The risk of cyber theft is faced not only by companies with valuable intellectual property and strategy documents, but also by the law firms that service such clients. Panelists agreed that while private-sector cybersecurity is as strong as ever, systems that are designed merely to keep out thieves are bound to be breached by those determined to steal information.
“We have tried to defend our way out of this problem. It has failed,” said Stewart Baker, a partner with Steptoe & Johnson in Washington, D.C., and former general counsel of the National Security Agency.
This realization is why some companies are exploring the legality of more active security measures, whose legality are in question and may call for coordination between government and the private sector. As articulated by Stephen Chabinsky, chief risk officer at security firm CrowdStrike, the private sector has the technology and reach, but not the legal authority, to take an active role on cyber defense, whereas the government has the authority but not the technology or reach.
Panelists agreed that such problems point to the value of the ABA Cybersecurity Legal Task Force, created by ABA President Laurel Bellows. The panelists noted that cybercrime raises a host of legal issues that the organized bar must help figure out and address.
Also participating in the program were James McPherson, chair of the ABA Standing Committee on Law and National Security; Harvey Rishikof, chair of the ABA Advisory Committee on Law and National Security; and Emily Frye, principal engineer with the MITRE Corp.
For a podcast of the entire program, click here.