Robert Kang, the in-house cyber counsel at electric utility Southern California Edison, is the power sector's first in-house counsel focusing on cyber national security. Kang has worked with Loyola Law School to help design and launch the first cyber and privacy law concentration offered in Southern California. Kang, who is one of the finalists for Innovator of the Year in the California Leaders in Tech Law and Innovation Awards, explained to The Recorder what it's like to be a pioneer in a growing field of the law.

The Recorder: What does it mean to you to be called an innovator?

Thank you for the honor. Being recognized as an "innovator" emphasizes the need for lawyers to be proactive. It's not enough for lawyers to simply meet the problems of today. We need to anticipate, and find solutions to the big problems of tomorrow.

Nowhere is this more evident than in the world of cyberlaw. Ten years ago, I figured out that cybersecurity would become a major enterprise-level risk, and began urging my in-house and academic colleagues to treat "cyberlaw" as a top business and legal priority. In the pre-Sony days, the response was crickets. For example, one prominent law school declined my proposal to teach a cyberlaw course as "too practical," which I interpreted to mean, "not lawyerly."

Undeterred, I found like-minded colleagues to collectively refine and push our agenda together. For example, I joined forces with cyberengineers at my company to organize the first basic cybertech course for lawyers offered in Southern California. Teaching cybertech to lawyers was a rarity back then; I even contacted the State Bar to find out if I could offer CLE credit (they weren't sure). With the support of my company, I built one of the first dedicated in-house cyberlaw programs in Southern California, if not the U.S. After finding like minds at Loyola Law School, I played a leading role in creating Southern California's first data security and privacy concentration.

Today, the rest of the world has caught up with me, and cybersecurity is now a top business and legal priority at every company. But I take pride in helping create the field. That's what it means to be an innovator: figuring out and solving the problems of tomorrow, as well as those of today.

What is the role of in-house cyber counsel and what sorts of companies need them?

All companies are different. For example, some companies may be constrained by cost and other factors from hiring dedicated in-house cybercounsel. However, I believe that all companies should have someone who is at least familiar with the subject. Even small startups must sign vendor contracts containing cybersecurity provisions. Emerging laws, such as California's new IOT law, SB327, require technology companies to build "security by design" into their offerings.

All companies are at risk of being hacked. Having in-house counsel who can navigate these issues will help companies manage a slew of legal risks, and maybe even survive to operate another day.

In addition to the above, two types of companies that should seriously consider engaging dedicated cybercounsel: (1) those with a heavy technology footprint, and (2) "critical infrastructure" companies that provide essential services to the public. The need for technology companies to have a cyberlawyer is obvious: All of your goodwill and operations are tied up in technology, so you need attorneys who can manage technology-based risk on a regular basis.

Critical infrastructure companies should also consider engaging dedicated cybercounsel. In the 21st century, terrorists and hostile nations seeking geopolitical advantage over the U.S. may decide to attack banks, electric utilities, telecom companies and more. I firmly believe that companies in these fields would benefit tremendously by having cybercounsel who can assess the company's unique risks and needs within the broader national security context. My crystal ball tells me "cyber national security" represents the next big step in cyberlaw. Counsel must be prepared to meet the challenge.

You've worked with Loyola Law School to help design the first cyber and privacy law concentration offered in Southern California. Why is it important for the next generation of lawyers dealing with these issues to have specialized education coming into the field?

[It's important in not only] cyber and privacy matters, but to technology in general. In the 21st century, technology is playing an increasingly important role in the practice of law. The increasing use of AI in e-discovery, for example, is changing the role and need of junior attorneys. As our industry evolves, the next generation of lawyers must evolve with it.

This theme of evolution played a large role in the development of Loyola's cyber and data privacy program. In designing it, my colleagues and I intentionally went beyond traditional legal fare by incorporating generous portions of business and technical training. For example, I co-teach Loyola's cyber risk management course (possibly the first of its kind in the U.S.) with a digital forensics investigator. In order to succeed, the legal practitioner of tomorrow must be comfortable with technology and business processes, and not just "the law."