'Cybersecurity is a journey,' and lawyers' knowledge must be up to date, ABA House says
The House of Delegates approved a trio of cybersecurity-related resolutions that urge lawyers and organizations to tighten cybersecurity measures and urge education about emerging technologies. One resolution was focused on Congress and federal agencies, another on lawyers and law firms, and the third on law schools.
All three were submitted by the ABA Cybersecurity Legal Task Force.
In addition, these resolutions aim “to provide the policy needed for the ABA president to speak on cyber issues and the ABA to advocate in Congress,” said Lucy Thomson, a delegate for the District of Columbia Bar, as she introduced Resolution 608. The resolution was co-sponsored by the Standing Committee on Law and National Security; the Center for Human Rights; and the Section of Environment, Energy and Resources.
Resolution 608 urges Congress to pass legislation establishing cybersecurity as a legal duty for organizations; and it urges federal agencies to harmonize regulations, incentivize developers to enhance cybersecurity, and promote resources and services to help users increase resilience against threats. The goal is to enable quicker recovery from cyberattacks, according to the report accompanying the resolution.
“Why am I so adamant to have your attention?” asked Laurel Bellows, a delegate from Illinois and a past president of the ABA. “We have a direct response now with your supporting these resolutions—the ability to lobby in Congress and the White House and at all levels nationally and internationally to protect the cybersecurity threats that are inherent in our lives and in the practice of law today.”
Follow along with the ABA Journal’s coverage of the 2023 ABA Annual Meeting here.
Resolution 609 encourages lawyers to stay on top of new and emerging technologies, urging them to protect the data, products and systems of their firms, clients and vendors.
Most cyberattacks are the result of human error, with 90% of vulnerabilities stemming from phishing emails, according to the ABA TechReport 2022.
“Lawyers’ own behavior and knowledge are critical in this area,” said Adriana Luedke, a member of the Cybersecurity Legal Task force and a delegate for the Section of Intellectual Property Law, as she introduced the resolution. “In this environment of increasing threats, it is key to learn and take action.”
Ruth Hill Bro, a special adviser the Cybersecurity Legal Task Force, discussed how the need for education is ongoing.
“Cybersecurity is a journey, and you never really arrive,” she said. “We do have obligations to remain abreast of these threats that are happening and to respond to them.”
The Standing Committee on Law and National Security, the Center for Human Rights, and the Antitrust Law and Science and Technology Law sections co-sponsored the resolution.
Resolution 610 encourages law schools to offer cybersecurity courses, a nod to the cybersecurity risks that new lawyers will face. The goal is to prevent and address threats, as well as highlight lawyers’ ethical obligations to stay informed of evolving threats. The Standing Committee on Law and National Security, the Center for Human Rights and the Section of Science and Technology Law co-sponsored the resolution.
These resolutions update the five guiding principles approved by the ABA Board of Governors in 2012.
ABAJournal.com: “BigLaw firms are targeted in cyberattacks and hacking lawsuits “
ABAJournal.com: “Texas judicial conduct system and Washington bar association grapple with cyberattacks”