Guest: Jim Dempsey, Senior Policy Advisor, Stanford Program on Geopolitics, Technology and Governance [@FSIStanford]; Lecturer, UC Berkeley Law School [@BerkeleyLaw]
On LinkedIn | https://www.linkedin.com/in/james-dempsey-8a10a623/
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
___________________________
Episode Notes
Join Sean Martin and Marco Ciappelli for a dynamic discussion with Jim Dempsey as they unearth critical insights into the rapidly evolving field of cybersecurity law. Jim Dempsey, who teaches cybersecurity law at UC California Berkeley Law School and serves as Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance, shares his extensive knowledge and experience on the subject, providing a wealth of information on the intricacies and developments within this legal domain.
Cybersecurity law is a relatively new but increasingly important area of the legal landscape. As Dempsey pointed out, the field is continually evolving, with significant strides made over the past few years in response to the growing complexity and frequency of cyber threats. One key aspect highlighted was the concept of 'reasonable cybersecurity'—a standard that demands organizations implement adequate security measures, not necessarily perfect ones, to protect against breaches and other cyber incidents. This concept parallels other industries where safety standards are continually refined and enforced.
The conversation also delved into the historical context of cybersecurity law, referencing the Computer Fraud and Abuse Act of 1986, which initially aimed to combat unauthorized access and exploitation of computer systems. Dempsey provided an enlightening historical perspective on how traditional laws have been adapted to the digital age, emphasizing the role of common law and the evolution of legal principles to meet the challenges posed by technology.
One of the pivotal points of discussion was the shift in liability for cybersecurity failures. The Biden administration's National Cybersecurity Strategy of 2023 marks a significant departure from previous policies by advocating for holding software developers accountable for the security of their products, rather than placing the entire burden on end-users. This approach aims to incentivize higher standards of software development and greater accountability within the industry.
The discussion also touched on the importance of corporate governance in cybersecurity. With new regulations from bodies like the Securities and Exchange Commission (SEC), companies are now required to disclose material cybersecurity incidents, thus emphasizing the need for collaboration between cybersecurity teams and legal departments to navigate these requirements effectively.
Overall, the episode underscored the multifaceted nature of cybersecurity law, implicating not just legal frameworks but also technological standards, corporate policies, and international relations. Dempsey's insights elucidated how cybersecurity law is becoming ever more integral to various aspects of society and governance, marking its transition from a peripheral concern to a central pillar in protecting digital infrastructure and information integrity. This ongoing evolution makes it clear that cybersecurity law will continue to be a critical area of focus for legal professionals, policymakers, and businesses alike.
Top Questions Addressed
About the Book
First published in 2021, Cybersecurity Law Fundamentals has been completely revised and updated.
U.S. cybersecurity law is rapidly changing. Since 2021, there have been major Supreme Court decisions interpreting the federal computer crime law and deeply affecting the principles of standing in data breach cases. The Securities and Exchange Commission has adopted new rules for publicly traded companies on cyber incident disclosure. The Federal Trade Commission revised its cybersecurity rules under the Gramm-Leach-Bliley Act and set out new expectations for all businesses collecting personal information. Sector-by-sector, federal regulators have issued binding cybersecurity rules for critical infrastructure, while a majority of states have adopted their own laws requiring reasonable cybersecurity controls. Executive orders have set in motion new requirements for federal contractors.
All these changes and many more are addressed in the second edition of Cybersecurity Law Fundamentals, published April, 2024. The second edition is co-authored by John P. Carlin, partner at Paul Weiss and former long-time senior official of the U.S. Justice Department, where he was one of the architects of current U.S. cybersecurity policy.
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Cybersecurity Law Fundamentals (Book): https://cybersecuritylawfundamentals.com/
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc