On October 25 Hogan Lovells was honored to host the American University Law Review Symposium, “America The Virtual: Security, Privacy and Interoperability in an Interconnected World” in our Washington, D.C. office. One hundred-fifty participants from government, private practice, and academia explored the legal implications of cybersecurity threat responses such as government-industry information sharing, breach and risk disclosures, and heightened network and systems monitoring.
Hogan Lovells partner Harriet Pearson offered opening remarks highlighting cybersecurity’s importance to today’s general counsel and corporate leadership and noting the complex web of public-government-industry relationships involved in good cyber risk management. Pearson also served as a panelist for a session on cybersecurity and the law. She pointed to Senator Rockefeller’ recent query to Fortune 500 CEOs on cybersecurity practices and public policy views, calling it an example of how the issue has broadened its reach beyond the core defense and technology sectors. In response to an audience question about the sufficiency of market forces to address cybersecurity risk, Pearson observed that in response to recent well-publicized attacks and developments such as data breach notification laws, companies now allocate significant attention and money to protecting sensitive personal information and systems. And, she explained, although much of the historical focus has been on identity theft prevention rather than IP and infrastructure protection, the market is now shifting attention to address both needs and such efforts should be encouraged by government. In closing, Pearson emphasized the need for creative thinking, observing that “check-the-box” security compliance rarely results in good security.
AU Law Review sponsor and adjunct professor Melanie Teplinsky pointed out the insufficiency of a traditional, “fortress” approach to security. Fortifications don’t keep out the most determined attackers, she explained, and because adversaries move quickly organizations need to be able respond to cyber threats at network speed. Ironically, however, rather than sharing information with government to help deflect adversaries, Teplinksy noted that most organizations’ instincts are to run to IT personnel when a cyber attack occurs. When your home security alarm goes off, “don’t call the locksmith; call law enforcement,” she suggested.
Ivan Fong, former General Counsel of the Department of Homeland Security and current General Counsel of 3M Company, keynoted at lunch. Fong described how technological changes drive changes in the law. Recalling the seminal 1890 Warren and Brandeis Harvard Law Review article “The Right to Privacy,” Fong remarked that in the same way these early privacy thinkers offered original thinking that led to the recognition of new privacy rights, today’s and tomorrow’s leaders in law and policy must be creative and brave to develop new legal frameworks for the cybersecurity challenge.
American University Law Review’s Symposium issue, “America the Virtual,” will be published in 2013. Law review members also video-taped the event and will make it available on their website shortly.