Industry officials met in New York Monday with the presidential commission on cybersecurity to discuss the acceleration of data breach information-sharing among private companies and with the government. While the Cyber Information Sharing Act (CISA) was enacted last year, industry officials claim the government must play a larger role in implementing the new law and pushing the next phase of cyber-threat indicators. While CISA does guarantee liability relief for companies sharing cyber threat information, Marc Gordon of American Express claims the “pace is slow” for implementing the law and that the liability provisions “embedded in the legislation” are yet to be “activated and tested.” In the commission’s first public working session since its inaugural meeting in April, “the commission heard testimony from representatives of the financial services and insurance industries with key topics including coordination among regulatory agencies, harmonization of standards and data-breach requirements.”
Also at the meeting, industry officials pushed the commission to support a cybersecurity expansion of the SAFETY ACT, which would include cybersecurity services and products for liability protections under the statute. This inclusion would protect cybersecurity companies from lawsuits or claims alleging that the product failed to prevent or mitigate a cyber-attack. This will ideally increase innovation through encouraging “new ways to detect and prevent” cyber-attacks, explained Peter Beshar of Marsh and McLennan. While discussion is good, and certainly a step in the right direction, we need to see real action being taken at both the federal level and among the private sector if we want actual improvements in cybersecurity. The commission’s next public meeting will be in June in California.