HomeLegal BlackBook
TM
CyberInsecurity
May 2018
David Hechler, Editor-in-Chief
W
e live in an Age of Conflict. It’s everywhere we look. And the challenges of
cybersecurity are grounded in, and manifestations of, that conflict. Cyberattacks erupt from political conflict, international conflict, economic conflict—the gamut. And they’ve certainly added to the pervasive global tension.
Another troubling trend we’ve seen in the past year has been the erosion of so many longstanding alliances. Countries that have long been allies are on the outs. Brexit and the
rise of nationalism have shaken the European Union to its core. The United States feels a little less stable, and a little more isolated, every day. These developments have been particularly dispiriting to witness because alliances seem to be our best chance of mitigating the problems.
In this issue, in our own small way, we explore the power of alliances. First we look at an alliance of maritime companies working to boost their common cyber defense.
Then we have a piece about the Cybersecurity Tech Accord, and the 34 companies that vowed to make the world safer from cyberattacks.
And our expert article talks about the ways companies need to partner with their service providers in order to enhance the security of both entities.
These are three very different kinds of alliances, but they all make a world of sense. They possess the key components that successful alliances have always needed: they’re designed for the mutual benefit of the partners, and they make them all a little more secure.
Here’s hoping there’s a resurgence of alliances this year.
EDITOR'S NOTE
I
JUNE 2018
David Hechler, Editor-in-Chief
t’s reached the tipping point. Recently I had dinner with friends
who had no connection with the law, and they were the ones who brought up the GDPR. They weren’t quite sure about the letters, or the order, and they weren’t sure what it stood for. But even after I said “General Data Protection Regulation,” they still wanted to talk about it. And they had lots to say about privacy.
For those of us who have been living with those letters, we’re only just out of the starting gate. But already it feels as though
we’ve been overloaded. And yet... when we interviewed Reed Smith partner Bart Huffman, an expert on privacy and security, it didn’t feel that way at all. In fact, he covered so much information that struck us as essential reading for lawyers that, rather than edit it down, we decided to publish Part One in June (Culture Shift, Courtesy of Europe) and Part Two in July.
Another article is about the opposite of a tipping point (call it the ticking point), Eighteen months ago, Florida became the first state in the country to mandate tech training for lawyers. But since then, not one state has followed Florida’s lead (Florida Adopted Mandatory CLEs in Tech. Where Are the Followers?).
A subject we return to often in this publication is how and when companies decide to cooperate with the government when they’re dealing with breaches. Kimberly Peretti discusses this issue, and, as a former senior litigator at the U.S. Department of Justice, she passes along four tips suggesting how companies can maximize the benefits of cooperating (Working With the Government After a Breach).
Finally, the article we lead with in this issue is an interview with the Association of Corporate Counsel’s chief legal officer, Amar Sarwal, who digs into ACC’s recently released State of Cybersecurity Report—its first in three years (Cyber Survey Underscores Dour Perspective of In-House Lawyers).
What’s particularly valuable about this report is in the subtitle: an in-house perspective. The survey reveals what these lawyers are experiencing, and some of the most interesting data reflects not just what they know, but what they don’t.
Sarwal takes an unflinching look at a pretty grim landscape and delivers a lucid analysis. It’s one of his skills that we have come to appreciate during his eight years at the organization. By the time you read this, however, he will have departed from his post there for a job closer to home. Literally. We hope he’s appreciated at his new work place. We wager that his old one will find him hard to replace.
S
April 2018
may want to download, and a story that suggests this field may have achieved household-name status.
Also new: our first article by an outside expert. Steven Senz, a consultant who has worked in data security for more than two decades, talks about the questions a client is already trying to navigate months before the EU’s General Data Protection Regulation takes effect in late May. By now the GDPR should be provoking widespread anxiety. This is a good opportunity, Senz points out, for general counsel to emphasize that information security at their companies is everyone’s responsibility.
We also have two interviews this month. One is with Andrea Bonime-Blanc, who has a book coming out in April on artificial intelligence. In our conversation, she explains why now is the time for general counsel and boards of directors to work with management to craft an AI strategy—before their competitors find ways to use it to disrupt them out of business.
The second returns to a subject we find particularly provocative: When and how should companies cooperate with the government? We interviewed a staff attorney at the Electronic Frontier Foundation who has been investigating a cozy relationship between retailer Best Buy and the FBI—too cozy, the attorney suggests.
Finally, we reviewed Cisco’s Annual Cybersecurity Report for the purpose of advising lawyers who don’t have a tech background whether it’s both accessible and worth reading. Since we’re sharing our conclusions, you can probably guess what we think.
Enjoy the spring. Thanks for tuning in. And let us know what you think.
pring at last! A time of renewal. In this, our second issue of CyberInsecurity, renewal is
a bit redundant. It’s all pretty new. But we have added two features in this issue that you can expect to find each month.
First, there’s a new section called Cybersecurity in the News. We know that you keep up with the big events; these short takes focus on smaller fare that you may have missed. This month, for instance, we cue up some surprising statistics, a new cybersecurity lexicon you
interview with Rand researcher Sasha Romanosky delves into some of these issues
(Challenges in Cybersecurity Provoke Conflict between the Public and Private Sectors). But there always seems to be another angle. It may surprise some readers to learn that the government has a history of tech innovation, and some new programs established at universities are designed to lure entrepreneurial students to beat a path to Washington rather than Silicon Valley. And they’re actually winning converts
Finally, it wouldn’t be a new year if we didn’t feature a crystal ball somewhere in the mix. We invited a legal expert to talk to us about two articles that had important things to say. One predicted what we can expect this year; the other warned what we should fear (Predictions and Threats for the Year in Cybersecurity).
We’ll be back with another issue of CyberInsecurity next month. Until then, please let us know what you think. Your comments and suggestions are always welcome.
March 2018
W
elcome to Legal BlackBook, a platform that features writing about the legal arena.
The subject of the moment, and it’s a moment that’s likely to last for some time, is cybersecurity. Or, as we call this newsletter, CyberInsecurity. And if you're wondering whether your insecurity is justified, we've included survey data in a graphic that should provide confirmation (What the Numbers Say).
One facet of this subject that’s been fascinating to watch is the complicated relationship between government and business. Are they friends, enemies, frenemies?
The government can pass along tips to protect companies from attack. It can also pressure them to provide access to their customer information, which may be less welcome. Our