In honor of National Cybersecurity Awareness Month, we have connected with Roger Nebel— an IMS Elite Expert in the cybersecurity industry— to learn more about how cybersecurity is affecting business litigation, and what attorneys should be aware of regarding cybersecurity.

IMS: What should attorneys be aware of for cybersecurity in their own practices?

Nebel: “Email is not secure. A secure reading room is better, especially with good auditing. Strong barriers at the borders with the Internet are necessary. Strong access controls inside the border are also necessary. As are near-continuous audits. I recently found an earlier draft of an opposing expert report publicly on google docs that had an opinion that did not favor the expert or his client. Oops.”  

IMS: How is the cybersecurity industry affecting business litigation? What are your forecasts on the cybersecurity litigation front?

Nebel: “Patents and trade secrets raise the barriers of entry and as [the] industry consolidates I see a rise in litigation related to those. Patents of security technology are expanding to defend the market space and startups are evolving novel products that attempt to solve problems and get around those barriers. Trade secrets make it more difficult to change jobs as courts decide between ‘know-how’ and plain old stealing.”

IMS: How cyber-secure are smart contracts?

Nebel: “It depends. There has been an increase in electronically signed documents being valid for real estate contracts and certain disclosures, but not for others. Closing and recording still requires so-called wet signatures and physical proof of identity. In security we talk about the characteristic of non-repudiation - a party can't deny they took part in a transaction and signed the document. With Docusign and others the proof of identity is tenuous at best and they've recently been used in a phishing campaign. Contract signing is only as strong as the proof of identity used to validate the parties. So you have to look at the process and decide how secure it is and how much risk you're willing to accept. To the extent it depends on an out-of-band process by a trusted third party, the better. Passports and driver's licenses are an example. Target was broken into through their HVAC contractor. Supply chain issues are very important.“

IMS: How can attorneys and/or corporations minimize cybersecurity litigation risks?

Nebel: “Be careful that you are not violating someone else's patent without an agreement. Do not encourage people that have worked for the competitor to use trade secrets of the former employer. Conduct a risk assessment of all Intellectual Property (IP) to make sure it is yours.”  

About Roger Nebel:

Roger Nebel is a distinguished information security and regulatory compliance practice leader and experienced technology subject matter expert. He has over 30 years of direct technical work, consulting, progressive management responsibilities, executive and board-level positions, and special assignments in the federal and commercial IT and infosec markets.

He has authored numerous expert reports on technology and provided consulting expertise and testimony for complex software, intellectual property, and information security matters. He has served as the Independent Consultant/Monitor on settlements before the SEC, FTC, NYSE, and FINRA as well as Non-Prosecution Agreements with the DOJ.

Mr. Nebel has held executive responsibility for the successful launch of packaged application-level security professional services offerings at three companies and led technical due diligence teams for mergers and acquisitions.

He is a frequent public speaker on the challenges of managing information security in the Internet-facing application era. With global theater-level intelligence information experience, Mr. Nebel has led or collaborated on the development or assessment of hundreds of IT systems and projects.