Question

What is the Cyber Security Enhancement Act? Provide some examples of court cases that involved violations of this act. What are some of the punishment(s) if someone is found guilty? (150+ words, no copy and paste from other sources please.)

Answer 1

In USA, cyber security has been a long time concern for the government and private sector. The growth in Information Technology and E-commerce sector in the United States have given rise to cyber crimes, causing a huge loss to the US government and its people. Cybersecurity regulation has directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access to systems which make private data of the individuals vulnerable to public domain.

The Cybersecurity Information Sharing Act was introduced on July 10, 2014 during the 113th Congress and was approved on Dec 18, 2014. This act was brought to provide security for ongoing projects, voluntary public-private partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness, and for other purposes.

There are three main federal cybersecurity regulations -
- 1996 Health Insurance Portability and Accountability Act (HIPAA)
- 1999 Gramm-Leach-Bliley Act
- 2002 Homeland Security Act, which included the Federal Information Security Management Act (FISMA)

This regulation mandated that healthcare organizations, financial institutions, and federal agencies should protect their systems and information. However, these rules are not foolproof in securing the data and require only a “reasonable” level of security. It is advisable that organizations become proactive about the security of their apps and data. Cyber criminals are always on the prowl & are becoming sophisticated in their approach to attack. For the same reason, companies should keep a regular check on their systems to identify any vulnerabilities and address the loopholes immediately.

Number of data breaches in the United States from 2013 to 2018 has been constantly rising in the various sectors of Banking and Financial, Business, Educational, Government & Military, Medical & Healthcare. Few examples taken here to explain violations and punishments :-

1. July 2019 - Federal Trade Commission (FTC) Fined Facebook Company - $5 Billion for data breach of its users

The U.S. Justice Department and the FTC officially announced a privacy settlement with Facebook that includes a record-setting $5 billion fine. Now for this violation, CEO Mark Zuckerberg has been ordered to submit quarterly and annual reports to show that the company is in compliance with the FTC order.

2. Aug 2019 - Health Insurer Premera Blue Cross was fined for 2014 data breach

A federal judge has granted preliminary approval for a $74 million settlement of a consolidated class action lawsuit against health insurer Premera Blue Cross stemming from a 2014 data breach that affected 11 million individuals. The penalty for this violation includes Fines, Damages to person, Settlement Amount for victims and 2 years credit monitoring and insurance services. Now organization will have to invest more money to security enhancements than to victim reimbursement.

3. Aug 2019 - Another major IT and Networking company CISCO was caught under False Claims Act, for glitch in security software sold to government

Cisco has agreed to pay $8.6 million to settle a whistleblower lawsuit that claimed the networking company sold video surveillance software to local, state and federal agencies over a six-year period that contained serious security vulnerabilities. Despite knowing about the flaws in the software, Cisco continued to sell these products to various government agencies and organization between 2008 and 2014, according to the attorneys' statement.

Glenn brought the lawsuit against Cisco in 2011 under a U.S. law called the which permits individuals to report fraud and misconduct in federal government contracts and programs by filing a lawsuit on the government's behalf. The act also provides for financial compensation to person who reported crime, based on recovery by the government.

Therefore, this act helps to protects the User Data by ensuring IT security are being implemented and followed by all, Governments, Private companies and Users and any violations are correctly reported and handled by judiciary.