United States Senate takes on cybersecurity
Posted on 11/02/2015 at 09:36 AM by John Lande
Last week the United States Senate passed the Cybersecurity Information Sharing Act of 2015 (CISA). The Senate version of the bill differs slightly from the bill passed by the United States House of Representatives that this blog previously covered. CISA and the House bill called the Protecting Cyber Networks Act (PCNA) are primarily concerned with encouraging information sharing of cyber-threats with other private entities, and state and federal agencies. CISA and PCNA also include limitations on liability for sharing information regarding cyber-threats with other entities, and state and federal governments. PCNA's limitation, however, is broader. Under PCNA, if an entity receives a tip about a cyber-threat and fails to act then the entity is not liable for its failure to take action in response to the cyber-threat. The Senate's CISA also contains a limitation on liability. However, CISA only limits liability for any entity that shares information about a potential cybersecurity threat or the effectiveness of a cyber-defensive measure. The distinction is small but significant. As this blog has pointed out before, PCNA's liability limitation would protect an entity that fails to act on information about a cyber-threat. This should be a concern for financial institutions because, as illustrated by the Target breach and others like it, financial institutions will ultimately be expected to bear the loss from a cyber-attack. If an entity like Target is protected from its failure to act based on a tip about a cyber-threat then financial institutions will likely not have any recourse to compel other entities to share responsibility for the loss resulting from a cyber-attack.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
- John Lande
Categories: Cybersecurity Law, John Lande, Banking Law
Questions, Contact us today.
The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Bradshaw is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm. Your use of the Dickinson Bradshaw blog postings does NOT create an attorney-client relationship between you and Dickinson, Bradshaw, Fowler & Hagen, P.C. or any of its attorneys. If specific legal information is needed, please retain and consult with an attorney of your own selection.