Cybersecurity Challenges for Federal Attorneys and Judges

Cyber threats are not unique to our legal and judicial systems. Corporations, governments, healthcare institutions–really all aspects of modern life–are susceptible to digital attacks. Those who serve in our federal legal system handle high profile cases, have abundant access to sensitive data and information, and are increasingly reliant on digital systems to get work done efficiently. This makes them prime targets.

The American Bar Association’s Cybersecurity TechReport found that nearly 30% of law firms experienced a data breach in 2023, and threats on the federal legal system became a larger focus after a major attack in 2020. This led to the formation of the Judiciary IT Security Task Force by the Administrative Office of the US Courts.

More than ever, it’s important to understand cybersecurity risks and how to mitigate them or risk judicial fairness, client confidentiality, and public trust.

Let’s first understand some of the ways attackers target and gain access to legal data:

• A data breach is essentially any security incident where unauthorized agents access sensitive or confidential information. This can happen through internal or external sources and can lead to exposure of confidential documents and case materials, and even evidence tampering.
• Phishing is defined as “the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging.” The goal of these attacks is to gain access to case details, sensitive data, money, or system login information. This often occurs through unsuspecting individuals who click links that appear authentic, and can sometimes lead to malware being installed in a system.
• Ransomware is malicious software that can lock up a network or system and provide attackers access to critical data, after which payment is demanded. Once access is achieved, these operatives also can install malware, which is infected software that provides access into a network and its data.
• Third party access can occur when vendors, contractors, and other partners abuse their access to digital networks, then tap into and misuse critical data.
• Social engineering happens when digital criminals use manipulation techniques that lead to staff sharing information. It often occurs through the perpetrator earning the trust of the victim and then gaining access to sensitive and confidential information and data.

What steps can you take to protect the very critical information you and your team has access to? The methods cybercriminals employ are continually evolving and becoming more sophisticated. So first and foremost, it’s critical that you make cybersecurity a top priority. Here are ways to do that:

• Learn the cybersecurity standards and work being done to help courts and staff protect sensitive information from the Administrative Office of the US Courts.
• Do an audit of your current systems and their vulnerabilities. Consider what technology might be outdated and put a team together to find a new solution. Employ the help of technical professionals who can assess risks and potential weak spots and develop a strategy around strengthening the system. Ask them to help you outline guidelines for how to handle digital information and evidence.
• Invest in consistent and updated training for attorneys, judges, and staff. Make sure all parties who handle sensitive data are trained to be aware of the latest cyber threats and how to respond to them. Employ specific tests in which teams need to determine if sample scenarios are legitimate threats.
• Adopt the latest security infrastructure tools like multifactor authentication, which requires users to confirm their identity before gaining access to a network or data, encryption, secure messaging, and secure file transfer.
• Outline a plan for worst cases. What are the legal and ethical implications should a data breach or leak of sensitive information occur? How would you handle it and mitigate negative effects? Transparency is key, as client confidentiality and fair trials are at stake.

The considerations are more critical than ever as new threats emerge regularly. It’s critical to find the balance between security, transparency, and efficiency.

As Hon. Michael Y. Scudder, U.S. Court of Appeals for the Seventh Circuit and chair of the Judicial Conference’s Committee on Information Technology, recently said, “Perhaps above all else, our culture has changed. Overwhelming numbers of judges now see IT as an essential part of nearly everything we do. They understand the importance of investing in modernization and cybersecurity, and doing so at an enterprise level.”