Jeh Johnson is Taking His Talents to Paul Weiss

Attention law firms with any sort of cybersecurity practice: the competition just got a bit stiffer.

Outgoing U.S. Secretary of Homeland Security Jeh Johnson has joined Paul, Weiss, Rifkind, Wharton & Garrison and is planning to build a law practice around the complex field of cybersecurity, an area he’s well versed in: Last year, Johnson co-authored the Oct. 7 report with FBI director James Comey that blamed Russia for deploying hackers to interfere with the U.S. election. And throughout his three-year tenure leading DHS, Johnson helped pass cybersecurity laws — including the Cybersecurity Act of 2015 — that allow the sharing of information related to hacks between the U.S. government and corporations.

Such information includes “threat streams, vulnerabilities, signatures of bad actors,” among other details, said Johnson.

“I will be advising clients on the virtue of information-sharing with the Department of Homeland Security,” said Johnson. “The Cybersecurity Act of 2015 includes a provision that limits civil and criminal liability for those who share cyber threat indicators with the DHS. That is a provision I’m not sure a lot of clients are aware of, and there is still a basic reluctance to share basic information with the government.”

Paul, Weiss chair Brad Karp said that in his view, Johnson is “the”nation’s leading cyber expert, which naturally made us review the law firms that have announced and expanded cybersecurity practices over the past several years.

For instance, when Rudy Giuliani joined Greenberg Traurig last January, he said he wanted to work with clients to create “preventative medicine” to cyber crime, and framed the area as the fastest growing field of crime. And then there is Rajesh De, the former general counsel of the National Security Agency who now leads the cybersecurity practice of Mayor Brown, and Lisa Sotto, the chair of cybersecurity at Hunton & Williams, who said at last year’s Big Law Business Summit how the case law around cybersecurity and data privacy has expanded dramatically from when she first started studying it in 1999, with hundreds of state and federal laws passed in recent years .

Others, per Bloomberg BNA cybersecurity reporter Dan Stoller, include:

• Harriett Pearson, former chief privacy officer of IBM Corporation who is now a partner at Hogan Lovells.

• Julie Brill, former commissioner of the U.S. Federal Trade Commision who is now a co-leader of Hogan Lovells’ privacy and cybersecurity group.

• John Carlin, chair of MoFo’s global risk and crisis management department who is former assistant attorney general for the DOJ’s national security division.

While law firms have practically stumbled over themselves to launch practices dedicated to the area, with lawyers of varying degrees of experience, few attorneys have substantial experience in the area as the practice is relatively nascent. Regulators themselves are still grappling with how to best wrap their arms around the issue: Last year, Manhattan District Attorney Cy Vance said thathe committed $25 million over the next five years to form a cyber alliance comprised of corporations across borders to share information about how to prevent breaches. The year before that, Rodge Cohen, senior chairman of Sullivan & Cromwell, called for a U.S. cybersecurity bureau to coordinate efforts.

“Cyber actors, bad actors, are becoming increasingly sophisticated and that includes nations as well,” said Johnson, when asked about fears of future attacks from Russia and other foreign governments. “None of that is going away by any means.”

He said that one thing he learned from his three years leading the DHS was the importance of bi-partisan efforts. “I am of the strong view that in order to get stuff done in Washington, you have to build bi-partisan relations. And so when I was in the job, I went out of my way to build relationships, with both Democrats and Republicans on Capitol Hill... We were able to get a lot of stuff done.”

The need to collaborate went for cybersecurity, too. Johnson spoke of ministerial discussions held between the Justice Department, the Department of Homeland Security and the Chinese government, which led to an agreement on rules governing cyber crime, such as not committing cyber attacks on the commercial sector for purposes of private gain, he said.

Johnson said that American corporations still have a long way to go when it comes to sharing information with each other and the government.

“We have ISAOs [Information Sharing and Analysis Organizations] that do a lot of information sharing between and among the private sector and within the government, and we need to build on that and expand on that even more,” he said.

The move to Paul, Weiss is a homecoming of sorts for Johnson. He previously served several stints with the law firm in between government service, including with the U.S. Attorney’s office in the Southern District of New York as a prosecutor, the Department of the Air Force as general counsel from 1998 to 2001, and general counsel of the Defense Department from 2009 to 2013.

Write to us at BigLawBusiness@bna.com .

[Image “blb newsletter” (src=https://bol.bna.com/wp-content/uploads/2016/09/blb-newsletter.jpg)]