) sponsored the legislation, which has three Republican cosponsors. <br></p><p><strong>Terrorism. </strong>U.S. President Donald Trump signed legislation into law that imposes sanctions on individuals who assist in terrorism.<br></p><p>The law (P.L. 115-272) amends the Hizballah International Financing Prevention Act of 2015 to allow the United States to impose sanctions on foreign individuals who knowingly assist or provide support for fund raising or recruitment efforts for the terrorist organization Hizballah. The law also allows the United States to impose sanctions on foreign government agencies that provide Hizballah with arms, financial support, or other assistance, and Hizballah itself.<br></p><p>Additionally, the law creates reporting requirements for foreign individuals who knowingly assist or provide support for those aiding Hizballah; financial institutions that are owned or organized under the laws of state sponsors of terrorism; Hizballah’s racketeering activities; and more.<br></p><p><strong><em>U.S. States</em></strong><br><strong>California.</strong> California Governor Jerry Brown, signed legislation into law that for the first time in the United States sets standards for privacy and data security for Internet of Things (IoT) devices.</p><p>The law (formerly S.B. 327) requires connected devices manufacturers to equip them with a “reasonable security feature or features” that are “appropriate to the nature and function of the device”; “appropriate to the information the device may collect, contain, or transmit”; and are “designed to protect the device and any information contained in it from unauthorized access, destruction, use, modification, or disclosure.”</p><p>Devices are considered to have a reasonable security feature if they have a unique password and require users to generate a new means of authentication before accessing the device for the first time.</p><p>A California Senate Floor Analysis said the law is needed due to the amount of sensitive data that IoT devices collect that can be vulnerable to data breaches. </p><p>The analysis also stressed that many IoT devices “can be directly hacked into, allowing strangers to conduct surreptitious surveillance on homes or to communicate through devices directly.”</p><p><strong>Representation. </strong>California Governor Brown also signed legislation that requires companies to have more women on their boards.</p><p>Under the law (formerly S.B. 826), domestic general corporations or foreign corporations that are publicly held whose principal executive offices are in California are required to have one female board member by the end of 2019. </p><p>By 2021, these same companies must have two female directors if they have five directors total—or three female directors if they have six or more directors on the board.</p><p>“More women directors serving on boards of directors of publicly held corporations will boost the California economy, improve opportunities for women in the workplace, and protect California taxpayers, shareholders, and retirees…” according to the law. “Yet studies predict that it will take 40 or 50 years to achieve gender parity, if something is not done proactively.”</p><p>To ensure compliance, the California secretary of state will publish reports on corporations in compliance. The secretary may also impose fines on those not in compliance, beginning with $100,000 and increasing to $300,000 for repeat violations.</p><p><strong>Tennessee. </strong>Tennessee enacted a new amendment that allows employers to limit the ability of employees and others to carry concealed firearms at work.​</p><p>Under the amendment (formerly Public Charter No. 823), if employers want to limit concealed carry on their property, they must post prohibitions in prominent locations—including at all entrances—and include the following information: the phrase “NO FIREARMS ALLOWED” in a specified size, the words “As authorized by T.C.A. § 39-17-1359,” and a graphic of a firearm in a circle with a slash symbol.</p><div><br></div><div><h4>ELSEWHERE IN THE COURTS​<br></h4><p><strong>Hacking. </strong>Peteris Sahurovs, 29, was sentenced to 33 months in prison for participating in a “scareware” hacking scheme targeting visitors to the <em>Minneapolis Star Tribune’s</em> website, according to the U.S. Department of Justice. Sahurovs was convicted of conspiracy to commit wire fraud for registering domain names, providing hosting services, and giving technical support to a “scareware” scheme using fake ads for a hotel on the <em>Star Tribune’s </em>website. The ads would infect visitors’ computers with malware, causing slow system performance, unwanted pop-ups, and total system failures, and later demand payment for an antivirus service to fix the problems for $49.95.<em> (U.S. v. Sahurovs, U.S. District Court for the District of Minnesota, </em>No. 0:11-cr-00177, 2018)</p><p><strong>Maintenance. </strong>A resident filed suit against NiSource Inc. and its subsidiary, Columbia Gas of Massachusetts, after three communities it services experienced blasts and large-scale evacuations due to problems with gas services. The lawsuit alleges that the system Columbia Gas used to provide gas services was “poorly maintained, antiquated, obsolete, and highly dangerous.” It also accuses the company of failing to implement “reasonable safety and leak prevention practices,” and seeks damages on behalf of residents affected by the system. <em>(Acosta v. NiSource Inc., </em>Essex County Superior Court, 2018)</p><p><strong>Excessive force.</strong> Former Veterans Affairs Medical Center Police Department Officer Michael Kaim, 28, was sentenced to one year in prison and a fine of $1,000 for depriving a patient of his civil rights. Kaim shoved and repeatedly punched the patient, whom he was arresting outside of a medical center. The patient, who was not identified, sustained bodily injuries due to the incident. “Any law enforcement official who uses excessive force against an arrestee violates the Constitution, which is designed to protect the civil rights of all individuals, including veterans who sacrifice their lives for our freedoms,” said Acting Assistant Attorney General John Gore in a statement.<em> (U.S. v. Kaim,</em> U.S. District Court for the Southern District of Indiana, No. 1:18-cr-00012, 2018)</p><br></div>

Legal Issues

 

 

https://sm.asisonline.org/Pages/December-2018-Legal-Report.aspx2018-12-01T05:00:00ZDecember 2018 Legal Report
https://sm.asisonline.org/Pages/Legal-Report-Resources-November-2018.aspx2018-11-01T04:00:00ZLegal Report Resources November 2018
https://sm.asisonline.org/Pages/November-2018-Legal-Report.aspx2018-11-01T04:00:00ZNovember 2018 Legal Report
https://sm.asisonline.org/Pages/October-2018-Legal-Report.aspx2018-10-01T04:00:00ZOctober 2018 Legal Report
https://sm.asisonline.org/Pages/SM-Online-October-2018.aspx2018-10-01T04:00:00ZSM Online October 2018
https://sm.asisonline.org/Pages/October-2018-Legal-Report-Resources.aspx2018-10-01T04:00:00ZOctober 2018 Legal Report Resources
https://sm.asisonline.org/Pages/September-2018-Legal-Report.aspx2018-09-01T04:00:00ZSeptember 2018 Legal Report
https://sm.asisonline.org/Pages/Harassment-in-the-Academies.aspx2018-09-01T04:00:00ZHarassment in the Academies
https://sm.asisonline.org/Pages/SM-Online-September-2018.aspx2018-09-01T04:00:00ZSM Online September 2018
https://sm.asisonline.org/Pages/September-2018-Legal-Report-Resources.aspx2018-09-01T04:00:00ZSeptember 2018 Legal Report Resources
https://sm.asisonline.org/Pages/TOMANDO-VUELO.aspx2018-08-22T04:00:00ZTOMANDO VUELO
https://sm.asisonline.org/Pages/SM-Online-August-2018.aspx2018-08-01T04:00:00ZSM Online August 2018
https://sm.asisonline.org/Pages/August-2018-Legal-Report-Resources.aspx2018-08-01T04:00:00ZAugust 2018 Legal Report Resources
https://sm.asisonline.org/Pages/August-2018-Legal-Report.aspx2018-08-01T04:00:00ZAugust 2018 Legal Report
https://sm.asisonline.org/Pages/A-Screening-Minefield.aspx2018-08-01T04:00:00ZA Screening Minefield
https://sm.asisonline.org/Pages/July-2018-Legal-Report.aspx2018-07-01T04:00:00ZJuly 2018 Legal Report
https://sm.asisonline.org/Pages/July-2018-Legal-Report-Resources.aspx2018-07-01T04:00:00ZJuly 2018 Legal Report Resources
https://sm.asisonline.org/Pages/June-2018-Legal-Report.aspx2018-06-01T04:00:00ZJune 2018 Legal Report
https://sm.asisonline.org/Pages/June-2018-SM-Online.aspx2018-06-01T04:00:00ZJune 2018 SM Online
https://sm.asisonline.org/Pages/June-2018-Legal-Report-Resources.aspx2018-06-01T04:00:00ZJune 2018 Legal Report Resources

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/SM-Online-January-2018.aspxSM Online January 2018<h4>​SCHOOL SAFETY</h4><p>Campus security nonprofit <a href="http://safehavensinternational.org/" target="_blank">Safe Havens International </a>offers free school safety resources on its website that can be used in K-12 schools as well as for higher learning institutions. Documents include a <a href="http://safehavensinternational.org/wp-content/uploads/2014/08/K12_School_Crisis_Site_Planning_Evaluation_Tool.pdf" target="_blank">safety plan evaluation tool</a>, a building design checklist, and a sample background investigation booklet for the hiring process. Safe Havens International works with schools on national and international levels in planning, coordinating, and evaluating a wide range of school crisis simulations.</p><h4>​BIODEFENSE</h4><p>Despite a call for a united biodefense approach, U.S. federal agencies continue to face challenges in sharing threat information, according to <a href="https://www.gao.gov/products/GAO-18-155" target="_blank">a GAO report​</a>. A <a href="http://www.biodefensestudy.org/biodefense-indicators" target="_blank">2016 panel on biodefense</a> contends that the U.S. vice president should lead the nation’s biodefense efforts.</p><h4>CYBER STRATEGY</h4><p>Despite awareness of cyber risks, many companies remain unprepared to deal with them, according to PricewaterhouseCoopers’ <a href="https://www.pwc.com/us/en/cybersecurity/information-security-survey.html" target="_blank">The Global State of Information Security Survey 2018.​</a></p><h4>CRISIS COMMUNICATIONS</h4><p>SmartRiskSolutions GmbH <a href="http://www.smartrisksolutions.de/assets/handbook-crisis-management-crisis-communication-terrorist-attack-active-shooter.pdf" target="_blank">published a handbook​</a> with advice for crisis management and crisis communications during a terrorist attack or active shooter incident. </p><h4>ASIS ACCOLADES</h4><p>Attendees at the ASIS 2017 voted the Pelco by Schneider Electric VideoXpert Professional Video Management System an ASIS Accolades People’s Choice Award winner. The Judges Choice awardee was the intelligent security robot from Cobalt Robotics. <a href="https://securityexpo.asisonline.org/expo/Pages/Accolades-.aspx" target="_blank">Read about all the winners.​</a></p><h4>WHISTLEBLOWING REWARDS</h4><p>Financial incentives can discourage whistleblower reporting, <a href="http://aaajournals.org/doi/abs/10.2308/ajpt-51663?code=aaan-site" target="_blank">according to a new study.​​</a></p><h4>FIRE SAFETY</h4><p>The <a href="https://www.csemag.com/fileadmin/content_files/cse/Consulting-Specifying_Engineer_2016_Fire_and_Life_Safety_Report.pdf" target="_blank">2016 Fire and Life Safety Study</a> from Consulting-Specifying Engineer surveyed its subscribers on what matters to them when selecting a fire and life safety system. ​</p><h4>EMAIL</h4><p>The U.S. Department of Homeland Security <a href="https://www.cyberscoop.com/dhs-dmarc-mandate/" target="_blank">issued a binding directive ​</a>that requires all U.S. agencies to adopt email and Web security guards against phishing and spam.</p><h4>BOMBING CONVICTION</h4><p><a href="https://www.justice.gov/usao-sdny/press-release/file/911021/download" target="_blank">A jury convicted</a> Ahmad Khan Rahimi on eight charges related to bombings in New York City on September 17, 2016, which injured more than 30 people and caused millions of dollars in property damage.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465