Wednesday, May 25
Registration and Continental Breakfast
Sponsored by WilmerHale
Optional Primer: Top 10 Things You Need to Know
Rena Mears, BuckleySandler LLP
Harriet Pearson, Hogan Lovells
Randy V. Sabett, Cooley LLP
- Review the basics during this popular session reprise
- Understand why cybersecurity is a "team sport" and where all the players and attorneys fit in
- Explore governance and oversight, counseling, incidence preparedness and response
Welcome and Overview
Alisha Avril, Program Attorney
Congratulations, You Are Responsible for Cybersecurity Legal Matters! What Must Corporate Counsel Learn?
Christina Ayiotis, Cybersecurity Consultant, Program Co-Chair
Michelle Beistle, Counsel & Chief Compliance Officer, Unisys
Suzanne Rich Folsom, General Counsel, Chief Compliance Officer & Senior Vice President, Government Affairs, United States Steel
Cristin Flynn Goodwin, Assistant General Counsel, Microsoft
Karen I. Moreno, Counsel, Information Technology Law, Exxon Mobil Corporation
- Prepare to be a leader in cyber matters at the Board level
- Understand the role of in-house counsel in developing and enhancing cybersecurity programs
- Grasp the role of the NIST framework: Is it the de facto standard of care?
- Learn to be prepared with a cybersecurity program that complies with multiple overlapping frameworks, regulations, orders, and guidance
11:30 am-12:30 pm
Regulator Report: How Is Government Addressing Cybersecurity in Key Sectors?
Kim Peretti, Alston & Bird LLP
Maria Filipakis, Executive Deputy Superintendent for Capital Markets, New York State Department of Financial Services (Invited)
David Shonka, Deputy General Counsel, Federal Trade Commission
- Examine regulatory priorities
- Review enforcement developments
- Obtain answers from federal and state officials
Boxed Lunch Distribution
Session A: Cyber 101: The Technical Basics of Cybersecurity and Forensics
Jim Butler, Senior Director, Global Security & Compliance, CareerBuilder.com
Thomas J. Hibarger, Managing Director, Stroz Friedberg
- Examine basic technical tools and their use in the law field
- Review key principles in information security and forensics
- Receive a tutorial on technical basics on cyber and forensics
- Ask your toughest questions about technical concepts
Session B: International Cyber Law Issues: Reviewing Other Countries' Approaches
Demetrios A. Eleftheriou, Director of Global Privacy, Symantec Corporation
Jan Ellermann, Senior Specialist, Data Protection Office, Europol
Christopher Painter, Coordinator, Cyber Issues, U.S. Department of State
- Examine the French surveillance law and German data retention law
- Analyze UK mass surveillance and bulk collection
- Survey new laws on cybersecurity throughout the world
- Assess the breach notification landscape outside the U.S.
Session C: Litigation Trends in Data Breaches
Michelle Cohen, Patterson Belknap Webb & Tyler LLP
Allison Brecher, Senior Litigation Counsel & Director of Information Management and Strategy, Marsh & McLennan Companies
Jay Edelson, Edelson PC
Douglas Meal, Ropes & Gray LLP
- Review post-breach trends after Wyndham, Neiman Marcus, and Target
- Learn practical steps to pursue when investigating a potential security incident
Session A: Privacy and Civil Liberties: Implications of Securing Cyber Environments
Alan Raul, Sidley Austin LLP
Joseph Alhadeff, Vice President, Global Public Policy, Oracle Corporation
Prof. Alvaro Bedoya, Executive Director, Center on Privacy & Technology, Georgetown University Law Center
Andrea Glorioso, Counselor, Digital Economy & Cyber Security, Delegation of the European Union to the U.S.
- Discuss the privacy and civil liberties concerns in sharing cyber threat information
- Review the issues in monitoring employee and other individuals' use of information systems
- Explore how privacy concerns can be mitigated when data is shared with third parties
- Examine how global laws and proposed legislation define the boundaries of appropriate actions
- Study emerging cybersecurity organizational best practices to address privacy and civil liberties
Session B: What Do You Need to Know About Protecting Controlled Unclassified Information?
M. Peter Adler, Former Deputy General Counsel, SRA International, Inc.
Mary Beth Bosco, Holland & Knight LLP
Annejanette Pickens, Associate General Counsel, General Dynamics Mission Systems, Inc.
- Consider the emerging requirements under EO 13556, Safeguarding CUI
- Understand what CUI is and how it must be protected by federal contractors and subcontractors
- Assess the state of the final NARA rule, the FAR clause, and how to implement SP800-171
- Analyze implementation issues faced by the defense community
Session C: Always Connected, Always Vulnerable: The Internet of Things and Hacking Liability
Daniel Mee, Goldberg Segalla
Dan Caprio, Co-Founder & Chairman, The Providence Group
Nancy Sumption, Medtronic
Michael Woods, Associate General Counsel &Vice President, Verizon
- Identify and define the evolving issues, problems, and threats
- Review policies on wearables and implantables and (SCIFs)
- Grasp the EOT/EPS standards
- Understand security by design and software assurance
- Explore the proliferation of IOT/CPS standards
Session A: Tackling Vendor Risk
Dori Anne Kuchinsky, Assistant General Counsel, Privacy, AOL Inc.
David C. Gryce, Arent Fox LLP
Anthony Johnson, Vice President & CISO, Fannie Mae
Carmen B. Krueger, Senior Vice President & General Manager, Cloud Operations, SAP National Security Services
- Explore the place of law firms as vendors of legal services
- Compare and contrast vendor and supply chain risk
- Review vendor contracting strategies to mitigate risk and avoid pitfalls
- Assess the value of ongoing auditing and testing of vendor security
- Learn to engage proactively and cooperatively with vendors to stay abreast of evolving security threats
Session B: What Do CISOs Want Lawyers to Understand About Cybersecurity?
Hilary L. Hageman, Vice President & Deputy General Counsel, CACI International Inc.
Michael Papay, Vice President & CISO, Northrop Grumman Corporation
Dr. J.R. Reagan, Global Chief Information Security Officer, Deloitte Touche Tohmatsu Limited
- Assess what fosters effective collaboration between information security and legal
- Review the key elements of a successful relationship between CISOs and lawyers
- Examine how frequently CISOs and lawyers should engage
- Learn what lawyers need to know from the CISO's perspective
Session C: Information Sharing: You Want to Share What With Whom?
Justin Castillo, Head of Legal, BT Americas
Susan B. Cassidy, Covington & Burling LLP
John Martinez, Vice President & General Counsel, Raytheon Intelligence, Information and Services, Raytheon Company
Gregory T. Nojeim, Senior Counsel & Director, Freedom, Security & Technology Project, Center for Democracy &Technology
- Learn what questions should be asked before providing legal guidance for a new potential threat
- Assess the role of the ABA and other professional organizations
- Analyze potential liability protections
- Discuss the importance of timely decision-making and efficiency through documented processes
Networking Cocktail Reception
Sponsored by Darktrace
Thursday, May 26
Hon. Julie Brill, Hogan Lovells
The National Security Side of Cyber Intrusions
Andrew H. Tannenbaum, Cybersecurity Counsel, IBM
Hon. John P. Carlin, Assistant Attorney General for National Security, U. S. Department of Justice
Rajesh De, Mayer Brown LLP
Shawn Henry, President, CrowdStrike
- Understand the evolving threat landscape around state-sponsored attacks and the government's role assisting companies with prevention, detection, and response
- Learn how to best work with the government in the aftermath of state-sponsored attacks
- Examine the shifting motives of adversaries, such as espionage and counter intel and the series of intrusions targeting 'bulk PII'.
- Grasp the importance of needing to have alternative communication infrastructures as part of incident response
- Understand the impact of "Going Dark,"especially after the Paris attacks
10:50 am-12:05 pm
Session A: Cybersecurity for the Practice of Law: Addressing Legal Ethics Issues Before They Arise
David B. Coher, Principal, Reliability & Cybersecurity, Southern California Edison
Hon. John M. Facciola (Ret.), U.S. District Court for the District of Columbia, Washington, DC
Mark L. Krotoski, Morgan, Lewis & Bockius LLP
James M. McCauley, Ethics Counsel, Virginia State Bar
- Explore the duty of confidentiality (Model Rule 1.6) as it applies to digital communications and materials provided in the course of representation
- Review the duty of competency (Model Rule1.1) and the evaluation of suitable technology
- Study the limited evidentiary protection of attorney-client privilege and work product privilege
- Consider how online "free" services may use your data to expose your practice to risk
- Understand data encryption and how to easily implement VPNs and other technologies
Session B: Active Cyber Response: Fad, Fantasy, or Fundamental Right?
Anand R. Shah, Deputy Attorney General, Financial & Computer Crimes Bureau, New Jersey Division of Criminal Justice, New Jersey Office of the Attorney General
Stewart A. Baker, Steptoe & Johnson LLP
Jamil N. Jaffer, Adjunct Professor of Law, Director, Homeland and National Security Law Program, George Mason University School of Law
- Observe a debate on the use of active defense, including the technical, policy and legal issues
- Review certain use cases in the private sector
- Understand the technical realities of using cyber weapons
- Examine the effect of reforms to the Computer Fraud and Abuse Act and the emergence of international norms and guidance in the "Tallinn Manual 2.0"
Session C: What Every Attorney Needs to Know About Dealing with Law Enforcement
Korin A. Neff, Senior Vice President & Corporate Compliance Officer, Wyndham Worldwide Corporation
Shane McGee, Chief Privacy Officer, FireEye, Inc.
Andrew S. Pack, Assistant U.S. Attorney, U.S.Attorney's Office, New Jersey
David Szuchman, Executive Assistant District Attorney & Chief of Investigation Division, New York County District Attorney's Office
- Review strategies to make working with law enforcement successful for you
- Receive an in-house lawyer's guide to working with law enforcement
- Assess what to share and what not to share and how to protect proprietary information
- Assess the advantages and disadvantages of working with subpoenas and search warrants
Boxed Lunch Distribution
Session A: De-Mystifying the"Dark Web"
Etay Maor, Executive Security Advisor, IBM
Matthew Devost, Managing Director, Accenture
Ralph Echemendia, "The Ethical Hacker"
Keith Mularski, Supervisory Special Agent, Federal Bureau of Investigation
- Learn what the "hidden internet" is and how to determine whether employees are accessing it
- Analyze the critical privacy, security, and anonymity concerns
- Explore the legal avenues to pursue if you are victimized by ransom ware or cyber extortion
- Examine the ethical issues in gathering and using information available on the dark web
Session B: Developments in Payment Cards and Responses to Breaches
Russell Schrader, General Counsel & Chief Privacy Officer, Commerce Signals Inc.
Christopher Novak, Director, Verizon
Ronald Smalley, Vice President, Cyber Incident & Fraud Investigations, First Data
- Review the roles of the franchisor and the franchisee
- Examine the impact of CHIP/EMV rollout in the U.S. and internationally
- Grasp the impact of the burgeoning increase in e-commerce and of card not present breaches.
Session C: The Role of Insurance in Reducing Cybersecurity Risk
Scott Godes, Barnes &Thornburg LLP
Tom Finan, Chief Strategy Officer, Ark Network Security Solutions
Catherine A. Mulligan, Senior Vice President, Zurich North America
Greg Vernaci, Senior Vice President, American International Group, Inc.
- Explore the role of insurance in sound cybersecurity risk management and what risk managers and attorneys need to know
- Examine the evolution of cyber insurance and the types of coverage available
- Understand the key terms in policies and how they function in practice
- Grasp the importance of insurance review in vendor and business partner risk management
- Pinpoint how to answer security questions as part of the underwriting process
- Review the most recent case law
Responding to a Data Breach: How to Run a Cyber Investigation and Learn from the Breach
Erez Liebermann, Chief Counsel, Cybersecurity & Privacy, Prudential Financial, Inc.
Marshall Heilman, Vice President & Executive Director, IR and Red Team, Mandiant
W. Scott Nehs, Senior Vice President & General Counsel, Blue Cross Blue Shield Association
Tara M. Swaminatha, DLA Piper
- Learn how to best assist clients to evaluate a suspected breach or other unusual activity.
- Share best practices for organizing and overseeing a cyber investigation
- Understand when and how to assert the attorney-client privilege
- Receive tips on documenting the investigation and its findings
- Assess who should be involved in all phases of the investigation