Cyber-Security, Data Breach Threats: A Discussion
Advice for companies assessing cybersecurity threats: Ask, who are we connected to and what information do we hold that makes us a target?
Seton Hall Law and law firm Mayer Brown LLP co-hosted a symposium, Hot Topics in Life Sciences, during which Professor David Opderbeck, leader of the Gibbons Institute of Law, Science & Technology, sat with Rajesh De, former General Counsel for NSA and now a Partner at Mayer Brown, to discuss issues of cyber-security and their impact on the life sciences industry. Jillian Swogier '16 reports on the discussion. Full story >>
Mr. De (pictured) explained that one of the NSA's roles is information assurance, or cyber defense of communication systems. The framework in place for cyber threats is layered through phases: Phase I: Exploitation, Phase II: Disruption, Phase III: Destruction, and Phase IV: the “over-the-horizon” threat of manipulation. The NSA’s current focus is on the "Destruction" phase.
Entities – organizations in both the public and private sector – and the government are continuously trying to protect against three actors: state actors, criminal actors, and activists. These three groups were originally thought to be mutually exclusive but as time has passed, the NSA and other entities on the lookout for data security have found that these groups often work in collaboration.
Following a discussion about the source of cyber threats, Professor Opderbeck (pictured) brought the conversation to the life sciences realm, inquiring about how biotech companies are affected and what they can do to protect themselves from cyber threats. Mr. De recommended that the organization’s CIO should prioritize risks, and gain a perspective on why the organization may be a target. Professor Opderbeck and Mr. De agreed that the assessment should not be based solely on the information the organization possesses, but like the infrastructure of a roadway, companies should ask, who are we connected to, and what information do we hold that makes us a target?
Currently, government agencies take a voluntary incentive-driven approach to cyber-security rather than a prescriptive and mandatory approach, because threats and technology emerge at a faster rate than a fixed process can accommodate – innovations happen too quickly. Therefore, adaptability is key to ensuring protection from evolving data hackers and breaches.
Professor Opderbeck and Mr. De also discussed the “upside of connectivity” and information sharing. Connectivity innovations should not be seen as only increasing vulnerabilities and providing a frivolous benefit, but improving safety. For example, cars are becoming more connected but they are also beginning to feature motion sensors and speed detectors to potentially prevent accidents.
Furthermore, information sharing is a hot topic that has legislators buzzing to increase communication between the government and private sectors, and even with private sector actors. “Imagine the benefit of two pharmaceutical companies working together to learn where their cyber threats and targets are most susceptible,” they concluded.
Pictured above, from left, are Professor Opderback with Mayer Brown partners Lisa Ferri, Intellectual Property Practice Leader; Rajesh De; and Colleen Tracy James '96, Intellectual Property Partner.