From: Ian Robson <[log in to unmask]> Date: Thu, 18 May 2017 15:35:37 +0000 Thanks for the clarification, Chris. What impact do you think ransomware could have on a publisher's internal systems? If a publisher experienced a ransomware attack, is it conceivable that this could affect their ability to serve licensed content and/or provide administrative support? Best, Ian Ian Robson Head, Collection Development Dana Porter Library University of Waterloo 200 University Ave. West Waterloo, Ontario, Canada N2L3G1 +1 519 888 4567 ext. 31586 -----Original Message----- From: "C.H.J. Hartgerink" <[log in to unmask]> Date: Wed, 17 May 2017 01:43:37 -0400 Ransomware occurs on the end-user's equipment; incorporating that into an agreement implies that the publisher would be responsible for the end-user's computer, which doesn't make sense. One scenario is that one could incorporate something into a license that publishers will maximize security of the platform for the end-user, which would be more versatile if a range of cyber-attacks occur. But this would be accompanied with liability, and I am unsure whether that commitment will go through negotiations. Something that can be addressed in licenses fairly easily, and is a larger threat I think, is that of publisher websites not using HTTPS. It allows for someone in the network to hijack the content being served really easily. For example, ScienceDirect isn't HTTPS by default and if someone in a hospital network would hijack that domain and replace all mentions of a drug (e.g., "norepinephrine" with "glucose"; this is simple to do for any cyber-attacker) it could affect treatment decisions. There are many scenario's I can imagine that would be detrimental to society and science. I recommend to include a clause for any agreement that the publisher commits to serving their content and platform only in HTTPS. This is super easy to do with tools like CertBot, so insufficient funds are for most publishers not a problem. Cheers, Chris -------- Original Message -------- From: "Maher, Stephen" <[log in to unmask]> Date: Tue, 16 May 2017 19:22:53 +0000 Random questions about ransomware: Is ransomware and other malware a concern to publishers in relation to making its content accessible online to its customers? Can/should we call for specific language in our licenses with publishers that addresses the threat of ransomware? (e.g. in the event a publisher's contents are blocked due to ransomware) Thank you, Stephen Stephen Maher, MSIS | Assistant Director NYU Health Sciences Library 212.263.8935 [log in to unmask]