Cybersecurity Awareness Month

Yan Luo advises clients on a broad array of regulatory matters in connection with cybersecurity and data protection rules in China. With previous work experience in Washington, DC and Brussels before relocating to Beijing, Yan has fostered her government and regulatory skills in all three capitals. She is able to strategically advise international companies on Chinese regulatory matters and represent Chinese companies in regulatory reviews in other markets.

Over the past two years, Yan has provided practical advice to clients on nearly all aspects of China’s Cybersecurity Law. She continues to help them navigate the complex and quickly evolving regulatory regime, including on issues arising out of personal information protection, cross border data transfers, and various cybersecurity requirements.

What provisions of China’s Cybersecurity Law have caused the greatest concern for U.S. companies? What advice do you have for these companies when it comes to compliance?
Continue Reading National Cybersecurity Awareness Month Q&A with Yan Luo

Ashden Fein’s Cybersecurity practice focuses on counseling clients who are preparing for and responding to cyber-based attacks on their networks, assessing their security controls and practices for the protection of data and systems, developing and implementing cybersecurity programs, and complying with federal and state regulatory requirements. Ashden has specifically been the lead investigator and crisis manager for multiple complex cyber and data security incidents, including data security breach matters involving millions of affected consumers, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, and destructive attacks.

Before joining the firm, Ashden served for thirteen years in the United States Army, first as a military intelligence officer and later as a Major in the Judge Advocate General’s Corps. While on active duty, he specialized as a military prosecutor, gaining significant experience investigating and prosecuting crimes related to national security and cybersecurity. In addition, Ashden served as the Chief of the Criminal Division for a command of 17,000 soldiers and as a legal advisor for an Army Aviation organization deployed in Iraq. He currently serves as a Judge Advocate in the U.S. Army Reserve.

While in the Army, you specialized as a military prosecutor where you gained significant experience in cybersecurity. For example, you were the lead trial attorney in the prosecution of Private Chelsea Manning for the unlawful disclosure of classified information to WikiLeaks. How did your time in the Army help inform your work on cybersecurity matters in private practice?
Continue Reading National Cybersecurity Awareness Month Q&A with Ashden Fein

Kristof Van Quathem, special counsel in Covington’s Brussels office, advises clients on data protection, data security, and cybercrime matters. He has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies, ranging from compliance advice on the adopted laws, regulations, and guidelines, to the representation of clients in non-contentious and contentious matters before data protection authorities.

Kristof assists many international companies in their preparation for the EU General Data Protection Regulation (“GDPR”). This includes strategic advice on governance and data management, as well as hands-on assistance with writing policies, procedures, and agreements.

What are some of the major cybersecurity components of the GDPR and the NIS Directive? What tips can you provide to U.S. companies when preparing for these changes?
Continue Reading National Cybersecurity Awareness Month Q&A with Kristof Van Quathem

In the immediate aftermath of discovering a cybersecurity incident, companies often face many questions and few answers amidst a frenzy of activity.  What happened?  What should we do now?  What legal risks does the company face, and how should it protect against them?  In this fast-paced environment, it can be difficult to coordinate the activity across an incident response.  Well-intentioned actions by incident responders can easily expose the company to liability, regulator scrutiny, or a waiver of applicable legal privileges.

Instead of waiting to make critical incident response decisions in the “fog of war” that often occurs during the fast-paced events following the detection of a cybersecurity incident, organizations should think about how to respond before a cybersecurity incident actually occurs.  Responding to a cyberattack can involve a wide variety of different stakeholders such as IT and information security personnel, forensic analysts and investigators, legal counsel, communications advisors, and others.  Advance planning, including the development and execution of an incident response plan, allows a company to coordinate activities across a diverse array of different incident response work streams, and test that coordination.  Below, this post describes some key steps companies can take to respond to a cybersecurity incident in a swift, efficient, and effective manner.
Continue Reading Preparation and Practice: Keys to Responding to a Cyber Security Incident