Crossroads Blog | Institute National Security and Counterterrorism

critical infrastructure, Cybersecurity, Finance, Law

Cyber Round Up: ILTA Ethical Obligation for Lawyers to Understand Technology, The Bonds that Bind: Cybersecurity Brings Legal and Finance Together, Devastating Attacks to Public Infrastructure “A Matter of When” in the US

  • Note to Lawyers from ILTA: You’re Ethically Obligated to Understand Technology (Legaltech news): Ian Lopez of Legaltech news reports that a recent panel at ILTACON 2016 discussed the ABA Model Rules, specifically 1.1 (duty of competence) which purportedly indicates that lawyers have an ethical duty to understand technology.  The panel also discussed Model Rule 1.6 which deals with confidentiality and that has implications in the cyber realm as information moves to digital and virtual environments, according to the article.  The article also states that Rule 5.1 which deals with the supervisory duties applies to the supervision of IT support and personnel that enable lawyers to do their jobs.  The full text of the article is here.
  • The Bonds that Bind: Cybersecurity Comes Together in Legal and Finance (Legaltech news): in this article, the VP of Commercial Services, Joseph Abrenio is quoted as saying  that law firms “keep the secrets, good and bad…” and therefore financial institutions are only as strong and as secure as their weakest link.  Consequently, the marriage of the legal and financial worlds in the context of cybersecurity is a way to help manage risk and understand liability, according to the article.  The article goes on to say that because of the increased risk and the myriad regulations that financial institutions face, the vetting process for law firms has extended to understanding their cybersecurity posture.  The article indicates that this is necessary so that those firms with less robust or non-existent cybersecurity protocols may be less likely to be retained by financial firms.  Finally, firms that deal with more sensitive areas such as mergers and acquisitions may have to look at certifications such as the International Organization for Standardization (“ISO”) 27001 and the National Institute of Standards and Technology (“NIST”) certifications, according to the article.  The full text of the article is here.
  • Devastating Attacks to Public Infrastructure “A Matter of When” in the US (ZDNet): This isn’t really a new topic for this blog, however, this topic seems to be nearing the surface again as ZDNet reports that cyberattacks have impacted public infrastructure in other countries and it really is just a matter of when, rather than “if” in terms of a similar attack in the US.  This ZDNet article specifically highlights the threats to the industrial control systems (“ICS”) that are utilized by utilities, water, hospitals, transportation, and public safety entities both in the private and public sectors. The article points out that throughout these industries there is a false sense of security derived from using what they term to be a “compliance-driven” approach towards security.  The risk to manufacturing with respect to ransomware, disruptions, and attacks on the supply chain are also noted in the report.  The article also discusses several prominent attacks against public infrastructure:
    • Ukraine: 225,000 customers experienced a blackout as the result of remote intrusions which launched malware and denial-of-service (“DOS”) attacks;
    • South Korea: light rail operators have been successfully breached at least three separate times with information on speed and safety controls being exfiltrated;
    • Germany: nuclear power plant infected with malware from USB drives that employees brought to the air-gapped systems

The full text of the article is here.

Leave a Reply

Bitnami