Legal Battle Plans

Legal battle plans help to address this need. They are “off-the-shelf” plans that can be quickly adapted and executed to combat and otherwise defend against security incidents. These plans seek to take full advantage of legal rights and remedies to control, manage, avoid and mitigate losses and disruptions and comply with all legal obligations, including any notice requirements, contractual or regulatory obligations, and forensically sound evidentiary collection procedures.

Legal battle plans should be prepared for the security incidents that would have the greatest adverse effect on the company. A battle plan should spell out in advance the defenses and counterattacks the company can deploy rapidly. These include legal notices that must be provided to customers and contracting parties under affected contracts, as well as any necessary actions you will need to take regarding other matters, including insurance coverage, civil and criminal claims that may be applicable, evidence that should be collected, and points of contact that need to be notified.

By fully considering potential claims applicable to cyber incidents, you should be in a better position to make sure that the necessary evidence is collected in a forensically sound manner. You need to make sure that you put in place sufficient audit procedures and controls to provide a strong evidentiary trail consistent with the requirements applicable to the production of admissible evidence. The legal battle plan should consider the quality and completeness of the evidence. As the Council of Europe's Convention on Cybercrime has noted, “effective collection of evidence in electronic form requires very rapid response.” See, “Convention on Cybercrime Explanatory Note,” COE.int. (Note: See the full Convention on Cybercrime at http://bit.ly/eS3UWH.) Consider using forensic software tools to provide accurate, relevant and timely information about cyber incidents.

Legal Battle Plan Weapons

Because the legal battle plan is meant to increase your company's ability to respond to cyber incidents, it should include the tools to identify and analyze the incident, including the capability of successfully identifying and prosecuting a perpetrator, even an anonymous one. The plan also should include consumer notices required by law, applicable contract and regulatory notices. Further, it should provide for limiting damages, recouping losses and reducing regulatory, contractual, and other legal exposures. Also, the battle plan should be sufficiently flexible to be adapted readily to the circumstances of specific incidents and should coordinate with a company's public relations response and other incident response plans. This coordination ensures that the company is well prepared to limit damage to its reputation and to answer public or media queries about any incidents. A key objective of response plans, including the legal battle plans that are a part of these response plans, should be to maintain public confidence and trust in the company.

Legal battle plans will detail legal responses to a cyber incident. However, although not all incidents will be amenable to a legal counterattack, in most situations legal strategies may be deployed to keep damages to a minimum. With proper planning, you should be able to prevent damages from continuing to accrue after an incident has occurred. For example, the battle plan should provide contingencies for rapidly escalating your response, if such response is deemed appropriate.

Monitor the Plan

Once you create a legal battle plan, don't neglect it. Legal battle plans need to be monitored and adapted based on changing external and internal threats and any evolution or change within your company and its information security risk environment. Like all response plans, legal battle plans need to be tested periodically. Management and employee training on information security responses should include training on the company's legal battle plans.

Conclusion

Today most cyber security response plans fail to include legal battle plans. Today's risks require that legal battle plans be an essential part of comprehensive information security planning as a matter of prudent risk management. Make sure your cyber response plans include legal battle plans and that they are combat ready.

J. (” Jay”) T. Westermeier is of counsel to Finnegan, Henderson, Farabow, Garrett & Dunner LLP, in the firm's Reston, VA, office. A member of this newsletter's Board of Editors, he is past president of the International Technology Law Association (ITech Law) (formerly known as the Computer Law Association), a Life Fellow of the American Bar Foundation, 2001 Burton Award recipient. He can be reached at jay. [email protected].

'

SPECIAL OFFER: Get an online subscription to e-Commerce Law & Strategy for only $299. Click here, select Digital Only and use promo code ECOMOL299 at checkout. This offer is valid for new subscribers only.

'

Cyber security incidents are rising very rapidly. The growing number of serious attacks on essential cyber networks is one of the most serious threats the U.S. faces. See, “Report Cyber Incidents,” DHS.gov (last visited Oct. 11, 2013). One of the critical controls relating to cyber security incidents is the implementation of effective cyber security incident response plans. (The SANS Institute has published 20 critical security controls. See, “Twenty Critical Security Controls for Effective Cyber Defense,” SANS.org. See specifically, “Critical Control 18: Incident Response and Management.”) Without an incident response plan, you may not discover an attack in the first place, or, if the attack is detected, you may not follow proper procedures to contain damage, eradicate the attacker's presence and recover in a secure fashion. Id . This article recommends that legal battle plans be developed and maintained as a critical part of your cyber security incident response plans.

Be Prepared for Quick Action

Legal battle plans are rapidly becoming an important part of a comprehensive information security program. These battle plans should be viewed as a critical component of your incident response plans. In today's information security environment, you need to react quickly and thoroughly to security breaches. Companies need to establish procedures to ensure a quick, effective and orderly response to such incidents. When an adverse event occurs, you are not going to have time to study your options. You will already be in trouble. You should prepare well ahead of any possible incidents so you can respond quickly to minimize damage and legal exposure.

Legal battle plans help to address this need. They are “off-the-shelf” plans that can be quickly adapted and executed to combat and otherwise defend against security incidents. These plans seek to take full advantage of legal rights and remedies to control, manage, avoid and mitigate losses and disruptions and comply with all legal obligations, including any notice requirements, contractual or regulatory obligations, and forensically sound evidentiary collection procedures.

Legal battle plans should be prepared for the security incidents that would have the greatest adverse effect on the company. A battle plan should spell out in advance the defenses and counterattacks the company can deploy rapidly. These include legal notices that must be provided to customers and contracting parties under affected contracts, as well as any necessary actions you will need to take regarding other matters, including insurance coverage, civil and criminal claims that may be applicable, evidence that should be collected, and points of contact that need to be notified.

By fully considering potential claims applicable to cyber incidents, you should be in a better position to make sure that the necessary evidence is collected in a forensically sound manner. You need to make sure that you put in place sufficient audit procedures and controls to provide a strong evidentiary trail consistent with the requirements applicable to the production of admissible evidence. The legal battle plan should consider the quality and completeness of the evidence. As the Council of Europe's Convention on Cybercrime has noted, “effective collection of evidence in electronic form requires very rapid response.” See, “Convention on Cybercrime Explanatory Note,” COE.int. (Note: See the full Convention on Cybercrime at http://bit.ly/eS3UWH.) Consider using forensic software tools to provide accurate, relevant and timely information about cyber incidents.

Legal Battle Plan Weapons

Because the legal battle plan is meant to increase your company's ability to respond to cyber incidents, it should include the tools to identify and analyze the incident, including the capability of successfully identifying and prosecuting a perpetrator, even an anonymous one. The plan also should include consumer notices required by law, applicable contract and regulatory notices. Further, it should provide for limiting damages, recouping losses and reducing regulatory, contractual, and other legal exposures. Also, the battle plan should be sufficiently flexible to be adapted readily to the circumstances of specific incidents and should coordinate with a company's public relations response and other incident response plans. This coordination ensures that the company is well prepared to limit damage to its reputation and to answer public or media queries about any incidents. A key objective of response plans, including the legal battle plans that are a part of these response plans, should be to maintain public confidence and trust in the company.

Legal battle plans will detail legal responses to a cyber incident. However, although not all incidents will be amenable to a legal counterattack, in most situations legal strategies may be deployed to keep damages to a minimum. With proper planning, you should be able to prevent damages from continuing to accrue after an incident has occurred. For example, the battle plan should provide contingencies for rapidly escalating your response, if such response is deemed appropriate.

Monitor the Plan

Once you create a legal battle plan, don't neglect it. Legal battle plans need to be monitored and adapted based on changing external and internal threats and any evolution or change within your company and its information security risk environment. Like all response plans, legal battle plans need to be tested periodically. Management and employee training on information security responses should include training on the company's legal battle plans.

Conclusion

Today most cyber security response plans fail to include legal battle plans. Today's risks require that legal battle plans be an essential part of comprehensive information security planning as a matter of prudent risk management. Make sure your cyber response plans include legal battle plans and that they are combat ready.

J. (” Jay”) T. Westermeier is of counsel to Finnegan, Henderson, Farabow, Garrett & Dunner LLP, in the firm's Reston, VA, office. A member of this newsletter's Board of Editors, he is past president of the International Technology Law Association (ITech Law) (formerly known as the Computer Law Association), a Life Fellow of the American Bar Foundation, 2001 Burton Award recipient. He can be reached at jay. [email protected].

'