CEIC® 2015 began with a one-day CISO/CLO Summit that gathered security and legal chiefs to collaborate on emerging best practices in defending the enterprise, as well as an energetic CEIC welcome keynote from our president and CEO Patrick Dennis and Roger Angarita, our head of product development. Patrick talked about how the legal, security, and forensic investigation communities are blending together, both to collaborate and even to expand their own professional areas of responsibility. Our data is converging—and so are our professions—which is good news, since as we collaborate, we are turning the tide in the defense of our organizations, our citizens, and our economies.
Federal Agencies Tackling Cybercrime
At the CISO/CLO Summit, guest speaker Ed McAndrew of the Department of Justice said that the Sony attack included the first example of what he sees as an upcoming trend: the cyber bullying of corporations by nation-state threat actors and other hacker groups. Our Assistant General Counsel and Vice President of E-Discovery Chad McManamy led a panel that included U.S. Cybercrime Attorney McAndrew as well as Michael Succi of the Secret Service. Called “Tales from the Front Lines in the Fight Against Cybercrime,” the discussion focused on how the Department of Justice, Secret Service, and other federal agencies are tackling cyber crime, including everything from hacking and intellectual property theft and identity theft to any other type of crime that involves digital evidence.
Describing their work, McAndrew noted that federal law enforcement had made 5,490 cyber crime arrests in 2014, including suspects ranging from high-school grade hackers to some indicted for involvement in the Home Depot and Target cyber attacks.
Different hacking groups have varying motives, but they now include spying, theft, hacktivism, disruption and destruction of the organization, terrorism and extortion, and outright warfare. The good news is that the Department of Justice and other agencies are eager to work with organizations to capture evidence and help bring cyber criminals to justice, and have done so in recent years with notable success.
Proposed Changes to the Federal Rules of Civil Procedure (FRCP)
Daniel Lim of Shook, Hardy & Bacon led a panel, "Judicial Roundtable on Current E-Discovery Issues," with the Honorable Andrew Peck of the U.S. District Court of Southern New York and the Honorable Matthew Sciarrino, Jr., of the Kings County Supreme Court. Many evolving aspects of e-discovery were discussed. Of particular note were the proposed changes to the FRCP. One judge noted that the change to Rule 1 is primarily about efficiency. He made several recommendations, including gaining an organizational commitment to information governance to ease the e-discovery workflow, to make a record of any preservation decisions in case explanation is needed later, and to bring information technology (IT) and legal tech staffers into preservation discussions early to save time later in the process.
Also noted was the removal of the word “sanction” from FRCP Rule 37(e), which the judge said can eliminate most fear of sanction by a judge except when there is evidence that there was intent to deprive the harmed party of access to relevant ESI. He said, “The serious sanctions would then only come when you lie to the court.” Acting in good faith, documenting decisions, and working on a sound process that follows the latest EDRM and information governance workflows will stand any legal team in good stead.
Malware Labs Aplenty
In addition to the tracks aimed at corporate management, legal teams, and law-enforcement were some with highly focused sessions on incident response. These sessions were always full, and included “Rootkits, Exfil and APT: RAM Conquers All,” “EnCase® Cybersecurity Incident Response Walk-Through featuring Gh0st RAT,” “APT Attacks Exposed: Network, Host, Memory and Malware Analysis” with SANS' Rob Lee, Anuj Soni of Booz Allen Hamilton, Chad Tilbury of CrowdStrike, and Jake Williams of Rendition InfoSec.
We’ll have more blog posts summarizing the highlights and hot buttons of CEIC 2015, and we invite your thoughts and comments in the section below.