The Department of Homeland Security’s SAFETY Act, which incentivizes companies to develop anti-terrorism technologies by reducing their liability in the event of failure, could provide similar incentives in cybersecurity, a panel of experts from Venable LLP said on Sept. 25.
The National Institute of Technology and Standards (NIST) released a draft of its framework to project critical infrastructure from cyber attacks in August. The government has since grappled with how to encourage utility providers to adopt the voluntary guidelines and what incentives will be most effective.
Experts suggested that liability protections like those in the SAFETY Act could be made available to IT and cyber technology firms if they adhere to the NIST standards set forth in the framework. This will encourage industry to evolve in agreement with the framework.
“You need to have some baseline, and that is what the framework is hopefully going to provide for companies,” said Dismus Locaria, a Venable Partner.
Building on the SAFETY model prevents either the government or private industry from monopolizing cybersecurity. CEO of the Council on Cybersecurity and former DHS Deputy Secretary Jane Holl Lute said network guardianship cannot be left to just the private sector, as may firms have proposed.
“We don’t leave anything to the market to exclusively handle,” she said. “If that were the case, I don’t think you have seatbelts in your cars.”
Jason Wool, a Venable associate, said the correlation of the SAFETY Act to the framework was not widely discussed at the framework workshops that he attended. He said limiting liability in general was discussed as an incentive along with tax breaks, rate recovery and insurance.
To date, nearly 900 anti-terrorism products and services have been approved under the SAFETY Act, Locaria said. Firms have the option to apply for various levels of liability protection for periods of either three or five years with the option to renew. The SAFETY Act was established in 2002 along with the passage of the Homeland Security Act, which created DHS.