Cyber Terrorism and Liability Exposure in the US Judicial System Today
Any entity that buys, uses, installs, integrates, deploys, designs, creates, manufactures, supplies, sells, distributes, advises on, or is otherwise involved in, cyber security related products, technologies or services in any way, whether for yourself or others, does so at an extraordinary liability risk. Because of this catastrophic risk, owners and/or management have a fiduciary responsibility to explore the very broad immunities, liability caps, defenses and other protections that could potentially be afforded them under the SAFETY Act. It is critical to know if, and how, your organization can benefit from this Federal law incorporated into the Homeland Security Act of 2002.
The SAFETY Act can drastically reduce or eliminate the enterprise threatening liability exposures an organization will face if a cyber terrorism event somehow involves their systems, networks, hardware, software, products, advice, procedures, services or facilities. In addition, for those entities who sell or provide anti-terrorism / e-terrorism goods or services to others will enjoy a significant marketing advantage and higher demand for their SAFETY Act approved products and services.
You do not have to be the actual manufacturer, developer or seller of the hardware, software, products, technologies and/or services to benefit under this law. In fact, just by using someone else's SAFETY Act approved products and/or services, your organization can benefit greatly and may be immune from suits.
Cyber terrorism falls into three basic categories. The first, well exploited by Hollywood, would be hacking into a system in order to cause physical harm to people or property. Examples would include opening a dam, shutting down a power grid or causing highly dangerous situations at refineries or chemical plants. The second type of cyber related terrorism would be using systems to cause massive financial harm. The third would be setting up money-laundering schemes or stealing money that is used to finance other terrorist activities. Any of these events would create massive liability exposures for any party deemed even partially responsible for not detecting, preventing or mitigating the event.
To qualify for SAFETY Act protection, the cyber protections provided or utilized do not have to be dedicated exclusively to preventing e-terrorism. Network or system protections are ideal examples of simultaneously guarding against both e-terrorism and non-terrorism related threats.
DHS approval under the SAFETY Act automatically grants unprecedented liability protection and immunity from lawsuits stemming from a terrorist event including cyber terrorism. The Act protects against allegations that a SAFETY Act Designated product, technology, service, procedure, software, advice or facility failed, was misused, inadequate or otherwise and did not identify, prevent, respond to or respond appropriately or otherwise help mitigate a terrorist act. SAFETY Act's broad protections will apply to suits resulting from, or alleging, bodily injury, property damage and/or other harm, including financial harm.