The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
security professionals into their environments, which is good news because more attention is being given to this area. However, many of these professionals are new to their roles or to the legal profession, so they are requesting opportunities to network. As a result, this year's annual ILTA conference (ac2dc) includes a LegalSEC Community of Interest gathering, and we are working to deliver an annual LegalSEC Summit — a yearly meeting for security professionals to discuss current issues and threats and to attend workshops around the LegalSEC material being created and how to best implement tools. • Create an Information-Sharing Group. Information- sharing groups have already been formed in many industries, and these groups are mandated and governed by the Information Sharing and Analysis Center Council within industries considered part of the critical infrastructure of the U.S. (e.g., power, transportation and healthcare). Information-sharing groups in nonregulated industries are becoming increasingly popular. The purpose of our group will be to keep up with the current threat landscape and share information, so that we can proactively defend and react against attacks when they happen. An Obvious Need for LegalSEC Considering we received about 60 messages after the initial LegalSEC announcement, it seems glaringly obvious that something needs to be done to tackle the security challenges we face as a profession. These messages were received from firms of different sizes, countries and practices, and they all expressed their support and shared concerns. And the feedback keeps on coming. At this year's RSA Conference, Art Coviello, Executive Vice President of EMC and Executive Chairman of its RSA Division, was on the money during his keynote speech when he said: "An attack on one of us is an attack on all of us." He knows what he's talking about; his company was successfully penetrated. Once a group of attackers finds and exploits vulnerabilities in one law firm, they are going to try to do the same to the next one and the next until they succeed again … and chances are that they will succeed. And notice Carlos Rodriguez, CISSP, is responsible for all network infrastructure and information security operations at Lathrop & Gage LLP. With over 12 years of achievements in the delivery of technology, including six years in the legal profession, he has implemented both traditional and nontraditional solutions, including unified communications, virtualization, SaaS and cloud implementations. Carlos serves as ILTA's Server Operations and Security Peer Group Vice President, and he leads ILTA's LegalSEC initiative. He can be contacted at crodriguez@lathropgage.com. I am using the plural form here: We are no longer talking about one person trying to do harm; it is a whole infrastructure that operates under common goals, and we need to organize our counterstrike. We must also keep in mind the services we provide. Don't we advise clients on how to secure their assets and deliver secure services to their customers? Don't we have privacy attorneys in our firms that advise clients on data breach incidents and notifications? We do indeed, and we need to lead by example. Compliance and regulations are also in place that require us to take action. There were over 45 states in the U.S. with data breach notification laws in place, and the European Union has e-privacy directives, such as the European Directive 2002/58/EC, that address electronic communications. And according to Kevin Moore of Fenwick & West and a leader within the LegalSECTM team: "The U.S. is facing stronger federal legislations, such as H.R. 3523 — the 'Cyber Intelligence Sharing and Protection Act' (CISPA), that has passed the House of Representatives and is being debated outside of Washington. These regulations need our attention." It is time to come together and act on a real problem that we as a profession are facing. LegalSEC will provide a framework and roadmap to building stronger security and risk management programs by establishing a collaborative environment that helps firms secure their information assets. Keep an eye out for LegalSEC-related sessions at ILTA's annual ac2dc conference. Attend and/or access the session downloads after the conference. 52 Peer to Peer