As cyber attacks against U.S. companies move markets, drain tens of millions dollars from bank accounts, siphon off trade secrets, and threaten critical infrastructure, the mantra among government officials is: sharing (information) is caring. The government’s desire to increase information sharing on cyber intrusions with the private sector is at the heart of an executive order issued in February—and it was a point underscored at a New York City Bar Association event on Monday, when Mary Galligan, who is an FBI “cyber cop,” urged corporations to come forward with information about attacks on their networks.
So what can and should companies expect when they ring up the government and report a problem? What sort of legal issues are going to arise? For this, we turn to Galligan’s afternoon panel on cyber crime, where she was accompanied by attorneys in private practice, a law professor, the head of a computer forensics firm, and the chief of the Manhattan District Attorney’s investigations division.
First, as Ed Stroz, of the investigative firm Stroz Friedberg, explained, it’s important to recognize that you could be attacked by different categories of attackers, including state-sponsored actors, organized criminal groups, individual hackers or “hacktivists,” and company insiders. Galligan added a group to the list: terrorists.