OSAI

Congress enacted the SAFETY Act in 2002 in an effort to incentivize the development of anti-terrorism technologies following the attacks of September 11, 2001.  The Act affords liability protections to sellers of Qualified Anti-Terrorism Technologies (“QATTs”) in the event of an act of terrorism where QATTs are deployed.  Although the SAFETY Act’s protections have not yet been tested in court, a recent publication from the Department of Homeland Security’s Office of SAFETY Act Implementation (“OSAI”) further explains and reaffirms how the Act’s most significant liability protection—the government contractor defense—would operate to protect a SAFETY Act-approved company sued in court following a terrorist attack.
Continue Reading OSAI Issues Guidance on the Government Contractor Defense for Certified Anti-terror Technologies

We have already seen tremendous fallout from recent cyber attacks on Target, the U.S. Office of Personnel Management, Sony Pictures, and J.P. Morgan.  Now imagine that, instead of an email server or a database of information, a hacker gained access to the controls of a nuclear reactor or a hospital.  The potential consequences are devastating: death, injury, mass property destruction, environmental damage, and major utility service and business disruption.  Now what if there were a mechanism that would incentivize industry to create and deploy robust and ever-evolving cybersecurity programs and protocols in defense of our nation’s critical infrastructure?

In late 2014, Representative Michael McCaul (R-TX), Chairman of the House Committee on Homeland Security, proposed legislation that would surgically amend the SAFETY Act, which currently offers liability protection to sellers and users of approved anti-terrorism technologies in the event of litigation stemming from acts of terrorism.  Rep. McCaul’s amendment would broaden this protection to cybersecurity technologies in the event of “qualifying cyber incidents.”  The proposed legislation defines a “qualifying cyber incident” as an unlawful access that causes a “material level[] of damage, disruption, or casualties severely affecting the [U.S.] population, infrastructure, economy, or national morale, or Federal, State, local, or tribal government functions.”  Put simply, under the proposed legislation, a cyber incident could trigger SAFETY Act protection without being deemed an act of terrorism.Continue Reading SAFETY First: Using the SAFETY Act to Bolster Cybersecurity