Investigating Insider Threats February 9, 2016 Jonathan Gannon, AT&T Brenda Morris, Booz Allen Hamilton Benjamin Powell, WilmerHale 1
Panelist Biographies Jonathan Gannon, AT&T, Executive Director & Senior Legal Counsel: Jonathan Gannon is an attorney in the legal department of AT&T, where he advises the company s network security group on security matters, including responses to cyber attacks, network design, security policies, and coordination with the private sector and the government. He also advises clients on Executive Branch initiatives and legislative proposals on cybersecurity matters. Prior to joining AT&T, Mr. Gannon worked in the National Security Division at the U.S. Department of Justice, where he assisted in a variety of counterterrorism, counterintelligence, and cyber investigations, and at a law firm in Washington, D.C. He is an adjunct professor at George Washington University and a Certified Information Privacy Professional (CIPP/US). He received his J.D. from Vanderbilt University and his B.A. from the College of the Holy Cross. Brenda Morris, Booz Allen Hamilton, Deputy General Counsel: Brenda Morris joined Booz Allen Hamilton in January 2013, after 25 years of investigations and courtroom experience as a Federal and State prosecutor, Ms. Morris leads the Investigations Unit within the Law Department that focuses on internal investigative activity, certain litigation management functions, and protection of Booz Allen Hamilton s proprietary information. The Unit includes experienced attorneys, investigators and legal analysts who investigate potential violations of the Procurement Integrity Act, the Federal Corrupt Practices Act (FCPA) and other laws relating to contractor integrity, labor time charging issues, inadvertent information exposure and other incidents that could possibly require disclosure to the government, as well as potential violations of Booz Allen Hamilton s core values. The Unit draws upon the expertise of other Law Department practice groups on substantive legal matters and collaborates with other internal compliance functions, including regulatory compliance, information security, internal audit, security serves and human resources. Ms. Morris is an experienced litigator, specializing in white-collar fraud investigations. Before joining Booz Allen Hamilton, Ms. Morris served as Special Assistant to the Deputy Assistant Attorney General, and as the Principal Deputy Chief of the Public Integrity Section, Criminal Division, United States Department of Justice. Ms. Morris began her career as an Assistant District Attorney in the New York County District Attorney s Office, under District Attorney Robert Morgenthau. Ms. Morris has received numerous awards and recognition for her work, including the Assistant Attorney General s Award for Insuring Government Integrity, the Department of Justice, Internal Affairs Unit, and the Inspectors General Offices for the Department of State, the Environmental Protection Agency, and the General Services Administration. Benjamin Powell, WilmerHale, Partner: Benjamin Powell is a partner at WilmerHale where he co-chairs the firm s Cybersecurity, Privacy and Communications practice group. Mr. Powell is widely recognized as one of the country s top authorities on handling cybersecurity, data breach and related investigation matters. He is a leading attorney in handling complex investigation matters and national security issues, including matters involving the Defense Security Service and the Committee on Foreign Investment in the United States. He has counseled companies and handled sensitive investigations for many of the world s largest companies, including many of the most sensitive cybersecurity and data breach incidents in recent years. He has also represented clients in civil and criminal litigation involving privacy and surveillance issues at the state and federal level. Prior to joining WilmerHale, he was confirmed by the U.S. Senate to serve as General Counsel to the first three Directors of National Intelligence. He also served as Special Assistant to the President and Associate White House Counsel. He served as Law Clerk for Judge John M. Walker, Jr. on the United States Court of Appeals for the Second Circuit, and for Associate (Ret.) Justice Byron R. White and Associate Justice John Paul Stevens on the United States Supreme Court. Mr. Powell also served in the United States Air Force, worked at the Federal Bureau of Investigation, and served as the General Counsel to the Director of National Intelligence. Ben Powell can be contacted at Benjamin.Powell@wilmerhale.com or (202) 663-6770. 2
Agenda Unique Issues Regarding Insider Threat Programs Privacy Issues and Considerations Attorney-Client Privilege Whistleblowers Internal Investigations: Best Practices Audience Questions & Answers 3
Unique Issues Regarding Insider Threat Programs Classified networks and information Lack of clarity regarding regulatory framework National Industrial Security Program Operating Manual (NISPOM) Conforming Change #2 Size and source of data sets Potential intrusiveness Number of false positives with respect to data 4
Privacy Issues and Considerations Appropriate workforce notification Training and onboarding Policies and procedures Employee consent Banners User acknowledgements Control and use of data Handling personal data 5
Attorney-Client Privilege Importance of establishing privilege Role of the Office of the General Counsel in overseeing/managing an internal investigation Role of outside counsel in conducting an internal investigation Employee notification and consent with respect to interviews Effects on privilege Third-party reporting Defense Security Service Cognizant Security Agency Federal Bureau of Investigation Prime contractor 6
The Whistleblower Conundrum Distinguish whistleblowers from legitimate insider threat actors Avoid chilling legitimate whistleblower speech Ensure protected activity is not hindered Union organizing First Amendment considerations 7
Internal Investigations: Best Practices Training and Onboarding Adequately train new employees or those gaining access to classified information and networks Obtain employee consent to monitor data flows Educate employees on insider threats Oversight and Accountability Key organizational actors Human Resources Legal/Compliance/Ethics Business C-Suite executives IT Security Escalation within the organization It is not just the continuous monitoring of employees that matters, but continuous monitoring of your insider threat program to ensure compliance as well. 8
Internal Investigations: Best Practices continued Use of data sources and data feeds Retention of data Social media rules Governing law restrictions (e.g., ECPA, FCRA, HIPAA) International implications Transferring data overseas Conducting interviews outside the U.S. 9
Cybersecurity Information Sharing Act of 2015 SEC. 104(a) AUTHORIZATION FOR MONITORING. (1) IN GENERAL. Notwithstanding any other provision of law, a private entity may, for cybersecurity purposes, monitor (A) an information system of such private entity; (B) an information system of another non-federal entity, upon the authorization and written consent of such other entity; (C) an information system of a Federal entity, upon the authorization and written consent of an authorized representative of the Federal entity; and (D) information that is stored on, processed by, or transiting an information system monitored by the private entity under this paragraph. SEC. 106. PROTECTION FROM LIABILITY. (a) MONITORING OF INFORMATION SYSTEMS. No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the monitoring of an information system and information under section 104(a) that is conducted in accordance with this title. 10