May 21, 2017

May 19, 2017

Subscribe to Latest Legal News and Analysis

May 18, 2017

Subscribe to Latest Legal News and Analysis

Proposed Cybersecurity Legislation Offers Opportunities for Technology Companies

The United States benefits greatly from the use of cyber technology to facilitate every aspect of modern life – to operate the government, critical infrastructure, and general business and citizen enterprises.

These advantages, however, come with challenges. Reliance on information technologies and industrial control systems has made our nation highly vulnerable to foreign cyber-attack or intrusion.

In clear recognition of those vulnerabilities, the U.S. Congress has initiated action which may shape cybersecurity strategy and policy long into the future. Following issuance of the February 2017 Report of the Defense Science Board’s Task Force on Cyber Deterrence, the U.S. Senate Armed Services Committee held hearings on March 2 on the topic of “Cyber Strategy and Policy.” The Committee and its newly created Subcommittee on Cybersecurity are in the early stages of drafting legislation which may guide opportunities for defense and non-defense cyber-security companies to contribute to our nation’s defense and economic prosperity.

Significant threats

The United States faces significant cyber threats from a number of potential adversaries, most notably Russia, China, Iran, North Korea, and terrorist groups such as ISIS. As the daily headlines note, such attacks will only increase in frequency and in potential damage and costs in the coming decade.

As noted in a recent op-ed, U.S. Senator Mike Rounds, who chairs the new Senate Subcommittee on Cybersecurity, wrote:

“Senior officials at the Pentagon have been warning about a ‘Cyber 9/11’ or ‘Cyber Pearl Harbor’ for years. We already know that foreign actors have attempted to access the cyber domains of critical infrastructure in the United States.

Imagine what would happen if a foreign actor interfered with the operations of a nuclear power plant, or shut down the communications that control aircraft operations, rail operations or water releases from large dams. Such an attack on our critical infrastructure could threaten our entire economy or – worse – lead to loss of life. Without an appropriate plan in place to stop or respond to these cyber-attacks, we put ourselves at increased risk for a catastrophic attack to occur.

It is the mission and responsibility of the new Senate Subcommittee to help establish and guide our nation’s policies and programs related to cyber forces and capabilities.

A role for industry

Speaking before the Committee earlier this year at a hearing on foreign cyber threats, Marcel Lettre, then Undersecretary of Defense for Intelligence, said: “We must continue to seek help from American industry -- the source of much of the world’s greatest technology talent -- in innovating to find cyber defense solutions, strengthen our deterrence, and build resiliency into our critical infrastructure systems.”

The nation’s 16 critical infrastructure segments include: chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, health care and public health, information technology, nuclear reactors and materials, transportation systems, and water and wastewater.

The February 2017 Report by the Task Force on Cyber Deterrence of the Defense Science Board of the Department of Defense stressed the need to enhance the “foundational capabilities” of our nation’s cyber-defense, particularly the development of innovative technological defenses and improved means of cyber attribution “to bolster deterrence of the most important cyber threats”:

“Enhance Foundational Capabilities: In addition to the measures outlined above, the Department of Defense and the broader U.S. Government must pursue several different types of capabilities, such as enhancing cyber attribution, the broad cyber resilience of the joint force, and innovative technologies that can enhance the cyber security of the most vital U.S. critical infrastructure.

The recent creation of the new Senate Subcommittee promises to shape the next generation of policies and priorities in the improvement of cybersecurity with regard to our nation’s infrastructure and to offer defense and non-defense firms substantial opportunities to contribute to our national security through innovative technologies and services to ensure resilience and deterrence in a wide range of essential industries.

Copyright Holland & Hart LLP 1995-2017.

TRENDING LEGAL ANALYSIS


About this Author

Steven Pelak, holland hart, investigative counsel, corporate compliance attorney
Partner

Steven W. Pelak focuses his practice on civil and criminal enforcement proceedings and internal investigations. With more than 25 years of experience, he provides clients with sound counsel and advocacy on administrative and criminal inquiries, investigations, and prosecutions, as well as internal corporate compliance matters.

Mr. Pelak has significant experience as a federal prosecutor and in private practice handling and supervising the investigation and prosecution of export control, embargo, fraud, bribery, public corruption, immigration,...

202-654-6929
C. Matt Sorensen, Holland Hart, regulatory compliance attorney, data breach management lawyer
Associate

Mr. Sorensen is a Certified Information Systems Security Professional (CISSP) and Certified Information Privacy Professional in both the United States and Europe (CIPP/US and CIPP/E), focusing his practice on domestic and international data privacy and cybersecurity law. He advises companies across industries on breach prevention, cyber-attack preparedness, information governance,  regulatory compliance, and data breach management. In particular, he helps clients understand how to create and implement effective compliance programs and controls.

Clients benefit from Mr. Sorensen’s combined legal experience and strong technical background. Prior to joining Holland & Hart, Mr. Sorensen served as the IT Compliance Officer for the Corporation of the Presiding Bishop of the Church of Jesus Christ of Latter-Day Saints, where he helped oversee an information security program spanning 58 countries and more than 60 business lines. He has held various information risk management roles, advising businesses in the financial, technology, and legal industries.

801-799-5957