On February 9, 2023, the UK announced the designation of seven individuals said to be part of a Russia-based cybercrime gang under the UK’s thematic cyber sanctions regime pursuant to The Cyber (Sanctions) (EU Exit) Regulations 2020. The designations were coordinated with the US. Concurrently, HM Treasury’s Office of Financial Sanctions Implementation (“OFSI”), in partnership with other HM Government (“HMG”) organisations, published guidance on sanctions and ransomware, which addresses the impact of ransomware payments, cyber resilience, and HMG’s approach to enforcement of financial sanctions breaches related to ransomware attacks.
Cybersecurity
All Things Seem to Come in Threes: The EU Continues with its Sanctions Against Cyber-Attackers for the Next Three Years
On 16 May 2022, the Council of the EU (the Council) decided for the third time to prolong its restrictive measures against cyber-attackers threatening the EU, its Member states or its allies. The measures are set to remain in place for a further three years until May 18, 2025. The Council’s press release on this…
Cybersecurity Community Beware: US Finally Enacts “Intrusion Software” Rule
They have been almost a decade in the making, but have finally arrived: new U.S. export controls on “cybersecurity items,” including products and technology involving “intrusion software” and IP network communications surveillance. Published today but effective January 19, 2022, the interim final rule from the U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) amends the Export Administration Regulations (“EAR”) to add these new cybersecurity export controls. The interim final rule is highly technical and complex, but ultimately contains a mix of good news and bad for the cybersecurity community. BIS states in its press announcement that the rule is only intended to restrict “malicious cyber activities,” but it nonetheless imposes compliance obligations and costs even when activities ultimately are not restricted. At least in this sense, the rule will impact the entire cybersecurity sector.
…
Continue Reading Cybersecurity Community Beware: US Finally Enacts “Intrusion Software” Rule