In light of the hacking allegations into the DNC’s and Hillary Clinton’s emails during the 2016 presidential election, I’ve been thinking about cybersecurity.
Throughout my career, I’ve focused on the use and protection of confidential information, and I’ve often wondered how to effectively prevent cyber-incursion. For nearly as long as I’ve practiced law, I thought that measures taken by the legal community seemed inadequate, because they were generally focused on mitigating liability after such an event occurs, rather than finding solutions to prevent breaches from happening in the first place.
On January 12, 2017, former NYC Mayor, Rudolph Giuliani, was named as an informal advisor to the Trump administration on cybersecurity. According to the Washington Post, Giuliani is tasked with finding solutions to cyber breaches in the private sector and advising the government on possible responses.
In January 2002, Giuliani Partners LLC, a management and security consulting business, was formed. In an interview granted to Marketwatch on January 29, 2016, Giuliani said his firm began “penetration-testing” its clients around 2004, 2005.
I recall when it became “best practices” in the industry to conduct these tests, which involve prophylactically attacking systems from the outside to identify vulnerabilities that hackers may exploit. However, I noted back then that penetration-testing failed to address preventing the occurrence of data breaches. To me, the true value of penetration-testing is derived when enterprises implement the tactical and strategic recommendations made by cybersecurity experts for how to address the issues discovered. But, what was not vulnerable yesterday may be vulnerable today. So, this is an ongoing challenge.
“Only by understanding technology and its vulnerabilities can policymakers successfully address online threats without creating new, more significant risks. In any cybersecurity discussions, policymakers must include technologists as well as the people whose safety and security are most directly affected,” Drew Mitnick, policy counsel at Access, told Gizmodo.
Given Rudy Giuliani’s background in traditional law enforcement and his early involvement in the cybersecurity consulting business, he may be helpful in managing these risks and advising enterprises about the “big picture.” I am concerned, however, that without partnering with cybersecurity experts who advise enterprises about the effective use of encryption and other new technologies, the war to protect data will likely rage on.