Joshua Silverstein

Silverstein works with clients proactively to establish processes and technology to diminish the likelihood and consequences of cybersecurity, data privacy and national security challenges. He has worked with enterprises across economic sectors to build tailored cybersecurity, data privacy, incident response, vulnerability management, operational risk management and insider threat programs. Silverstein is regularly consulted on a wide range of important public policy issues, including encryption, public-private cybersecurity collaboration, critical infrastructure cybersecurity, cybersecurity norms and international law, and surveillance and intelligence activities. Silverstein is currently a term member at the Council on Foreign Relations and has been recognized as one of Lawdragon’s 500 Leading Global Cyber Lawyers. He regularly writes about topics related to cybersecurity issues and is the co-author of “The Cyberspace Solarium Commission” chapter of the Practising Law Institute’s treatise Cybersecurity: A Practical Guide to the Law of Cyber Risk.

During his career, Silverstein has represented clients in confronting numerous concerns, including:

Cybersecurity, Espionage, Electronic Surveillance and Privacy

• ransomware and extortion attacks from malicious hackers and cyber criminals involving extensive regulatory, law enforcement and intelligence investigations across multiple jurisdictions on behalf of large, global companies
• data breach incidents requiring analysis of and compliance with breach reporting obligations under U.S. state and federal laws, the U.K. and the EU General Data Protection Regulation (GDPR), and numerous other global data protection regimes
• innovative technical, operational and legal options to deter malicious cyber extortionists, and to locate, seize and prevent the dissemination of stolen client data
• nation-state-sponsored cyberattacks involving global forensic investigations, extensive law enforcement engagement, congressional inquiries, grand jury proceedings, and advice to boards of directors and senior management regarding fiduciary duties
• cybersecurity threat information sharing with information sharing/ analysis centers and diverse federal entities, both on voluntary and mandatory bases
• risk management frameworks to govern the conduct of private sector cybersecurity operations
• tabletop exercises on hypothetical cyber and business continuity incidents involving ransomware, insider threats, nation-state attacks, and third-party and supply chain attacks

Public International Law and Cybersecurity

• the application of U.S. and international law involving cross-border cybersecurity, including cyber norms, sovereignty, critical infrastructure, jurisdiction, attribution standards, international humanitarian law, human rights law, espionage, and the conduct of cyber defensive and intelligence activities
• advice to the United Nations regarding international legal issues surrounding cyber warfare, cyber threats to critical infrastructure, and terrorist exploitation of the internet and social media, as well as data privacy law applicable to cross-border data sharing for law enforcement and counterterrorism purposes
• advice to the U.S. Cyberspace Solarium Commission on legal issues related to its recommendations and legislative proposals under U.S. and international law

AI

• legal, regulatory and litigation developments related to the development and deployment of autonomous and connected vehicle technologies
• penetration testing and other adversarial analysis of autonomous technologies