The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Information Sharing

  • From Vol. 2 No.25 (Dec. 14, 2016)

    Presidential Commission Recommends Ways For Public and Private Sectors to Improve Cybersecurity 

    Cybersecurity has been a focus of the current administration. To look beyond the current term, however, a nonpartisan commission appointed by President Obama recently issued an extensive report recommending short- and medium-term actions for the Trump administration and the private sector to take over the next five years to improve cybersecurity, while protecting privacy, fostering innovation and ensuring economic and national security. See also “White House Lays Out Its Broad Cybersecurity Initiatives” (Feb. 17, 2016) and “Gibson Dunn Attorneys Discuss the Impact of Obama’s Executive Order Creating New Tools to Fight Cyber Attacks” (May 6, 2015).

    Read Full Article …
  • From Vol. 2 No.22 (Nov. 2, 2016)

    FBI Veteran Discusses Using Law Enforcement’s Cyber Resources to Improve Security and Obtain Board Buy-In

    One key to smooth relations with law enforcement after a breach is establishing a connection before there is any trouble, John Riggi, now a managing director at BDO and the former Chief of the FBI’s Cyber Division Outreach Section, told The Cybersecurity Law Report. One way to develop that relationship is to invite the FBI to give a threat brief to the board of directors, he said. Riggi is a 30-year FBI veteran who worked on the government’s partnerships with the private sector for the investigation and exchange of information related to national security and criminal cyber threats. In our interview, he addressed how the FBI views its relationship with the private sector, the various ways companies of different sizes can take advantage of the FBI’s resources, the concerns companies may have when working with the FBI and the government’s role in the Yahoo breach. See also “Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe?” Part One (Jun. 22, 2016); Part Two (Jul. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.21 (Oct. 19, 2016)

    Taking Action to Refocus on Security: Conversation With a CIO 

    Each sector faces both industry-specific as well as general data security risks. One challenge is implementing general cybersecurity best practices while also addressing the company's unique vulnerabilities. Ken Kurz, vice president of information technology and chief information officer at Corporate Office Properties Trust, a real estate investment trust focused on government and defense contractors, spoke with The Cybersecurity Law Report about evaluating current security efforts and taking substantial proactive steps involving people and technology to address the company’s priorities. See also “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two)” (May 6, 2015); Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.20 (Oct. 5, 2016)

    ISAO Organization Releases a Roadmap to Cyber Threat Information Sharing 

    Sharing critical information regarding cyber threats is a valuable way to combat attacks, public and private sector entities agree. However, there are substantial obstacles to the growth of sharing platforms, including creating trust among the parties and planning the logistics of setting up a system. In an effort to help overcome these obstacles, encourage more sharing networks and ensure effective sharing across them, the Information Sharing and Analysis Organizations Standards Organization has released an initial voluntary set of guidelines. “Hackers typically target multiple companies, often in the same industries; companies or other entities with similar missions often have similar cyber risk profiles,” Jeremy Feigelson, a partner at Debevoise, told The Cybersecurity Law Report. “The more we know about the risks our peers face and the solutions they are employing, the safer we all are.” See “Using Information Sharing to Combat Cyber Crime While Protecting Privacy” (Sep. 7, 2016).

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 7, 2016)

    Using Information Sharing to Combat Cyber Crime While Protecting Privacy 

    Sharing cyber intelligence information across respective industries is becoming an increasingly important way to predict and possibly prevent cyber attacks. Many companies, however, are not sharing data efficiently or at all. Alfred Saikali, Shook Hardy & Bacon partner, and Andrew Moir, a partner in the London office of Herbert Smith Freehills, shared their insights with The Cybersecurity Law Report on the importance of and best approaches to information sharing. They also highlighted issues companies should consider to protect themselves when engaging in the process, both from U.S. and U.K. perspectives. See also “How the Legal Industry Is Sharing Information to Combat Cyber Threats” (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 2 No.14 (Jul. 6, 2016)

    Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe? (Part Two of Two)

    With a mission to identify the perpetrator and to build a prosecutable case, law enforcement can help a company facing a cybersecurity incident. Working with law enforcement, however, often presents challenges for the company and its counsel. Preparation prior to the interaction can offer a smoother road. This second article in our two-part series provides expert insight on interacting with law enforcement when there has been a breach, including advice regarding the first call, the controls companies should have in place and the type of information law enforcement really needs. Part one covered concerns that arise when dealing with law enforcement officials, benefits of coordination and recommendations for when and how to establish a successful relationship with them. See also “Google, CVS and the FBI Share Advice on Interacting With Law Enforcement After a Breach” (May 11, 2016).

    Read Full Article …
  • From Vol. 2 No.9 (Apr. 27, 2016)

    Regulators Speak Candidly About Cybersecurity Trends, Priorities and Coordination

    Understanding the regulators’ priorities and concerns can help a company work effectively with them to investigate and respond to cybersecurity incidents. In a recent panel at the ABA National Institute on Cybersecurity Litigation, authorities from the DOJ, the SEC, the FCC and the Connecticut Attorney General’s office weighed in about the cyber threat landscape, their agencies’ enforcement priorities, strategies for collaboration (including when and how information shared with the government will remain confidential) and effective incident response. See also “Private and Public Sector Perspectives on Producing Data to the Government” (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 16, 2016)

    CSIS’ James Lewis Discusses Balancing Law Enforcement and Privacy

    “Surveillance to keep me safe from crime and terrorism is bad, but surveillance to sell me deodorant is good?” James Lewis, director and senior fellow at the Center for Strategic and International Studies, and author of Securing Cyberspace for the 44th Presidency, posed this and other questions in a conversation with The Cybersecurity Law Report about the tension between law enforcement and privacy concerns. He also shared his candid and colorful views on, among other things, the ongoing dispute about law enforcement’s access to the San Bernardino shooter’s iPhone, and how the public and private sectors can coordinate cybersecurity efforts. See also “White House Lays Out Its Broad Cybersecurity Initiatives” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.5 (Mar. 2, 2016)

    How the American Energy Industry Approaches Security and Emphasizes Information Sharing

    The North American bulk power system, a large, complex machine consisting of thousands of generation plants and thousands of miles of transmission lines, has become a model for cybersecurity, according to Marcus Sachs, senior vice president and chief security officer of North American Electric Reliability Corporation, a not-for-profit regulatory authority. In this guest article, Sachs discusses how the industry has avoided loss-of-load events due to a cyber or physical attack on a power plant, and steps the industry is taking to address cyber threats, including its continued focus on information sharing, where it has been a leader for other sectors. Sachs will be a panelist at the Financial Times Cyber Security Summit on March 16, 2016 in Washington, D.C. See also “Energy Industry Demonstrates Public-Private Cybersecurity Coordination” (Oct. 14, 2015).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    Opportunities and Challenges of the Long-Awaited Cybersecurity Act of 2015

    After years of discussions, numerous draft bills and extended debates about the privacy and liability risks associated with information sharing, on December 18, 2015, President Obama signed into law the Cybersecurity Act of 2015 as part of the omnibus spending bill.  Title I of the Act, Cybersecurity Information Sharing (CISA), establishes a framework for sharing and receiving cyber threat information among the private sector and federal government entities.  It shields companies from liability for sharing cyber threat information in accordance with certain procedures, as well as for specific actions undertaken to defend or monitor corporate networks.  Saxby Chambliss, DLA Piper partner and former U.S. Senator who served on the Senate Select Committee on Intelligence and sponsored an earlier cybersecurity bill, told The Cybersecurity Law Report that this Act “is going to be beneficial to both big and small companies.  It is another tool in the toolbox that allows companies to protect their systems and the information that is on them.”  However, Shahryar Shaghaghi, BDO Consulting’s managing director and technology advisory leader, cautioned that CISA will also pose “potential challenges” to companies in terms of the resources required to share cyber threat information and perceived privacy risk.  See also “How the Legal Industry Is Sharing Information to Combat Cyber Threats” (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 1 No.16 (Nov. 11, 2015)

    What Companies Can Learn from Cybersecurity Resources in Pittsburgh

    Cyber crime is a serious threat – it cripples companies, damages economies, funds terrorism, launders drug money and bleeds the assets of individuals, according to the DOJ.  Often this cyber war is waged from shadows overseas (and often in the form of corporate cyber espionage).  Companies should be using a broad array of tools to prevent and mitigate the effect of international and domestic cyber crime, such as information sharing, sufficient cyber insurance as well as a thorough breach response plan that includes proper notification and preservation of evidence for future actions.  As K&L Gates attorneys Mark A. Rush and Joseph A. Valenti describe in a guest article, one place where law enforcement and the private sector have come together is Pittsburgh, where a string of major cyber crime cases has recently been prosecuted.  Developments there can serve as a model for cybersecurity measures across the country and across industries.  Rush and Valenti describe cybersecurity best practices before, during and after a breach, as well as some unique ways government officials as well as companies in Pittsburgh specifically are handling cyber crime.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

    With threat vectors increasing at least as rapidly as new technology, companies need to be well-versed in how to recognize and prevent cyber attacks.  In the second installment of our coverage of PLI’s recent Cybersecurity 2015: Managing the Risk program, two top-level executives and leaders in cybersecurity, Jenny Menna, U.S. Bank’s cybersecurity partnership executive, and Greg Temm, vice president for information security and cyber intelligence at MasterCard, tackle mitigating cyber risk.  They discuss, among other things: information sharing efforts; eight important components of an information technology ecosystem; and how to prevent cyber attacks at home and in the office.  In the first article in the series, they addressed the current cyber landscape, prevalent threats, and responses to those threats that are being implemented by the government, regulators and private companies.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    Energy Industry Demonstrates Public-Private Cybersecurity Coordination

    Through presidential proclamation, October has been named the twelfth National Cyber Security Awareness Month (NCSAM).  Throughout the month, many governmental agencies and private enterprises will participate in panels, conferences and other events throughout the country to emphasize cyber risks and best practices.  For example, speakers at the U.S. Chamber of Commerce’s Fourth Annual Cybersecurity Summit included top officials at the U.S. Department of Homeland Security and in the Department of Energy and private sector leaders such as the CEO of Southern Company.  They emphasized the NCSAM theme this year – “Our Shared Responsibility” – by focusing on how the private and public sector can work together to strengthen cybersecurity and diffuse cyber threats.  See also our series featuring FBI Director James Comey's discussion of the “‘Evil Layer Cake’ of Cybersecurity Threats,” The Cybersecurity Law Report, Vol. 1, No. 5 (Jun. 3, 2015); and “Cooperation among Domestic and International Cybersecurity Law Enforcement Communities,” Vol. 1, No. 6 (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 1 No.12 (Sep. 16, 2015)

    How the Legal Industry Is Sharing Information to Combat Cyber Threats

    “There’s only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners,” President Obama said earlier this year.  Private efforts and proposed legislation are promoting increased information-sharing within industries, across sectors and between industry and government, and assuaging fears companies may have about participating.  The legal industry is working with Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit organization founded in 1999, to establish its own group, the Legal Services Information Sharing and Analysis Organization.  Cindy Donaldson, FS-ISAC’s vice president of products and services, discussed with The Cybersecurity Law Report how the organization, which is also working with the real estate and retail sectors, operates.  See also “Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients,” The Cybersecurity Law Report, Vol. 1, No. 5 (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Shifting to Holistic Information Governance and Managing Information as an Asset

    As companies store more and more data and increasingly rely on that data for a variety of purposes, they are starting to integrate data management into all aspects of the business.  In this interview with The Cybersecurity Law Report, Donna L. Wilson, a partner at Manatt, Phelps & Phillips and co-chair of the firm’s Privacy and Data Security practice, discussed how companies should be implementing holistic information governance as part of enterprise risk management by stressing the importance to the board of directors, designating a corporate “conductor” to bring various stakeholders within the organization together, and conducting an internal inventory to understand what information assets the company has and needs to protect.  Wilson also commented on the efforts to share threat information between and among financial firms and law firms.

    Read Full Article …