Wednesday, May 22
Registration and Continental Breakfast
Welcome and Overview
William M. Treanor, Dean, Georgetown Law; Lawrence J. Center, Assistant Dean, Georgetown Law
Opening Keynote Address
Speaker: Judith A. Miller, Member, Markle Task Force on National Security in the Information Age; Co-Chair, ABA Cybersecurity Task Force
Ms. Miller will provide her perspective on the cybersecurity challenge and the purpose and limitations of the current and evolving legal famework. Having held multiple critical positions, Ms. Miller's remarks will set the stage for the inaugural Cybersecurity Law Institute. Ms. Miller has served as senior vice president, general counsel, and a member of the Board of Directors of the Bechtel Group; a partner with Williams & Connolly; and general counsel of the U.S. Department of Defense.
Morning Simulation Exercise: Part 1
Panelists: Lt. Gen. Charlie E. Croom (USAF, Ret.), Vice President, Cyber Security Solutions, Lockheed Martin Information Technology; former Director, Defense Information Systems Agency; David J. McCue, President, McCue, Inc.; former Corporate Vice President and Chief Information Officer, Computer Sciences Corporation; Jason Munshower, Chief Information Officer and Staff Vice President, Information Technology, General Dynamics Corporation; Craig L. Silliman, Senior Vice President, Public Policy, Verizon
In a facilitated simulation of a cybersecurity incident, this session will begin to expose the legal issues that counsel typically address during such an event. Panelists will represent key stakeholders including the Chief Executive Officer, General Counsel, Chief Information Officer, and Chief Information Security Officer.
Morning Simulation Exercise: Part 2
Panelists: Shawn Henry, President, Services Division, CrowdStrike; formerly Executive Assistant Director, FBI; Jason Munshower, Chief Information Officer and Staff Vice President, Information Technology, General Dynamics Corporation; Harriet Pearson, Partner, Hogan Lovells; former Vice President, Security Counsel, and Chief Privacy Officer, IBM Corporation; Craig L. Silliman, Senior Vice President, Public Policy, Verizon
Key simulation participants will debrief and interact with the audience on critical legal and technical considerations involved in addressing the morning simulation. Dialogues will take place between the General Counsel and outside counsel, as well as between the Chief Compliance Officer and the Chief Information Security Officer.
11:50 am–12:15 pm
Box Lunch Distribution
Defining the Standard of Care: The "SANS 20"
Speaker: Tony W. Sager, Director, The SANS Institute; former Chief Operation Officer, Information Assurance Directorate, National Security Agency
The work of an influential industry-government consortium, the "20 critical security controls" has become the de facto yardstick by which corporate security programs can be measured. Tony Sager will explain these measures and provide examples and data that demonstrate their effectiveness when implemented.
Afternoon Simulation Exercise
Panelists: David J. McCue, President, McCue, Inc.; former Corporate Vice President and Chief Information Officer, Computer Sciences Corporation; Jason Munshower, Chief Information Officer and Staff Vice President, Information Technology, General Dynamics Corporation; Craig L. Silliman, Senior Vice President, Public Policy, Verizon; Trent R. Teyema, Assistant Special Agent in Charge, Cyber Branch, FBI Washington Field Office; Lawrence K. Zelvin, Director, National Cybersecurity and Communications Integration Center, National Protection and Programs Directorate, U.S. Department of Homeland Security
Presented by a new configuration of participants, this exercise will focus on the issues raised by cybersecurity-related interactions with law enforcement, regulators, and other governmental bodies. Panelists representing key stakeholders such as the General Counsel, Chief Information Security Officer, Chief Information Officer, as well as representatives from FBI and DHS will debrief and interact with the audience on the key legal and technical considerations involved in addressing the morning simulation.
Cybersecurity Policy Outlook
Moderator: Stewart A. Baker, Partner, Steptoe & Johnson LLP; former Assistant Secretary for Policy, U.S. Department of Homeland Security; former General Counsel, National Security Agency
Panelists: Sharon Bradford Franklin, Senior Counsel, The Constitution Project; Jessica Herrera-Flanigan, Partner, Monument Policy Group, LLC; Co-Chair, ABA SciTech ePrivacy Committee; and former Staff Director, House Homeland Security Committee
Panelists will provide diverse perspectives on the state of cybersecurity policy, emphasizing the role of legislation and the risk of policy lagging behind technological capability. In particular, panelists will highlight the corporate challenges in balancing privacy, security, and transparency considerations.
How to Work Successfully with the Board of Directors on Cybersecurity
Moderator: Jody R. Westby, President and CEO, Global Cyber Risk LLC
Panelists: John D. Dempsey, Managing Partner, Dempsey Partners; Steven R. Walker, General Counsel, Secretary, and Director of the Board Advisory Services, National Association of Corporate Directors
Panelists will discuss the role a board plays with respect to ensuring cybersecurity risk is appropriately managed, especially in corporations where information is the primary asset. In particular, participants will highlight best practices of board directors, general counsel, and senior management.
Networking Cocktail Reception
Thursday, May 23
Ethical Obligations and the "Starbucks Hack"
Moderator: Christina Ayiotis, Adjunct Faculty, Department of Computer Science, The George Washington University; former Deputy General Counsel, Computer Sciences Corporation
Panelists: Hon. John M. Facciola, U.S. Magistrate Judge, U.S. District Court for the District of Columbia; Michael Papay, Vice President, Chief Information Security Officer, Northrop Grumman Corporation; Benjamin A. Powell, Partner, Wilmer Cutler Pickering Hale and Dorr LLP; formerly General Counsel, Office of the Director of National Intelligence
Leveraging off day one simulation facts, panelists will discuss the ethical implications of a breach affecting the outside law firm retained to address the incident. The ABA ethical changes from August 2012 will be addressed in the context of competence regarding technology. An expert in technology will provide foundational knowledge necessary to demonstrate that competence.
Litigation and Judicial Developments
Moderator: David Z. Bodenheimer, Partner, Crowell & Moring LLP
Panelists: Cristin Goodwin, Senior Attorney, Trustworthy Computing and Cybersecurity, Microsoft Corporation; Randy V. Sabett, Counsel, ZwillGen PLLC; Shane McGee, General Counsel, Mandiant Corporation
This session will be a rapid-fire, substantive update on notable cyber and data security related litigation from the past year, highlighting implications for organizations.
11:50 am–1:15 pm
Lunch (on your own)
Panelists: Maureen T. Kelly, Enterprise Shared Services Counsel, Northrop Grumman Corporation; Andrew H. Tannenbaum, Cybersecurity Counsel, IBM Corporation; formerly Deputy General Counsel, Cybersecurity, National Security Agency; Benjamin A. Winter, Associate General Counsel, Lockheed Martin Corporation
This session will discuss the cybersecurity challenges in global corporations, including how to incorporate disparate (and often conflicting) legal and regulatory schema. It will use the simulation fact pattern to practically discuss the communications and management strategies to consider. It will also highlight supply-chain vulnerabilities and how U.S.-based companies are mitigating that specific risk.
Closing Keynote Address: Call to Action
Speaker: James M. Cole, Deputy Attorney General, U.S. Department of Justice
This session will provide an overview of the national security cyber strategy and the role the private sector can play.