OrcaTec Chief Technology Officer Herb Roitblat said he hopes for more government action, but that officials should be cautious of doing more harm than good. "If cybersecurity is improved in this country, I think that the largest impact will be on encryption of business communications. Depending on how the encryption is managed, it could make it very difficult to do basic e-discovery. Documents would have to be decrypted before they could be ingested. Passwords may be lost. Documents may be designed to self-destruct after a time, which would mean that there is less to discover," he said. "The current executive order is largely directed at sharing information about threats and ... giving NIST a mandate for recommended standards for security of critical U.S. infrastructure. If Congress passes some legislation, that could mean a lot more."
Security-focused attorneys Mercedes Tunstall, of Ballard Spahr, and T. Scott Cowperthwait, of Shipman & Goodwin, both also weighed in.
"Basically this executive order is the administration's way of highlighting the importance of getting legislation passed that establishes basic cybersecurity standards in the U.S., which we don't have right now," Tunstall said, in Washington, D.C. There are many pieces in the wild, but, "We don't have kind of a general law that says, 'You should take steps to protect against data security problems,'" she noted.
"While it will be kind of a baseline, everybody needs to get their act together," Tunstall said. "I do think there is a very high likelihood ... that law firms will have to have a highter standard. Believe me, I have worked with clients that have had other law firms that have had data security breaches."
Cowperthwait, in Hartford, Conn., heads the Connecticut chapter of InfraGard and stressed that law firms should be prepared for change. "Law firms and private legal vendors have access to trade secrets, critical technologies, and other proprietary and sensitive business information of their clients," he said. "As a result, I can easily envision a scenario whereby an owner or operator of critical infrastructure passes on comprehensive cybersecurity requirements to law firms with access to its data or information."
The U.S. Department of Commerce scheduled a press conference about the executive order for Wednesday afternoon.
Evan Koblentz is a reporter for Law Technology News, a Legal affiliate based in New York.
Subscribe to Law Technology News
