From: Just Security
In a speech yesterday to the annual Cybersecurity Law Institute, Assistant Attorney General Leslie Caldwell showed how far the Department of Justice has come in its dealings with the private sector on cybersecurity. Caldwell praised public-private collaboration on issues like botnet takedowns and highlighted recent outreach the DOJ’s Cybersecurity Unit has done to private sector groups. In particular, one recent event, cohosted by the Center for Strategic and International Studies, involved a discussion with security experts about “active defenses” deployed by companies. This discussion may trigger a very positive outcome: While reiterating that “hacking back” is problematic as a matter of both law and policy, Caldwell announced that DOJ’s Cybersecurity Unit is considering issuing guidance on the legality of various other defensive measures companies might want to take to protect their systems and networks.
***
However, Caldwell also made clear that the DOJ and its federal agency counterparts are not all about carrots. They’re also retaining the right to use sticks. Caldwell highlighted a statement on the FTC website declaring that as the FTC increasingly flexes its enforcement muscles with respect to data security, it will take into consideration whether a company has cooperated with law enforcement and “likely . . . view that company more favorably than a company that hasn’t cooperated.”
Leave a Reply