As 2016 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner. These posts cover many different provisions and aspects of drafting commercial, outsourcing, and technology contracts:
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
On December 1, the nonpartisan Commission on Enhancing National Cybersecurity (Commission) released a report on securing and growing the national economy. This report includes six imperatives for enhancing cybersecurity (and suggested action items to support each imperative) that will require significant commitment, cooperation, and collaboration between the public and private sector to implement.
US President Barack Obama charged the Commission with identifying ways to enhance cybersecurity while
- protecting privacy;
- ensuring public safety and economic and national security;
- fostering discovery and development of new technical solutions; and
- bolstering partnerships between federal, state, and local governments and the private sector in developing, promoting, and using cybersecurity technology, policies, and best practices.
The Commission found six major imperatives containing 16 recommendations and 53 action items in the report.
In a recent post, we noted that the US federal government has become increasingly concerned about the security of Internet of Things (IoT) devices. On November 15, the US Department of Homeland Security (DHS) issued guidance to help stakeholders account for security in the development, manufacturing, implementation, and use of IoT devices.
The set of nonbinding principles and suggested best practices for IoT device security includes the following:
- Provide manufacturer-supplied usernames and passwords that are unique and difficult for botnets to crack (in recognition of the fact that many consumers never reset default usernames and passwords initially provided with their devices).
- Coordinate software updates among third-party vendors to ensure consumer devices have the most updated set of protections.
- Implement an end-of-life strategy and communicate to consumers the risks of using devices beyond their usability dates.
- Apply basic software security and cybersecurity practices while also referring to industry-specific security guidance, if available.
- Perform “red-teaming” exercises—during which developers actively try to bypass the security measures of an IoT device—and use the results to prioritize what and where additional security measures are needed.
- Advise consumers about the intended purpose of any network connections—especially since the critical functions of many IoT devices do not require a connection to the internet.
As of December 1, 2016, new regulations promulgated by the US Copyright Office will take effect regarding the “safe harbor” provision of the Digital Millennium Copyright Act (DMCA). The regulations affect internet service providers and others whose websites allow third parties to post content, such as chat rooms or discussion forums, by requiring electronic filing for designating DMCA agents and renewals every three years.
For more information, read the full LawFlash written by our colleagues David O. Johanson and Jane W. Wise: DMCA Safe Harbor Protection Requires Action Under New Copyright Regulations.
On Thursday, December 1, Morgan Lewis partner Andrew J. Gray IV will host the breakfast program “What Technology Companies Need to Know about Electronic Contracting” at Morgan Lewis’s Silicon Valley office. Morgan Lewis partner Peter M. Watt-Morse will present on various issues related to electronic contracting, including the following:
- Traditional contracting meets electronic commerce
- Browse-wrap vs. click-wrap terms and conditions
- Digital signature update and practical uses
- Block-chain (peer-to-peer electronic contracting)
Please join us on Wednesday, December 7 at 12:00 p.m. eastern time, when partner Barbara Melby and Becton Dickinson Assistant General Counsel Marie Fattell will present the webinar “Technology Transactions in 2017: Trends and Challenges.” The presenters will cover some of the challenges raised by technology trends and potential changes to key contract provisions.
Topics will include the following:
- The many faces of cloud as a service
- The drive to automation
- Increased use of data analytics
The annual State CIO Survey by the National Association of State Chief Information Officers (NASCIO) for 2016 found that the number of states outsourcing their IT applications and services has increased—with two-thirds of states outsourcing at least some IT infrastructure operations and almost two-thirds using a managed services model for some or all IT operations. The survey also found that state CIOs reported an interest in reducing state owned and operated data centers and expanding the use of IT shared services and managed services in the future.
Verizon’s annual report investigating data breach information finds that phishing—which it defines as malicious correspondence involving a link or attachment to install malware on the victim’s computer or system—is still the most successful form of cyberattack. This year, the report analyzed data from almost 100,000 security incidents and more than 3,000 data breaches in 82 countries. The report found that the majority of breaches are from external actors with a financial motive.
Other report highlights include the following:
- Consistency is key in patching software vulnerabilities. The median amount of time between a vulnerability being published and an exploitation of such vulnerability occurring is 30 days—indicating that broad coverage may be more important than speed in the implementation of software patches. The report makes recommendations for developing an approach to remediating vulnerabilities, including focusing on the top vulnerabilities followed by vulnerabilities with known exploits, as well as identifying other risk mitigation strategies for those vulnerabilities that do not have, or cannot receive, a patch.
Recent attempted cyberattacks that used Internet of Things (IoT) devices to effect the attempted attacks have led to growing concern within the federal government over the security of such devices and the potential such devices have to launch future attacks.
On October 25, Senator Mark Warner (D-VA), a member of the Senate Select Committee on Intelligence, wrote a letter to Federal Communications Commission (FCC) Chairman Tom Wheeler asking Chairman Wheeler to respond to a series of questions regarding the tools needed to prevent cyberattacks using IoT devices. Senator Warner sent similar inquiries to the Federal Trade Commission (FTC) and the Department of Homeland Security’s National Cybersecurity & Communications Integration Center.
KPMG reported in a quarterly survey that the global business services (GBS) model (which delivers core business processes such as finance and accounting, human resources, information technology, sourcing and procurement, and internal customer care to organizations) shows continued growth and maturation, in part because of the accelerated use of process automation. This continued growth in the use of the GBS model was particularly notable in larger organizations located in North America and Europe.
As organizations look beyond administrative processing, process and cognitive automation, digital labor and machine intelligence are becoming necessary elements of the GBS model. The benefits of using automation include
- the ability to allocate resources more strategically,
- improved performance and/or accuracy of the activities performed,
- the ability to capitalize on data analytics, and
- improved competitiveness.
The survey also notes more advanced automation options on the horizon, including technology that can conduct pilot programs or be deployed in live environments.
The survey mentions certain challenges organizations face when implementing process automation, such as the unification of disparate IT systems and the prohibitive cost of the most advanced cognitive automation options. However, Robert Bolton, a partner of KPMG in the United Kingdom, stated that “[W]e will see significant use of robotic process automation and cognitive enhancement in GBS in future years, to the extent that the initial level for all front-line GBS responses will be through an artificial intelligence.”