Thank you for sharing!

Your article was successfully shared with the contacts you provided.

The extent of the cyber-damage caused by China-based hackers who tapped into the U.S. Chamber of Commerce in 2010 is not yet known. But following the recently publicized information about the attack, the message to in-house counsel is clear: protect yourselves. And that may mean having your company work more closely with the government. Steptoe & Johnson partner Michael Vatis says the breach is significant because of what it symbolizes. “Corporate America is under attack by hackers,” says Vatis. Vatis was the founding director of the National Infrastructure Protection Center at the FBI—the first government organization responsible for detecting and responding to cyber attacks—including computer crimes, cyber terrorism, cyber espionage, and information warfare. Vatis worked for the government from the late 1990s through 2001. He says that companies have traditionally been reluctant to share information with the government, not wanting to reveal that they’ve been the target of an attack. “They have pushed against the idea of increased government regulation of data security practices,” says Vatis. The U.S. Chamber of Commerce itself called the Obama administration’s legislative proposals on cybersecurity earlier this year “legislative overreach.” But Vatis says that overall he is seeing substantial changes in the private sector’s attitude regarding cybersecurity cooperation with the government. “I think there’s a realization now that this is not just a nuisance problem,” says Vatis. “This is a very serious problem, and it’s going to require significant government involvement and government assistance for companies to be able to minimize the damage from attacks.” No longer are hackers randomly breaking into corporate information systems without a goal in mind. “What we’re dealing with—as is evidenced by the Chamber attack—is hackers who are specifically targeting certain companies or organizations in order to gain valuable information.” Alan Brill, senior managing director of Kroll’s cybersecurity and information assurance division, says general counsel have an important role to play in protecting proprietary information and trade secrets. Counsel need to quarterback the effort between the IT departments, human resources, risk management, and the company’s business managers. Brill says it’s crucial that counsel take responsibility for both protection of information, as well as the company’s preparedness for a crisis. “You don’t want to be learning crisis management in the middle of a crisis,” he says. Brill says that all too often he sees companies that haven’t upgraded their cybersecurity systems. “The threat doesn’t stay the same,” says Brill. “It evolves.” And whereas an attacker need only find one vulnerability in its target, a company needs to be able to defend itself against every feasible type of attack. In the past, Brill has advised clients to “maintain watch on the walls of the castle.” Now he tells them they have to assume that someone is already inside. Cyber attacks are increasingly originating overseas, often from China. Not only do those threats pose a concern for companies that have valuable information, says Vatis, but they also are a national security threat. Many of the attacks are focused on information that has national security implications, including information related to defense and U.S. public policy. “Clearly, defense contractors have the most obvious connection to national security,” says Vatis. “If they’re working on weapons systems,” he says, “they would have information that would be of enormous value to a foreign government.” And that information makes them just as much a target as a government agency, says Vatis, if not more so in some cases. Brill hopes the latest reported attack will have a positive effect on the relationship between government and the private sector. “When organizations cooperate, we can turn incidents into analysis, intelligence, and action,” says Brill. See also: “Preparing In-House Counsel for a New Year of Cybersecurity Threats,” CorpCounsel, December 2011.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.