class="post-template-default single single-post postid-17308 single-format-standard wp-custom-logo wp-embed-responsive link-highlight-style2 default-layout rishi-has-blocks rightsidebar rt-loading"itemscope="" itemtype="http://schema.org/Blog" data-link="type-2" data-forms="classic" data-prefix="single_blog_post" data-header="type-1:sticky" data-footer="type-1" itemscope="itemscope" itemtype="https://schema.org/Blog" >

If U.S. Essential Infrastructure Is Brought Down, Is Your Law Firm Prepared? – Above the Law

Ed. word: This is the newest within the article collection, Cybersecurity: Tips From the Trenches, by our associates at Sensei Enterprises, a boutique supplier of IT, cybersecurity, and digital forensics companies.

Can U.S. Critical Infrastructure Really Be Brought Down?
That’s the preliminary query. At one time, and never so way back, we weren’t overly nervous about our susceptibility to a serious takedown of U.S. important infrastructure. But these days are gone.

On October 28, the Washington Post reported that the United States is extremely weak to overseas cyberattacks designed to break the financial system, and must do much more to defend towards them. This is the conclusion of a suppose tank report from the Foundation for Defense of Democracies.

The report concludes that our authorities has a blind spot on the subject of cyber financial warfare that might “cause a catastrophic strategic surprise” and destabilize U.S. important infrastructure.

What can we do most successfully? Prepare. And sure, that applies to regulation companies too.

Convincing Law Firms of the Problem
Convincing regulation companies concerning the urgency of this drawback would take without end as a result of there’s a lot proof, however let’s give attention to a couple of nuggets from the Washington Post article.

Moscow has confirmed its potential to make use of its surveillance dragnet to pick out U.S. targets. It’s additionally confirmed itself very able to penetrating U.S. important infrastructure.

You could recall the SolarWinds 2019 hack by Russia, when attackers penetrated an IT firm and broke into the networks of its prospects, together with 9 federal businesses and greater than 100 firms. How a lot better do you suppose Russian’s assault capabilities are actually? The betting cash is that they’re very, superb.

Don’t neglect about China, which has additionally confirmed itself gifted at penetrating U.S. networks. Other, however considerably lesser gamers, embrace North Korea and Iran.

Cyberwar could fall simply wanting armed battle, however it may very well be catastrophic in its affect. While it’s usually mentioned that the U.S. and its allies should forestall their enemies from changing into increasingly in a position to take down important infrastructure, there’s a clear consensus that we and our allies will not be at that time now.

Law Firms Should Hope for the Best however Prepare for the Worst

So, what constitutes important infrastructure? The Federal Emergency Management Agency (FEMA) says important infrastructure consists of folks, property, programs, and networks, whether or not bodily or digital, so very important to the United States that their incapacity or destruction could have a debilitating affect on safety, the nation’s financial system, public well being or security, or a mix of these issues.

The sheer variety of disasters is nearly unimaginable. But one should start someplace. So let’s think about that the ability is out, not simply regionally however all through the nation. There was a time after we believed that state of affairs was not potential, however we’re loads much less sure now.

What if all the foremost banks and Wall Street are taken down? Or the web, our water programs, hospitals, protection businesses, the navy, the federal authorities, state governments, transportation, main firms, hospitals? The checklist goes on and on.

Defending Against the Unthinkable for Law Firms
We will not be going to deal with the problems confronted by the Am Law 100. They have hundreds of thousands of {dollars} to throw at Incident Response Plans (IRPs) and cybersecurity yearly. Not so for the solo/small/mid-sized companies. Most of these companies haven’t but even addressed hurricanes, tornados, floods, energy outages and the like. 60% of regulation companies lack any IRP in keeping with the American Bar Association’s 2021 survey.

In the case of a profitable assault on our important infrastructure, your regulation agency and your purchasers could face innumerable difficulties. How will you pay your staff if the banks are taken out? If communications are at concern, how will you talk together with your purchasers and your staff? If your purchasers are a part of the important infrastructure of the nation, what particular issues should you be ready for? If the web is down, how will you operate?

Disaster Planning: It’s Not Just for Hurricanes
The header above is the title of a latest Legal Talk Network Digital Edge podcast creator Nelson and co-host Jim Calloway recorded with Shawn Holahan, Practice Management Counsel and Loss Prevention Counsel for the Louisiana State Bar Association. She lived via shedding entry to her residence and her workplace throughout Hurricane Katrina in 2005. So she is aware of loads about conventional disasters and has continued to evolve her experience as our world and its risks have change into extra advanced.

We counsel listening to the podcast as a result of she consists of so many issues it would be best to embrace in a regulation agency incident response plan – and her recommendation is spot on. But listed here are a number of the chestnuts that notably appealed to us (as a result of they’re so usually ignored).

  • Every regulation agency wants a “NO TECH” binder (she provides an inventory of what needs to be within the binder).
  • Have a cash plan – money is king in emergencies if banks are closed, there isn’t any web, and so on.
  • Review your insurance coverage protection contemplating a number of the potentialities we’ve listed above and put together to substantiate your claims.
  • Have alternative routes of reaching your staff and purchasers.
  • Contact courts and opposing counsel as wanted.
  • Digitize and again up all shopper recordsdata – have alternate strategies of accessing them.
  • Take care of household, staff and purchasers – in that order.
  • Triage points “like a beast” and prioritize those with the largest affect.
  • Get your disaster message out.
  • “Stay Zen” – particularly when these round you’re shedding it.
  • Remember that that disaster restoration isn’t a dash however a marathon.

We would add to the checklist – don’t delay in reviewing/revising your incident response plan. And if you happen to don’t have one, hop to it!!!

Final Words from Benjamin Franklin:
“By failing to prepare, you are preparing to fail.”


Sharon D. Nelson (snelson@senseient.com) is a working towards legal professional and the president of Sensei Enterprises, Inc. She is a previous president of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is a co-author of 18 books printed by the ABA.

John W. Simek (jsimek@senseient.com) is vp of Sensei Enterprises, Inc. He is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and a nationally recognized professional within the space of digital forensics. He and Sharon present authorized expertise, cybersecurity, and digital forensics companies from their Fairfax, Virginia agency.

Michael C. Maschke (mmaschke@senseient.com) is the CEO/Director of Cybersecurity and Digital Forensics of Sensei Enterprises, Inc. He is an EnCase Certified Examiner, a Certified Computer Examiner (CCE #744), a Certified Ethical Hacker, and an AccessData Certified Examiner. He can be a Certified Information Systems Security Professional.


CRM Banner

Leave a Reply

Your email address will not be published. Required fields are marked *