Cyber security topic of national summit in Oklahoma City
OKLAHOMA CITY – Businesses that hold proprietary, personal or confidential information should expect they will be targeted sooner or later by cyber criminals intent on gaining access to the information. That is what attorneys, bankers and others heard Wednesday when they attended a National Summit on Homeland Security Law hosted by Oklahoma City University’s Murrah Center for Homeland Security Law and Policy. As part of the summit, a series of workshops were held about data breaches and cybersecurity involving law firms, financial businesses, the gaming industry and the energy sector.
Discussions also were held about what these types of businesses and other types of institutions ought to be doing to protect themselves and manage their risks, plus what current trends are related to cybersecurity in criminal law. Several sessions were held. The first, moderated by attorney Joe Edwards of Crowe & Dunlevy, dealt with data breaches and cybersecurity. A member of the same firm (and a former U.S. Attorney) Sandy Coats also spoke on that issue, as did attorney Zachary Schreiber, of Steptoe & Johnson, who talked about various strategies a breached business might use to defend itself from resulting litigation. Edwards told attendees the time to think about how to respond to a data breach is not after it’s happened.
Cybersecurity is … an area that requires a lot of resources and requires a lot of different expertise, Edwards said, adding attorneys are interested in it not only because of the legal and policy implications, but also because they hold significant amounts of identifying and secret information about their clients.
He noted the American Bar Association did a survey with firms that had 100 or more lawyers in 2015, and learned through it that at least 25 percent of those firms had experienced a data breach. Of those, he said the survey found that 47 percent had no cybersecurity plan, and that 58 percent had no chief information security officer. Edwards said the FBI has been warning law firms about attacks by hackers since 2011.
All lawyers have a duty to professionally represent their clients, said Edwards, adding that part of that responsibility includes safeguarding clients’ confidential information. He also talked about how cyber risks are expanding, and how federal lawmakers and policy makers on both the state and federal levels are rewriting laws and rules that can hold businesses accountable for keeping their customers’ and clients’ confidential information safe.
While cyber insurance is available for businesses, its coverage isn’t always clear, and general liability insurance’s coverage of data breaches soon will end, he added. Edwards urged attorneys and other conference attendees to develop cyber security plans that not only address forensics, recovery and notification issues, but also requires the routine testing of cybersecurity defenses to make sure they are safe. He also provided recommendations on where attorneys, bankers and other business owners can go to learn about developing cybersecurity plans.
The best approach is to assume a cybersecurity data breach will occur. Have a plan today. Not when it occurs. Coats told summit participants it would be foolish for them to expect they’ll never be targeted.
This isn’t an if question. It’s a when question. If you haven’t already been attacked, you will be.
The summit’s keynote address was delivered by former U.S. Rep. Dan Boren, who now works for the Chickasaw Nation as its corporate development president. Boren spoke about his congressional service and his service on the U.S. House of Representatives’ intelligence committee. A highlight for him, he told them, was news the U.S. had caught and killed Osama bin Laden just a week or so after he had visited Afghanistan and Pakistan as part of a congressional delegation.
Before that, Boren related how he and most other members of the committee (with the exception of its chair and ranking member) knew nothing about ongoing efforts to find and kill the terrorist. Security, he told them, was excellent the way it should have been. The former congressman also talked about the ongoing investigations being conducted by the House and U.S. Senate intelligence committees into allegations that Russia interfered with the 2016 presidential election, and expressed confidence they will be carried out fairly. As for the summit, Marc Blitz, a law professor OCU, noted Wednesday’s was the law and policy center’s third, and that it helps the Oklahoma City National Memorial and Museum in its quest to make sure attacks like the Murrah Federal Building bombing in 1995 never happen again.
The center seeks to engage local organizations and businesses on these issues, he added, because they are the first to respond when something happens.
We want to make sure people think not just about big debates about separation of powers, but also about what sorts of law and policy issues have to be addressed, he said.