Ashden Fein’s Cybersecurity practice focuses on counseling clients who are preparing for and responding to cyber-based attacks on their networks, assessing their security controls and practices for the protection of data and systems, developing and implementing cybersecurity programs, and complying with federal and state regulatory requirements. Ashden has specifically been the lead investigator and crisis manager for multiple complex cyber and data security incidents, including data security breach matters involving millions of affected consumers, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, and destructive attacks.

Before joining the firm, Ashden served for thirteen years in the United States Army, first as a military intelligence officer and later as a Major in the Judge Advocate General’s Corps. While on active duty, he specialized as a military prosecutor, gaining significant experience investigating and prosecuting crimes related to national security and cybersecurity. In addition, Ashden served as the Chief of the Criminal Division for a command of 17,000 soldiers and as a legal advisor for an Army Aviation organization deployed in Iraq. He currently serves as a Judge Advocate in the U.S. Army Reserve.

While in the Army, you specialized as a military prosecutor where you gained significant experience in cybersecurity. For example, you were the lead trial attorney in the prosecution of Private Chelsea Manning for the unlawful disclosure of classified information to WikiLeaks. How did your time in the Army help inform your work on cybersecurity matters in private practice?

Answer: 

To fully investigate an insider threat who gained access to data across multiple enterprises, I had to develop an expertise in areas that are relevant to the issues faced by the firm’s clients today.

First, our team worked side-by-side with digital forensic investigators every day for nearly fifteen months to understand the different artifacts that existed and how they related to each other. Piecing together these artifacts—ranging from exploited digital images to decrypted memory drives to firewall and Internet search logs—allowed us to build a clear picture of what illicit activities took place that were attributable to Private Manning. Similarly, for cybersecurity attacks, it is critical for counsel to understand the evidence collected and push forensic firms and IT security departments to ensure all reasonable leads are investigated or a defensible judgment is made not to pursue such leads.

Second, to understand the evidence, I had to immerse myself in the different networking and cybersecurity technologies within the Department of Defense and those technologies generally leveraged by attackers on the Internet and dark web. Without this technical understanding, it would have been impossible to develop a deep understanding of the artifacts described above and to translate expert testimony from digital forensic investigators so that it could be easily understood by a trier of fact. In private practice, we routinely advise clients on the legal risks involved with deploying certain technologies, or making configuration changes to existing technology, which may impact regulatory compliance or potentially violate the law. Having an in-depth understanding of such technologies is crucial to providing advice that reasonably anticipates potential issues.

Third, our team had to develop close working relationships with many law enforcement and intelligence community organizations to assist in the investigation and the coordination to use classified information, including witness testimony, at trial. These relationships were vital in efficiently navigating the defense and intelligence interagency to receive appropriate approvals and support. After a cybersecurity incident, many clients find themselves voluntarily notifying different federal and state entities, including pursuant to DoD mandatory disclosure requirements covering defense contractors, or receiving information requests related to an incident. In those cases, having experience working with such government organizations with our government contracting team has benefited our clients.