To help combat cybercrime, lawyers need to get better at doing one of the things they’re best at preventing: sharing sensitive information.
That was one of the major themes of the General Counsel Cyber Summit, a daylong conference jointly organized by Fordham, the U.S. Department of Justice, and the FBI.
The Feb. 18 gathering at the Lincoln Center campus brought together representatives from private industry, academia, government, and law enforcement for lectures, breakout sessions and panels.
In the keynote address, Russell Fitzgibbons, chief risk officer at The Clearing House, implored participants to consider the wide-reaching implications of actively sharing information both within the financial industry and with government partners.
He said what finally convinced disparate players in the industry to work together was the DDoS (Distributed Denial of Service) attacks of 2012 and 2013 on several large banks and other financial institutions, including Bank of America, JPMorgan Chase, Wells Fargo, and the New York Stock Exchange. He said he’d attended meetings with banking security officials who had not met together previously on the matter of cyberattacks.
“They were sharing information then and there . . . information about what they were experiencing, when they experienced [it], how long it lasted for, what the effects were and so forth, and they shared that with their colleagues so that they could better prepare themselves when their turn to be attacked [arrived],” he said.
He praised the Information Sharing and Analysis Centers (ISACs) for bringing together private enterprise and government officials. A common perception that agencies such as the Treasury Department, Secret Service, and the Department of Homeland Security are loath to share information is accurate to a degree, but is improving, he said.
“A lot of work has gone into getting access to classified information but more importantly, getting it unclassified—making [it]available,” he said. “People who who had complained about this issue have said, ‘we are seeing the difference. We are seeing information we hadn’t seen before, and just as importantly, we’re seeing context around this information.”
Fordham’s General Counsel Elaine Crosson moderated a panel on legal issues, featuring Sean Farrell, unit chief, Cyber Law Unit, Office of General Counsel, FBI; Sean Newell, deputy chief, Cyber, Department of Justice; and Leonard Bailey, special counsel for national security, Department of Justice.
When a business suffers a cyber intrusion, said Bailey, asking for assistance from the authorities can often cost the business more money than not involving them. The new Cybersecurity Information Sharing Act (CISA), passed last year by Congress, attempts to make it more financially prudent to share sensitive information.
“It attempts to address the security needs of business and the government [and]also address the privacy concerns that people have,” he said. It is also “an attempt to incentivize disclosure, so it contains a provision for liability protection for the act of disclosing information, which should be helpful with regard to many of the privacy statutes that [general counsels]face.”