Ochoa: Finding new ways to help diminish cybersecurity threats

In an era when cyberattacks can paralyze hospitals, disrupt elections, and compromise the privacy of millions, the need for innovative cybersecurity and privacy protections has never been more urgent. But it is not just a question of new technologies; strong data protection depends as much on motivating people and organizations to use those technologies and make wise choices to diminish data risk.

The Indiana University Maurer School of Law has spent more than 30 years answering cybersecurity and privacy challenges with a distinctive, holistic approach: an interdisciplinary, human-centered legal education that equips students to lead at the intersection of technology, policy, and law.

Long before cybersecurity became headline news, Maurer pioneered the nation’s first standalone cybersecurity law course and built an ecosystem where legal education doesn’t happen in isolation. By collaborating closely with the Kelley School of Business and the School of Informatics, Computing, and Engineering, we created the Center for Applied Cybersecurity Research (CACR) and later the Cybersecurity Law Clinic—giving students the rare opportunity to work on real-world legal challenges with live clients from their first years in law school.

This month, you’ll see stories across various media platforms highlighting IU’s leadership in cybersecurity and data privacy. It’s been a remarkable experience to read some of the impact our university and this Law School have had over the years.

For decades, IU’s interdisciplinary approach to cybersecurity education and research has equipped its scholars to anticipate the regulatory, ethical, behavioral, and national security implications of technological advances. Thanks to the early vision of people like Professor Fred H. Cate and former IU President Michael A. McRobbie, the university saw that human behavior would play as much—if not more of—a role in solving cybersecurity and data privacy challenges than the technical hurdles.

Turns out, technology itself isn’t the weakest link in the cybersecurity chain.

It’s us. We’re the ones choosing “password” as a password; we’re the ones blindly clicking on suspicious links in phishing messages.

Addressing cybersecurity challenges from both technical and behavioral approaches puts our students in unique positions to gain experience before they’ve even earned a law degree. Through our clinics, centers, and coursework, Maurer students are among the best positioned to go straight into an in-demand, high-paying job straight out of law school. By working with real-world clients facing real-world challenges, our students are gaining the kind of experience many other schools haven’t been able to offer.

Those kinds of clients are only going to increase in number, and with it the need for attorneys with expertise in cybersecurity and privacy law. From advising corporations on data breach responses to helping shape international cybersecurity norms, the legal profession urgently requires practitioners who understand both the technology and the law. Our graduates are already stepping into these roles in government agencies, global law firms, and Fortune 500 companies.

Amanda Craig Deckard is one of them. After earning her JD in 2014, Deckard joined Microsoft, where she now serves as Senior Director in the Office of Responsible AI. There, she collaborates with engineers, researchers, and policy experts to maximize the benefits of artificial intelligence while mitigating its risks.

“My time at the Law School provided me with the knowledge and skills essential for navigating this path,” she said. “The breadth of coursework with faculty leaders in information privacy, cybersecurity, digital IP, and tech policy was foundational to my career.”

The Maurer School of Law has long been a trailblazer in cybersecurity and privacy law education. But we’ve never stopped looking forward.

What began as the first cybersecurity law course in the country has evolved into a JD/MS in Cybersecurity Risk Management. Students can now also earn a law degree alongside a graduate certificate in cybersecurity law and policy. Both options help distinguish our law graduates from others pursuing similar career paths. For students not pursuing a JD, IU also offers a Cybersecurity Master’s Program and a Graduate Certificates in Cybersecurity Law & Policy and in Privacy Law and Policy.

Tanner Wilburn, a joint JD/MS student graduating this May, is one of the many students poised to tackle these interdisciplinary challenges. Wilburn, who previously worked in cybersecurity, was drawn to the legal aspects of the field after listening to a podcast.

“When I started to explore graduate programs, the joint JD/MS at IU was the perfect fit,” he said. “It’s one of the best programs out there, and the faculty are pioneers in this field.”

And Professors like Asaf Lubin, Scott Shackelford, and Joe Tomain are providing new and exciting opportunities for students, even when the client is halfway around the world.

Through IU’s Cybersecurity Clinic, Lubin’s students reviewed and provided recommendations on Kosovo’s draft cybersecurity act last fall, advising on crucial provisions that will shape the country’s future security framework. Shackelford is working with law students on the emerging field of space cybersecurity (one of our students, James Brook Romano, has even started the Space Law Society) and the challenges put forth by cyberinfrastructure (think weather forecasting, satellite communications, broadband Internet, and more)
based in space.

This year we began offering AI courses and we’ll take yet another step forward this fall, when Professor Cate offers a new introductory law and technology course for law students and graduate students—online and off—interested in working at the cutting edge of digital data.

I encourage you to take a look at some of the outstanding stories IU will have in media outlets throughout the month of March. We’re proud to have such a major role in the university’s efforts to enhance cybersecurity and privacy at the local, state, and national level.•

__________

Christiana Ochoa is the dean and Herman B Wells Endowed Professor at the Indiana University Maurer School of Law in Bloomington. Opinions expressed are those of the author.