Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

KickerFeaturesTopicsLaw Firm ManagementRegulationSectionsNewsLJN Newsletterse-Commerce Law & Strategy

Legal Battle Plans

By J.T. Westermeier
November 02, 2013

Cyber security incidents are rising very rapidly. The growing number of serious attacks on essential cyber networks is one of the most serious threats the U.S. faces. See, “Report Cyber Incidents,” DHS.gov (last visited Oct. 11, 2013). One of the critical controls relating to cyber security incidents is the implementation of effective cyber security incident response plans. (The SANS Institute has published 20 critical security controls. See, “Twenty Critical Security Controls for Effective Cyber Defense,” SANS.org. See specifically, “Critical Control 18: Incident Response and Management.”) Without an incident response plan, you may not discover an attack in the first place, or, if the attack is detected, you may not follow proper procedures to contain damage, eradicate the attacker's presence and recover in a secure fashion. Id . This article recommends that legal battle plans be developed and maintained as a critical part of your cyber security incident response plans.

Be Prepared for Quick Action

Legal battle plans are rapidly becoming an important part of a comprehensive information security program. These battle plans should be viewed as a critical component of your incident response plans. In today's information security environment, you need to react quickly and thoroughly to security breaches. Companies need to establish procedures to ensure a quick, effective and orderly response to such incidents. When an adverse event occurs, you are not going to have time to study your options. You will already be in trouble. You should prepare well ahead of any possible incidents so you can respond quickly to minimize damage and legal exposure.

Legal battle plans help to address this need. They are “off-the-shelf” plans that can be quickly adapted and executed to combat and otherwise defend against security incidents. These plans seek to take full advantage of legal rights and remedies to control, manage, avoid and mitigate losses and disruptions and comply with all legal obligations, including any notice requirements, contractual or regulatory obligations, and forensically sound evidentiary collection procedures.

Legal battle plans should be prepared for the security incidents that would have the greatest adverse effect on the company. A battle plan should spell out in advance the defenses and counterattacks the company can deploy rapidly. These include legal notices that must be provided to customers and contracting parties under affected contracts, as well as any necessary actions you will need to take regarding other matters, including insurance coverage, civil and criminal claims that may be applicable, evidence that should be collected, and points of contact that need to be notified.

By fully considering potential claims applicable to cyber incidents, you should be in a better position to make sure that the necessary evidence is collected in a forensically sound manner. You need to make sure that you put in place sufficient audit procedures and controls to provide a strong evidentiary trail consistent with the requirements applicable to the production of admissible evidence. The legal battle plan should consider the quality and completeness of the evidence. As the Council of Europe's Convention on Cybercrime has noted, “effective collection of evidence in electronic form requires very rapid response.” See, “Convention on Cybercrime Explanatory Note,” COE.int. (Note: See the full Convention on Cybercrime at http://bit.ly/eS3UWH.) Consider using forensic software tools to provide accurate, relevant and timely information about cyber incidents.

Legal Battle Plan Weapons

Because the legal battle plan is meant to increase your company's ability to respond to cyber incidents, it should include the tools to identify and analyze the incident, including the capability of successfully identifying and prosecuting a perpetrator, even an anonymous one. The plan also should include consumer notices required by law, applicable contract and regulatory notices. Further, it should provide for limiting damages, recouping losses and reducing regulatory, contractual, and other legal exposures. Also, the battle plan should be sufficiently flexible to be adapted readily to the circumstances of specific incidents and should coordinate with a company's public relations response and other incident response plans. This coordination ensures that the company is well prepared to limit damage to its reputation and to answer public or media queries about any incidents. A key objective of response plans, including the legal battle plans that are a part of these response plans, should be to maintain public confidence and trust in the company.

Legal battle plans will detail legal responses to a cyber incident. However, although not all incidents will be amenable to a legal counterattack, in most situations legal strategies may be deployed to keep damages to a minimum. With proper planning, you should be able to prevent damages from continuing to accrue after an incident has occurred. For example, the battle plan should provide contingencies for rapidly escalating your response, if such response is deemed appropriate.

Monitor the Plan

Once you create a legal battle plan, don't neglect it. Legal battle plans need to be monitored and adapted based on changing external and internal threats and any evolution or change within your company and its information security risk environment. Like all response plans, legal battle plans need to be tested periodically. Management and employee training on information security responses should include training on the company's legal battle plans.

Conclusion

Today most cyber security response plans fail to include legal battle plans. Today's risks require that legal battle plans be an essential part of comprehensive information security planning as a matter of prudent risk management. Make sure your cyber response plans include legal battle plans and that they are combat ready.

J. (” Jay”) T. Westermeier is of counsel to Finnegan, Henderson, Farabow, Garrett & Dunner LLP, in the firm's Reston, VA, office. A member of this newsletter's Board of Editors, he is past president of the International Technology Law Association (ITech Law) (formerly known as the Computer Law Association), a Life Fellow of the American Bar Foundation, 2001 Burton Award recipient. He can be reached at jay. [email protected].

'

SPECIAL OFFER: Get an online subscription to e-Commerce Law & Strategy for only $299. Click here, select Digital Only and use promo code ECOMOL299 at checkout. This offer is valid for new subscribers only.

'

Cyber security incidents are rising very rapidly. The growing number of serious attacks on essential cyber networks is one of the most serious threats the U.S. faces. See, “Report Cyber Incidents,” DHS.gov (last visited Oct. 11, 2013). One of the critical controls relating to cyber security incidents is the implementation of effective cyber security incident response plans. (The SANS Institute has published 20 critical security controls. See, “Twenty Critical Security Controls for Effective Cyber Defense,” SANS.org. See specifically, “Critical Control 18: Incident Response and Management.”) Without an incident response plan, you may not discover an attack in the first place, or, if the attack is detected, you may not follow proper procedures to contain damage, eradicate the attacker's presence and recover in a secure fashion. Id . This article recommends that legal battle plans be developed and maintained as a critical part of your cyber security incident response plans.

Be Prepared for Quick Action

Legal battle plans are rapidly becoming an important part of a comprehensive information security program. These battle plans should be viewed as a critical component of your incident response plans. In today's information security environment, you need to react quickly and thoroughly to security breaches. Companies need to establish procedures to ensure a quick, effective and orderly response to such incidents. When an adverse event occurs, you are not going to have time to study your options. You will already be in trouble. You should prepare well ahead of any possible incidents so you can respond quickly to minimize damage and legal exposure.

Legal battle plans help to address this need. They are “off-the-shelf” plans that can be quickly adapted and executed to combat and otherwise defend against security incidents. These plans seek to take full advantage of legal rights and remedies to control, manage, avoid and mitigate losses and disruptions and comply with all legal obligations, including any notice requirements, contractual or regulatory obligations, and forensically sound evidentiary collection procedures.

Legal battle plans should be prepared for the security incidents that would have the greatest adverse effect on the company. A battle plan should spell out in advance the defenses and counterattacks the company can deploy rapidly. These include legal notices that must be provided to customers and contracting parties under affected contracts, as well as any necessary actions you will need to take regarding other matters, including insurance coverage, civil and criminal claims that may be applicable, evidence that should be collected, and points of contact that need to be notified.

By fully considering potential claims applicable to cyber incidents, you should be in a better position to make sure that the necessary evidence is collected in a forensically sound manner. You need to make sure that you put in place sufficient audit procedures and controls to provide a strong evidentiary trail consistent with the requirements applicable to the production of admissible evidence. The legal battle plan should consider the quality and completeness of the evidence. As the Council of Europe's Convention on Cybercrime has noted, “effective collection of evidence in electronic form requires very rapid response.” See, “Convention on Cybercrime Explanatory Note,” COE.int. (Note: See the full Convention on Cybercrime at http://bit.ly/eS3UWH.) Consider using forensic software tools to provide accurate, relevant and timely information about cyber incidents.

Legal Battle Plan Weapons

Because the legal battle plan is meant to increase your company's ability to respond to cyber incidents, it should include the tools to identify and analyze the incident, including the capability of successfully identifying and prosecuting a perpetrator, even an anonymous one. The plan also should include consumer notices required by law, applicable contract and regulatory notices. Further, it should provide for limiting damages, recouping losses and reducing regulatory, contractual, and other legal exposures. Also, the battle plan should be sufficiently flexible to be adapted readily to the circumstances of specific incidents and should coordinate with a company's public relations response and other incident response plans. This coordination ensures that the company is well prepared to limit damage to its reputation and to answer public or media queries about any incidents. A key objective of response plans, including the legal battle plans that are a part of these response plans, should be to maintain public confidence and trust in the company.

Legal battle plans will detail legal responses to a cyber incident. However, although not all incidents will be amenable to a legal counterattack, in most situations legal strategies may be deployed to keep damages to a minimum. With proper planning, you should be able to prevent damages from continuing to accrue after an incident has occurred. For example, the battle plan should provide contingencies for rapidly escalating your response, if such response is deemed appropriate.

Monitor the Plan

Once you create a legal battle plan, don't neglect it. Legal battle plans need to be monitored and adapted based on changing external and internal threats and any evolution or change within your company and its information security risk environment. Like all response plans, legal battle plans need to be tested periodically. Management and employee training on information security responses should include training on the company's legal battle plans.

Conclusion

Today most cyber security response plans fail to include legal battle plans. Today's risks require that legal battle plans be an essential part of comprehensive information security planning as a matter of prudent risk management. Make sure your cyber response plans include legal battle plans and that they are combat ready.

J. (” Jay”) T. Westermeier is of counsel to Finnegan, Henderson, Farabow, Garrett & Dunner LLP, in the firm's Reston, VA, office. A member of this newsletter's Board of Editors, he is past president of the International Technology Law Association (ITech Law) (formerly known as the Computer Law Association), a Life Fellow of the American Bar Foundation, 2001 Burton Award recipient. He can be reached at jay. [email protected].

'

Read These Next
Overview of Regulatory Guidance Governing the Use of AI Systems In the Workplace Image

Businesses have long embraced the use of computer technology in the workplace as a means of improving efficiency and productivity of their operations. In recent years, businesses have incorporated artificial intelligence and other automated and algorithmic technologies into their computer systems. This article provides an overview of the federal regulatory guidance and the state and local rules in place so far and suggests ways in which employers may wish to address these developments with policies and practices to reduce legal risk.

Is Google Search Dead? How AI Is Reshaping Search and SEO Image

This two-part article dives into the massive shifts AI is bringing to Google Search and SEO and why traditional searches are no longer part of the solution for marketers. It’s not theoretical, it’s happening, and firms that adapt will come out ahead.

While Federal Legislation Flounders, State Privacy Laws for Children and Teens Gain Momentum Image

For decades, the Children’s Online Privacy Protection Act has been the only law to expressly address privacy for minors’ information other than student data. In the absence of more robust federal requirements, states are stepping in to regulate not only the processing of all minors’ data, but also online platforms used by teens and children.

Revolutionizing Workplace Design: A Perspective from Gray Reed Image

In an era where the workplace is constantly evolving, law firms face unique challenges and opportunities in facilities management, real estate, and design. Across the industry, firms are reevaluating their office spaces to adapt to hybrid work models, prioritize collaboration, and enhance employee experience. Trends such as flexible seating, technology-driven planning, and the creation of multifunctional spaces are shaping the future of law firm offices.

From DeepSeek to Distillation: Protecting IP In An AI World Image

Protection against unauthorized model distillation is an emerging issue within the longstanding theme of safeguarding intellectual property. This article examines the legal protections available under the current legal framework and explore why patents may serve as a crucial safeguard against unauthorized distillation.