NYLJ.COM |
Law Schools | MONDAY, APRIL 18, 2016 | S7
Get Started
Visit at.law.com/gift
threats. This includes not only engaging a company’s technical departments and advi- sors, but also legal, compliance, public rela- tions, and marketing personnel. For many companies, cyber security is becoming deeply integrated into the heart of their business and strategic planning processes, and the most sophisticated among them recognize that the long-term commercial success of a product is intimately bound up in how secure it is. This will be increasingly apparent as the “Internet of Things” evolves as an ever-present reality.
At the national level our government also is increasingly recognizing that cyber security hinges not just on narrow issues of technical methods for keeping out spies and hackers; rather, cyber security concerns are rising to strategic significance and shaping relations between global powers, great and small. Iran reportedly attacked and disabled tens of thousands of computers at its strategic rival Saudi Arabia’s ARAMCO oil company;2 Russia reportedly shut down portions of the Ukrainian power grid, cutting power to dozens of cities and towns in a first-of-kind cyber attack on civilians;3 and cyber security issues revolving around commercial espionage are playing a significant role in the relationship between the United States and China.
In these geopolitical cyber security rela- tionships, legal and strategic concerns are deeply intertwined with technical ones and give rise to a series of questions implicating a range of legal and non-legal disciplines. Is a particular attack an attempt to steal data for commercial or espionage purposes, or is it instead the prelude to an armed attack? How confident can we be in the attribution of a cyber infiltration to a particular govern- ment perpetrator? How much of an effort is a government making to crack down on cyber criminals operating within its juris- diction, which can be a function both of its technical capabilities and its law enforce- ment/intelligence capacities, and which has obvious implications for responses to cyber intrusions?
The interdisciplinary nature of these and other cyber security issues has implications for the training of lawyers that will serve in both the public and private sectors, as those lawyers assist in charting the cyber paths of both companies and government agencies (including regulators). For example, a major question for corporations and for the government is what constitutes “reason- able” cyber behavior. This arises both when regulators set standards for companies and when they are contemplating an enforce- ment action. Answering this question in a manner sensitive to all the equities involved requires an understanding of the technologi- cal state-of-the-art, as well as the gains in security that can be purchased by marginal investments in cyber security tools. It also
requires identifying and understanding the value of the digital (or physical) assets that are at risk and how much should be spent securing them against harm. None of these questions can be answered by examining legal, technical, or commercial consider- ations in isolation.
So what can law schools do to promote a sophisticated approach to digital security? It begins with interdisciplinary education— a main focus of ours at the NYU Center for Cyber Security, a joint project of NYU’s Schools of Law, Engineering, and Culture, Education and Human Development, and at other law schools as well. Just as law students interested in commercial law often pursue joint degrees or course work in business
So what can law schools do
to promote a sophisticated approach to digital security? It begins with interdisciplin- ary education. Law students focused on cyber security should spend some time learn- ing about the technology that forms the backbone of our con- nected world.
schools, so too should law students focused on cyber security spend some time learning about the technology that forms the back- bone of our connected world. Lawyers need not expect to replace the technologists who are building the tools that power the digital economy. But, given the complex, and rapidly- evolving nature of these issues, the emerging generation of legal and policy advisors and executives should be technologically conver- sant. Understanding the work their compa- nies, clients and constituents do more in a more nuanced fashion will enable tomorrow’s lawyers to advise them more effectively. We should expect and provide no less for tomor- row’s lawyers.
•••••••••••••••••••••••••••••
1. Emily Glazer, “J.P. Morgan to Accelerate Timeline for Cybersecurity Spending Boost,” Wall Street Journal, Aug. 3, 2015, available at http://www.wsj.com/articles/j- p-morgan-to-accelerate-timeline-for-cybersecurity- spending-boost-1438641746.
2. Kim Zetter, “The NSA Acknowledges What We All Feared: Iran Learns From US Cyberattacks,” Wired. com, Feb. 10, 2015, available at http://www.wired. com/2015/02/nsa-acknowledges-feared-iran-learns-us- cyberattacks/.
3. Evan Perez, “U.S. official blames Russia for power grid attack in Ukraine,” CNN.com, Feb. 11, 2016, avail- able at http://www.cnn.com/2016/02/11/politics/ukraine- power-grid-attack-russia-us/.
Give Your Clients a Gift with Real Value.
Grant your clients unlimited access to award-winning legal news coverage with an ALM Gift Subscription.
NewYorkLawJournal.com
Reach your peers to generate referral business
LAWYER TO LAWYER
ConCtaocnttMacitcIhnadeelrKaaSlibnfgehlla1t2(2)1425)[email protected]