2015 Cyber Law Trends
The Georgetown Law’s hosted their third annual Cybersecurity Law Institute last week. The event was co-sponsored by the American Bar Association Cybersecurity Legal Task Force, Bloomberg BNA, and the Center for Internet Security. The agenda included speakers from the FBI, Department of Justice, and cybersecurity counsel from major corporations. The audience comprised corporate counsel as well as outside counsel.
Key trends and comments that relate to all businesses include:
Continued importance of advance planning for cyber incident response. In many if not all cases, law enforcement agencies will need to be included in the response.
The government is likely to handle the issues outside of the business’s network, but counsel will need to be involved with issues within the business.
The Federal Trade Commission is playing an expanded and aggressive role in cyber enforcement.
The FBI continues to see cyber threats from three distinct layers: nation state entities, terrorists, and organized crime. A major future threat the FBI is concerned about is the spread of destructive malware.
The Department of Justice reiterated its position that hacking back is illegal. There are many negative side effects of hacking backing, including hampering an investigation, harming innocent third parties, and risk of escalation.
Insider cyber threats to intellectual property continues to be a challenge for many businesses. One recommended approach for investigation is to have a small team investigate suspicions. Continuous monitoring of employees raises privacy concerns. Any such monitoring should be designed with the law and company culture in mind.
The Department of Defense is expanding its interest in controls of sensitive but unclassified data. There is an abundance of data captured and retained by many businesses. Data protection may need to be expanded to many categories of data.
Boards of Directors should consider have separate meetings with tech-savvy members to discuss IT issues, beyond standard board topics.
The legal field continues to expand its coverage in cyberspace, with focus on such topics as data breaches, privacy, data retention, and cyberattack prosecution. The intersection of cyber law with cyber insurance is also a developing focus. Businesses of all sizes will find they need to include their attorneys in cyber protection efforts as well as cyberattacks.
For more information, please join us on Twitter.