Richmond Journal of Law and Technology

The first exclusively online law review.

Month: March 2013

Sedona Conference to use JOLT article in 2013 Conference Materials

The Sedona Conference® is hosting the 7th Annual “Staying Ahead of the e-discovery Curve Conference” from  March 21 to 22, 2013 in San Diego, CA.  This conference of approximately 200 attendees brings together a faculty of seasoned e-discovery litigators, in-house counsel and federal judges.

The Conference requested permission to include a JOLT article as part of the materials that are handed out for the panel on Technology Assisted Review (TAR). The article requested was included in Vol. XVII, Issue 3 , and titled  Technology-Assisted Review in E-Discovery Can Be More Effective and More Efficient Than Exhaustive Manual Review by Maura R. Grossman and Gordon V. Cormack.

The Sedona Conference® is a nonprofit, 501(c)(3) research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, and intellectual property rights.  The Sedona Conference’s mission is to drive the reasoned and just advancement of law and policy by stimulating ongoing dialogue amongst leaders of the bench and bar to achieve consensus on critical issues.

sedona

Blog: The New Cybersecurity Executive Order

By Airen Adamonis, Copy Editor          

The United States is currently at war with China.  However, this war is not taking place on any battlefields.  It’s taking place in cyberspace.  According to a recent article published by the Washington Post, the United States has been the target of an immense “cyber-espionage campaign” that is threatening the country’s economic competitiveness.

            Just days after a private security firm released a study accusing the Chinese military of carrying out numerous cyber-attacks against U.S. businesses, the Obama Administration released a long-awaited Executive Order on cybersecurity measures.  The Executive Order on Improving Critical Infrastructure Cybersecurity (the “Order”), released on February 12, 2013, has a goal to address cyber threats through a strengthened partnership between the U.S. Government and critical infrastructure owners.  To accomplish this goal, the Order:

  •   Requires the development of new information sharing programs to provide both classified and unclassified threat and attack information to U.S. companies;
  •   Requires the NIST’s creation of a Framework of cybersecurity practices (“Cybersecurity Framework”) to reduce cyber risks to critical infrastructure;
  •   Compels agencies to conduct regular assessments of privacy and civil liberties impacts of their activities and to make such assessments available to the public;
  •   Establishes a voluntary program to promote the adoption of the Cybersecurity Framework, which will provide incentives for companies to comply; and
  •   Calls for a review of existing cybersecurity regulation.

 

What does all of this mean for businesses?  For now, it does not mean much since none of the industries covered by the order will actually have to meet the completely voluntary standards.  According to Hunton & Williams’ Privacy Blog, the Order could potentially impact businesses in the following ways:

(1)   Businesses in the private sector will receive a surge of notifications from the government concerning cyber threats and recommended ways to respond to threats based on a process developed by the Department of Homeland Security (“DHS”).  The current DHS process mainly shares classified cyber threats only with defense companies, but under the new Order, information will be shared with other critical infrastructure companies, such as energy companies.

(2)   Critical infrastructure companies and secondary actors (i.e. insurance companies) will be able to voluntarily use the new Cybersecurity Framework to address potential risks.  Since participation is completely voluntary, it is likely that DHS will create incentives for companies to comply.  An example included in the Order is the call for a review of the federal procurement process to create a preference for vendors who meet the Cybersecurity Framework standards.

(3)   Certain private sector companies, who if targeted would have a devastating effect, will be named on a list of “Critical Infrastructure at Greater Risk.”  If added onto the list, companies can request reconsideration of their inclusion on the list.  However, this list does not change the fact that compliance with the Framework remains completely voluntary.

Although the new Order appears to be a positive step in the right direction by encouraging information sharing between the public and private sectors, it is unlikely that it is enough to prevent what seems like an inevitable national cybersecurity catastrophe.  Congress needs to make the next move fast.

 

 

Additional Sources:

 

http://www.huntonprivacyblog.com/2013/02/articles/obama-signs-presidential-policy-directive-on-critical-infrastructure-security-and-resilience/

http://www.huntonprivacyblog.com/2013/02/articles/observations-on-the-cybersecurity-executive-order-and-presidential-policy-directive/

http://www.bna.com/president-obama-signs-n17179872423/

http://www.whitehouse.gov/sites/default/files/uploads/07_eo_quotes_02132013.pdf

Powered by WordPress & Theme by Anders Norén