How will we know when cybersecurity has become a household word, a genuine phenomenon? Not by the number of law review articles on the subject, or even the number of Big Law practice groups devoted to it. It’s more likely to be revealed by an unexpected event in the popular culture.
Would this qualify? In September, Girl Scouts of the U.S.A. will roll out its first cybersecurity badges that scouts can earn by demonstrating their mastery of the subject. It’s part of an effort to boost girls’ interest in tech, which in turn could lead to their greater representation in the field.
And only 8 percent of the security professionals surveyed said that their company continuously conducts penetration tests to determine where their vulnerabilities
These numbers suggest that, where cybersecurity is concerned, some of the pros companies depend on may need to be sent to reeducation camp.
What’s the definition of education? A pretty good one, when you think about it, is the ability to change.
Now wrap your mind around this. According to a recent report
46 percent of organizations
cybersecurity strategy even after they
suffer a cyberattack.
A few years ago, Siemens was immersed in a bribery scandal. In the wake of it, as the company took major steps to reform, then-General Counsel Peter Solmssen reached out to his company’s competitors, and they agreed to cooperate to combat not just bribery but the competitive advantage it had offered. Solmssen called this joint effort the Cabal of the Good.
Flash forward. In February, Siemens and seven of its competitors signed what they called the Charter of Trust, vowing to cooperate in order to enhance cybersecurity worldwide. It’s actually even more ambitious than this may sound. It calls not only for the cooperation of the eight companies (the other seven are Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom), but also governments.
kind. Hacker lexicons have been published, but never one dedicated to cybersecurity, according to lead editor Brianne Hughes.
It aims for breadth rather than depth, and it does a good job. In 92 pages (including preliminary notes, appendices and an epilogue) it’s got everything from AI to zero day, and it’s almost guaranteed that you won’t know them all.
One warning: it’s designed for security researchers. That means there’s an emphasis on proper usage. Many of the words listed are not defined. This can be annoying for a more general audience, and a missed opportunity for the editors. (The appendix does include links to other guides that fill in the gaps.)
There’s one particularly nice feature. If you like it, you’ve got it. You can download it simply by clicking here.
Let’s say your company just discovered it’s suffered a data breach. The CEO asks whether it should be reported to the state police. As the general counsel, you feel it’s clearly information that’s going to have to be disclosed within a few months, and you point out that the police may help the company counter the attack.
But your boss isn’t happy. The company has been struggling lately. “This would be a lousy time for this to get out,” the CEO complains. And what if the media catch wind and file a Freedom of Information Act request with the police?
This isn’t purely hypothetical. The issue has come up, and in March Michigan’s Legislature overwhelmingly passed a bill that would exempt a company’s cybersecurity information from the state’s open records laws.
Predictably, the vote was not greeted warmly in the media or by the media.
Still, two weeks later Republican Governor Rick Snyder signed the bill into law.
Read more on Crain’s Detroit Business here and (for the follow-up) here.
If you are interested in contributing thought leadership or other content to this platform,
please contact Lester Goodman, Publisher