SAFETY Act Decreases Private Sector Risk And Liability

An article co-written by three attorneys who have been deeply involved with homeland security and regulation issues looks at an underutilized strategy for reducing cybersecurity risk and liability. The authors are former Senator Joseph Lieberman; Clarine Nardi Riddle, who is former Chief of Staff to the Senator and a former Connecticut AG; and Mark J. Robertson, who played a central role in the development of SAFETY Act regulations and served in senior positions with the Department of Homeland Security. The authors advocate utilizing options that were established under the Anti-Terrorism by Fostering Effective Technologies, or SAFETY Act, which was enacted as part of the Homeland Security Act in 2002. At the time the threat of physical attacks on infrastructure or personnel were uppermost on people’s minds, but the authors maintain the terms and legal protections provided by the SAFETY Act extend to other kinds of threats as well. The Act establishes a process for the examination and possible official approval of particular counter-terrorism technologies, including cybersecurity technologies, and by so doing it removes a major obstacle to both their development and deployment. “In-house counsel and risk managers,” they write, “should consider securing SAFETY Act approval (which provides for protection against civil liability for companies deploying approved anti-terrorism technology) in the face of evolving terrorist threats, particularly cyber threats. This is the case especially among critical infrastructure owners and operators, including energy, industrial manufacturing, real estate, healthcare and financial services firms.”