Why You Need to Focus On Cybersecurity
"If we were playing 1D chess before with terrorism, now we're playing 3D chess with cyber," says former FBI director Robert Mueller. He was one of a stream of high-level experts who spoke recently at the Georgetown Cybersecurity Law Institute. Mueller says we can benefit from lessons learned from combating terrorism, such as working together across different groups. The difference with cyber is that the private sector is where the intel lies.
We snapped Mueller being interviewed by fellow WilmerHale partner Ben Powell. Being prepared for the inevitable breach is essential to limiting its damage. Yet "I don't think it's hopeless at all," he said. You have to break down the components of the threat—both insider threats and various vectors like Russia, China, or terrorists—and address each vulnerability. To adequately manage threats, we have to marry the law enforcement and private sector sides, he says, in a way the public understands and accepts. Mueller added that there should be a statute protecting companies from liability for sharing information about attacks.
Under Secretary for the National Protection and Programs Directorate at DHS Suzanne Spaulding (right, with Hogan Lovells partner and former IBM chief privacy officer Harriett Pearson, a conference co-chair) also discussed having existing relationships with regulators and coordinating with the government on cybersecurity. She spoke about a new DHS program known as "C-Cubed," launched in February to help critical infrastructure companies adopt NIST's cybersecurity framework. They've talked to venture capitalists in Silicon Valley about ensuring their investments go to companies with good cyber hygiene, and worked with the ABA to encourage lawyers who do due diligence for M&A to include cybersecurity on their list of risk factors.
Leslie Thornton, right, GC of natural gas company WGL, says cybersecurity is the one area where you don't skimp or quibble over outside counsel fees. You want the best possible legal counsel with the relevant government experience. She spoke on a panel with SIGA Technologies GC and former DOD GC William Haynes, General Dynamics GC and former Jenner & Block managing partner Greg Gallopoulos (a conference co-chair), and AES US GC Michael Mizell. Greg added that he prefers a lawyer with a broad understanding of the whole industry (and a high-level security clearance doesn't hurt).
Tina Ayiotis, right, is a co-chair of the conference and had the idea behind its founding. Law firms can also be targets, she said (or in cyber-speak, law firms can be "a vector for getting sensitive information"), and should be vetted the same way as are other vendors. She moderated a panel on enterprise security programs with CISO Executive Network founder Bill Sieglein, PWC principal and former SAIC SVP Charles Beard, and SRA International chief privacy officer Peter Adler.
We snapped Georgetown University Law Center Assistant Dean Lawrence Center with Dean William Treanor. Dean Center helped start up Georgetown CSLI after Tina came to him with the idea for it a few years ago. Last year was the program's inaugural year, and based on its success (this year expanded to two well-attended days) and recent high-profile cyber-attacks (eBay's hacking was announced during the conference, underscoring its importance), next year's event may be expanded even further.