PROTECTING CYBER VENDOR SERVICES WITH CYBERLAW

How does this privacy apply to cybersecurity? The rule of the cyberlaw in the protection of cyber vendor services against the risk of litigation exposure.

In most countries and most legal systems, the sanctity of the attorney client relationship is guarded by the courts. Without confidentiality and privacy, the system of law can break down from the lack of trust. Thus, the institution of law protects the privacy of the client relationship in order to promote the integrity and legitimacy of the legal system, which in turn, bolsters the good order and efficiency of other societal institutions.

How does this privacy apply to cybersecurity? Cybersecurity services between vendor and customer, especially the transfer of data, can be protected much like the delivery of other legal services underneath unique legal system privileges.  There is also the added dimension of cyberlaw risk advisory, to correlate technical details with meaningful exposure and compliance analysis. 

The US market is especially sensitive to litigation exposure. This risk would apply to any organization with data exposure in the US.  As we have seen with recent cases in US courts, this exposure risk extends through a company’s supply chain irrespective of a company’s direct data exposure in the US market.

In light of the cyberlaw advantage, why would a customer of cybersecurity services, especially after suffering a cyberattack, leave open to litigation or regulatory risks all its errors and omissions when there are structural protections available from cyberlaw counsel?

More and more, Security Affairs is seeing interdisciplinary approaches to cyber defense, including economics, insurance, risk management, and emergency preparedness.  Adding the problem-solving dimensions of cyberlaw is a welcome addition.

A cyberlaw leader, Doug DePeppe of eosedge Legal, offered an analogy:

“Under the InfoSec ‘CIA Triad’, the objectives of confidentiality and integrity are protected by privacy-wrapping tools like encryption and network security technologies. With these technologies, we seek to maintain the privacy of data. Think of cyberlaw as another privacy wrapper enabled by an institution rather than a technology.”

The cyberlaw model is best introduced up-front during incident response planning and risk assessments.  Trusted advisory, a staple of the institution of law, is another benefit.  Additionally, the cyberlaw model is not limited simply to the delivery side of vendor services.  The entire cyber domain ecosystem can benefit, including in the production of cyber intelligence.

“Cyberlaw differentiation from the standard practice of law has generated interest from White Hats. For one, they often need legal guidance; but additionally, confidentiality enables trust building, legal landscape navigation, and prudent, law-abiding cyber operations. With so much uncertainty surrounding cyber intelligence, we have found that the institution of law is a trust-enabling institution that aids information sharing.”  said Doug DePeppe.

Security Affairs continues to monitor and bring news about emerging interdisciplinary approaches to cybersecurity.  A structural and privacy-enhancing dimension from cyberlaw seems to add an important Best Practice perspective to reduce cyber risk exposure.  

Pierluigi Paganini

(Security Affairs – Cyberlaw, privacy)