The Unrelenting Cybersecurity Battle: Five Years of Evolving Threats and Controls
March 29, 2022 - 10:00am to 12:30pm
10:00 – 10:15: Introductory Remarks
Justin Shibayama Herring is an Executive Deputy Superintendent at the New York Department of Financial Services (DFS), where he leads the Cybersecurity Division. The Cybersecurity Division focuses on protecting consumers and industry from cyber threats, and is the first of its kind to be established at a banking or insurance regulator. The Division oversees all aspects of DFS’s cybersecurity regulation, including enforcement, examinations, and guidance.
Prior to joining DFS in 2019, Mr. Herring served for nine years as Assistant United States Attorney in the Districts of New Jersey and Maryland. Most recently, he served as the Chief of the New Jersey office’s first Cybercrime Unit. He led the prosecution of sophisticated cybercrimes targeting corporations, financial institutions, accounting firms and government agencies. He also prosecuted and supervised white-collar cases involving investment fraud, stock manipulation, money laundering, insider trading, and corporate embezzlement.
Mr. Herring graduated from the University of Chicago Law School with Honors and received a B.A. from Swarthmore College. After law school, he clerked for Chief Judge Danny J. Boggs on the U.S. Court of Appeals for the Sixth Circuit.
10:15 – 11:15: Panel – The Future of Cybersecurity Regulation: DFS and Beyond
For Justin's background information, please see the Introductory Remarks section above.
Luke Dembosky co-chairs Debevoise & Plimpton’s global Data Strategy and Security practice. He advises companies on managing cyber risks, responding to cyber incidents, and handling related internal investigations and regulatory defense. Mr. Dembosky is ranked among the leading privacy and data security attorneys by Chambers USA and Chambers Global, where clients note that he is “calm, methodical and extremely thoughtful,” and that “he might be the most knowledgeable lawyer I have ever met.” He is also ranked by The Legal 500 US as among a select group of “Leading Lawyers” on data privacy and protection. Mr. Dembosky was named by the National Law Journal to its list of “Cyber Security Trailblazers” and by Cybersecurity Docket to its “Incident Response 40” – the 40 “best and brightest data breach response lawyers.”
Mr. Dembosky joined Debevoise in March 2016 after serving as Deputy Assistant Attorney General for National Security at the U.S. Department of Justice. In this capacity, he oversaw all national security cyber cases and was the first to manage a new “National Asset Protection” portfolio covering cybersecurity, economic espionage, export control and foreign investment review matters, giving him responsibility over a wide range of technology- related threats. As DAAG, Mr. Dembosky also oversaw the National Security Cyber Specialists network of prosecutors throughout the United States, along with the Foreign Investment Review Staff. He regularly represented DOJ and the Federal Bureau of Investigation in the Committee on Foreign Investment in the United States and in review of international telecommunications licensing matters.
Mr. Dembosky has been involved in leading the DOJ’s response to many of the largest cyber incidents in recent years, serving as the senior DOJ official on the Target, Sony Pictures, Home Depot, Anthem and OPM breaches, among many others. He also received the Attorney General’s Distinguished Service Award for leading the operation to dismantle the GameOver Zeus botnet that caused hundreds of millions of dollars in losses to the U.S. financial sector.
Mr. Dembosky has been a regular advisor to the senior leadership of the DOJ, FBI, Secret Service, National Security Council and other agencies regarding major cyber cases and related legal and policy issues. He participated in the negotiation of a 2013 cyber accord with Russia and the historic 5-point agreement signed by President Obama and President Xi Jinping of China in 2015 and has co-represented the DOJ in cyber discussions at the United Nations.
From March 2013 to October 2014, Mr. Dembosky served as Deputy Chief for Litigation in the Computer Crime and Intellectual Property Section of the Department of Justice, where he supervised all cybersecurity and intellectual property crime prosecutions by the 35 attorneys in the section. From fall 2010 to spring 2013, he served as the Department of Justice’s representative at the U.S. Embassy in Moscow. There, he managed the Department of Justice’s transnational crime portfolio at the embassy, represented the United States in high-level diplomatic engagements with Russia and other countries, advised the Ambassador and other senior U.S. officials and worked to build international cooperation on cyber, intellectual property and other matters.
Before joining the DOJ, Mr. Dembosky was a litigation associate with two law firms from 1996 to 2002 and served as a law clerk to the Hon. Richard L. Nygaard of the U.S. Court of Appeals for the Third Circuit from 1994 to 1995.
Mr. Dembosky is Co-Chair of the International Bar Association’s Cybersecurity Task Force, and was selected in 2020 to serve as a member of the New York Governor’s Cyber Security Advisory Board. He is Vice Chair of the Cybersecurity and Data Privacy Committee of the ABA’s Public Contracts Section, and formerly Co-Chair of the IBA’s Cybercrime Subcommittee. He previously served as Co-Chair of the Information Sharing and Analysis Organization Governance Working Group leading the development of internal governance guidance for ISAOs as part of the White House initiative to establish cybersecurity threat sharing platforms across industry.
He is admitted to the bars of Pennsylvania, Delaware and the District of Columbia.
Mr. Dembosky earned his J.D. cum laude from the University of Pittsburgh School of Law in 1994, where he was elected to the Order of the Coif and the Order of the Barristers and was managing editor of the University of Pittsburgh Law Review. He received his B.A. with High Distinction from Pennsylvania State University in 1990.
Joseph V. DeMarco is a founding partner of DeMarco Law, PLLC, where he specializes in litigation and counseling in complex matters involving electronic evidence, data privacy and security, cybercrime prevention and response, theft of intellectual property, computer intrusions, surreptitious surveillance, on-line fraud, and the lawful use of new technology. His years of experience in private practice and government handling the most difficult cybercrime investigations and disputes have made him one of the nation's leading experts on digital evidence, Internet crime, and the law of data privacy and security.
From 1997 to 2007, Mr. DeMarco served an Assistant United States Attorney for the Southern District of New York, where he founded and headed the Computer Hacking and Intellectual Property Program (CHIPs), a group of prosecutors dedicated to investigating and prosecuting violations of federal cybercrime laws and intellectual property offenses. Under his leadership, cybercrime prosecutions grew from a trickle in 1997 to a top priority of the United States Attorney's Office, encompassing all forms of criminal activity affecting e-commerce and critical infrastructures including computer hacking crimes; transmission of Internet worms and viruses; electronic theft of trade secrets; web-based frauds; and criminal copyright and trademark infringement offenses. As a recognized expert in the field, Mr. DeMarco was also frequently asked to counsel prosecutors and law enforcement agents regarding novel investigative and surveillance techniques and electronic evidence collection methodologies. In 2001, Mr. DeMarco served as a visiting Trial Attorney at the Department of Justice Computer Crimes and Intellectual Property Section in Washington, D.C.
Since founding his Firm in 2007, Mr. DeMarco has represented corporations and organizations in various industries in litigation, investigation and counseling matters concerning the law of data privacy and security.
In addition to his counsel practice, Mr. DeMarco has an active practice as an independent arbitrator and monitor. He has served as a Court-appointed receiver in a contested federal criminal case turning on disputed computer evidence, and has also served as an integrity monitor in criminal matters involving high-technology issues and digital evidence. He is on the National Roster of approved neutrals of the American Arbitration Association (AAA) and of Federal Arbitration, Inc. (FedArb), where he adjudicates disputes between businesses involving data privacy, high-technology, and related legal issues.
Since 2002, Mr. DeMarco has served as an adjunct professor at Columbia Law School, where he teaches the upper-class Internet and Computer Crimes seminar focusing on, among other things, federal criminal investigations and the novel challenges posed by electronic search and seizure issues. He has spoken throughout the world on electronic evidence preservation and collection in criminal cases, digital investigations, cybercrime, e-Commerce, and IP enforcement, including at the Practicing Law Institute (PLI), the National Advocacy Center, and the FBI Academy in Quantico, Virginia. He has also served as an instructor on cybercrime law to judges at the New York State Judicial Institute.
Prior to joining the United States Attorney's Office, Mr. DeMarco was a litigation associate at Cravath, Swaine & Moore, where he concentrated on intellectual property, antitrust, and securities litigation. Between law school and Cravath, Mr. DeMarco served as a Law Clerk to the Honorable J. Daniel Mahoney of the United States Court of Appeals for the Second Circuit.
Mr. DeMarco holds a J.D. cum laude from New York University School of Law where he was an Articles Editor of the NYU Law Review and a member of the Order of the Coif. He received his B.S.F.S. summa cum laude from the School of Foreign Service at Georgetown University. He is currently a member of several bar and professional associations, including the:
- International Bar Association (Technology Committee)
- International Association of Korean Lawyers (Member, Board of Directors)
- Federal Bar Council
- New York State Bar Association, Commercial and Federal Litigation Section (Co-chair, Internet and IP Committee, 2009-present)
- New York City Bar Association (past Chair, Information Technology Committee)
Mr. DeMarco is a Martindale-Hubbell AV-rated lawyer for Computers and Software, Litigation and Internet Law, and is listed in Chambers USA: America’s Leading Lawyers for Business in Privacy and Data Security law. He has been named as a “SuperLawyer” in Intellectual Property Litigation. He is a member of the Professional Editorial Board of the Computer Law & Security Review; serves on the Board of Advisors of the Center for Law and Information Policy at Fordham University School of Law.
Mr. DeMarco has received numerous professional awards, including the U.S. Department of Justice Director’s Award for Superior Performance and the Lawyer of Integrity Award from the Institute for Jewish Humanities.
Judith H. Germano is an internationally recognized thought leader on cybersecurity governance and privacy issues and an experienced trial attorney specializing in complex civil, criminal and regulatory-compliance matters. A former federal prosecutor for 11 years, Judi founded GermanoLaw LLC, a boutique law firm specializing in cybersecurity, data privacy, complex fraud and other financial investigations, and regulatory-compliance issues. Judi is a Distinguished Fellow at NYU’s Center for Cybersecurity, Senior Fellow at NYU’s Center on Law & Security, Professor in NYU’s Masters in Cybersecurity Risk and Strategy program, and an Adjunct Professor at NYU School of Law and NYU Stern School of Business. Judi leads NYU’s Cybersecurity Leaders Roundtable Series and Chairs NYU’s Women Leaders in Cybersecurity Programming.
Judi is an Expert Industry Advisor of TruePic, a leading photo and video verification platform, and serves on the National Advisory Board of the Advanced CyberSecurity Center (ACSC) and Faculty Advisory Board of the Volatility and Risk Institute.
Previously, as Chief of Economic Crimes at the U.S. Attorney’s Office for the District of New Jersey, Judi supervised and prosecuted complex criminal cases of national and international impact, involving fraud, cybercrime, identity theft, corruption, export enforcement and national security.
Judi is a contributing author of two books, and published numerous articles and whitepapers including, among others: AWWA’s Report on Cybersecurity Risk & Responsibility in the Water Sector; Cybersecurity Partnerships: A New Era of Collaboration; Third-Party Cyber Risk & Corporate Responsibility; and After the Breach: Cybersecurity Liability Risk.
11:15 – 11:20: Break
11:20 – 11:30: Modernizing Cybersecurity Supervision
William Peterson is the Assistant Deputy Superintendent of Cybersecurity Supervision at the New York Department of Financial Services (DFS). He manages the examination teams for the Cybersecurity Division.
As an Assistant Deputy Superintendent, Mr. Peterson supervises DFS-regulated entities on IT, Cybersecurity, and Part 500 compliance. Mr. Peterson also is an IT examiner instructor for the Conference of State Bank Supervisors. He has over 15 years of cybersecurity experience in the financial services and healthcare industries, having worked as a cybersecurity engineer and information security officer.
Mr. Peterson graduated from Siena College and has a graduate certificate in Information Assurance from Regis University. He also holds several industry certifications from Information Systems Audit and Control Association (ISACA), CompTIA, Cisco, and Microsoft.
11:30 – 12:30: Panel - The Key Cyber Risks of 2022
Robert Francis joined New York State Department of Financial Services (DFS) as the Chief Information Security Officer in early 2020. Before joining DFS, Robert was the Head of Cybersecurity Operations at Santander, responsible for cyber threat intelligence, security engineering, security monitoring, and incident response for North America. Prior to Santander, Robert was a commissioned bank examiner with the Federal Reserve Bank of New York, responsible for providing supervisory and regulatory oversight to systemically important financial institutions. Robert also held positions in information security and counterintelligence with the Department of Defense, the U.S. Capitol Police, and the U.S. Army. At DFS, Robert is responsible for leading the information security program to ensure the appropriate identification, mitigation, and management of technology risk.
Supervisory Special Agent (SSA) Kachhia-Patel has over 17 years of experience as an FBI Special Agent. During his first seven years, SSA Kachhia-Patel handled foreign counterintelligence and insider threat matters. SSA Kachhia-Patel, intimately worked Operation Ghost Stories and was responsible for the arrest of the Russian Illegal Anna Chapman. Over the last seven years, SSA Kachhia-Patel has focused his attention on nation state hacking efforts through field work and program management from FBI Headquarters. Notably, SSA Kachhia-Patel helped to manage large intrusions including the Sony Pictures destructive malware attack and healthcare PII intrusions to name a few. Currently, SSA Kachhia-Patel manages a team investigating nation state sponsored computer network exploitation and attacks.
Erez Liebermann is co-chair of the U.S. Data Solutions, Cyber and Privacy group at Linklaters, LLP. He is recognized as a leading cybersecurity and data privacy lawyer, together with having deep experience in government investigations and litigation and a technical background as an aerospace engineer.
Erez advises major businesses on a wide range of cybersecurity and privacy legal, policy and investigative matters, including incident response, privacy breaches and intellectual property theft. He has led incident response and tabletop exercises around the world, including in Japan, Korea, Taiwan, Argentina, Brazil, the United Kingdom and the United States.
Before joining Linklaters, Erez was Prudential Financial’s chief counsel on cybersecurity and privacy in which capacity he built one of the first cybersecurity, privacy and data legal teams in a Fortune 500 company and a global cyber investigative team.
As a federal prosecutor, Erez spent 10 years investigating and prosecuting global cyber and white collar crimes. As Deputy Chief of the United States Attorney’s Office for the District of New Jersey, Erez prosecuted and oversaw over 40 prosecutors handling white collar crimes, including cybercrime, terrorism, espionage, Foreign Corrupt Practices Act (FCPA) violations, securities fraud, and money laundering. As Chief of the Computer Hacking and Intellectual Property Section, and National Security Cyber Specialist, Erez led groundbreaking cyber prosecutions, including the largest credit card hacking case charged to date. He prosecuted the first hack and theft of internet telephony (VOIP), and the use of hacking to facilitate securities fraud, US v. Christopher Rad.
Tracie Grella is Global Head of Cyber at AIG. In this role, Ms. Grella is responsible for the company’s cyber-related products and services, ensuring AIG is creating solutions and delivering expertise to help Commercial and Consumer Insurance clients manage and mitigate this evolving risk.
Ms. Grella had previously served as Global Head of Professional Liability for Financial Lines for AIG, responsible for establishing underwriting strategy and implementing best practices in multiple lines of business including cyber liability, reputational risk insurance, architects and engineers liability, and specialty professional liability worldwide. Ms. Grella began her insurance career with AIG in 1995 as a professional associate in AIG’s
U.S. Executive Liability division, and subsequently held a number of positions of increasing responsibility, including President of National Accounts, Chief Underwriting Officer, and Division President for Professional Liability in the U.S. and Canada.
Ms. Grella is commonly called upon as an industry expert by insurance trade and mainstream publications on cyber liability and professional liability issues. Ms. Grella was named a 2015 Insurance Executive to Watch by Risk & Insurance and a 2014 Woman to Watch by Business Insurance. Ms. Grella holds a B.S. in finance from Rutgers University and holds a CPCU designation.