Legal BlackBook
April 2018
The Tipping Point?
How will we know when cybersecurity has become a household word, a genuine phenomenon? Not by the number of law review articles on the subject, or even the number of Big Law practice groups devoted to it. It’s more likely to be revealed by an unexpected event in the popular culture. 
    Would this qualify? In September, Girl Scouts of the U.S.A. will roll out its first cybersecurity badges that scouts can earn by demonstrating their mastery of the subject. It’s part of an effort to boost girls’ interest in tech, which in turn could lead to their greater representation in the field. 
  Read more from NBC News.
  And only 8 percent of the security professionals surveyed said that their company continuously conducts penetration tests to determine where their vulnerabilities 
are located.
  These numbers suggest that, where cybersecurity is concerned, some of the pros companies depend on may need to be sent to reeducation camp. 
  Read more in TechRepublic.
What’s the definition of education? A pretty good one, when you think about it, is the ability to change.
  Now wrap your mind around this. According to a recent report 
by CyberArk
46 percent of organizations 
change their 
cybersecurity strategy even after they 
suffer a cyberattack. 
Continuously Test
for Security
Ever Learn?
A few years ago, Siemens was immersed in a bribery scandal. In the wake of it, as the company took major steps to reform, then-General Counsel Peter Solmssen reached out to his company’s competitors, and they agreed to cooperate to combat not just bribery but the competitive advantage it had offered. Solmssen called this joint effort the Cabal of the Good. 
  Flash forward. In February, Siemens and seven of its competitors signed what they called the Charter of Trust, vowing to cooperate in order to enhance cybersecurity worldwide. It’s actually even more ambitious than this may sound. It calls not only for the cooperation of the eight companies (the other seven are Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom), but also governments. 
  Read more in AutomationWorld.

The First Cybersecurity 
Style Guide
kind. Hacker lexicons have been published, but never one dedicated to cybersecurity, according to lead editor Brianne Hughes
  It aims for breadth rather than depth, and it does a good job. In 92 pages (including preliminary notes, appendices and an epilogue) it’s got everything from AI to zero day, and it’s almost guaranteed that you won’t know them all. 
  One warning: it’s designed for security researchers. That means there’s an emphasis on proper usage. Many of the words listed are not defined. This can be annoying for a more general audience, and a missed opportunity for the editors. (The appendix does include links to other guides that fill in the gaps.) 
  There’s one particularly nice feature. If you like it, you’ve got it. You can download it simply by clicking here.
  Read more on The Parallax.

The Bishop Fox Cybersecurity Style Guide, published in February, is billed as the first of its 
A Company’s 
Information May Not
Be an Open Book
Let’s say your company just discovered it’s suffered a data breach. The CEO asks whether it should be reported to the state police. As the general counsel, you feel it’s clearly information that’s going to have to be disclosed within a few months, and you point out that the police may help the company counter the attack. 
  But your boss isn’t happy. The company has been struggling lately. “This would be a lousy time for this to get out,” the CEO complains. And what if the media catch wind and file a Freedom of Information Act request with the police? 
  This isn’t purely hypothetical. The issue has come up, and in March Michigan’s Legislature overwhelmingly passed a bill that would exempt a company’s cybersecurity information from the state’s open records laws. 
  Predictably, the vote was not greeted warmly in the media or by the media.
   Still, two weeks later Republican Governor Rick Snyder signed the bill into law.
  Read more on Crain’s Detroit Business here and (for the follow-up) here

When Will They 
If you are interested in contributing thought leadership or other content to this platform, 
please contact Lester Goodman, Publisher
Contact Us