On September 9, Ari Schwartz shared his perspective with Bloomberg Tax on the risks of letting key cybersecurity protections lapse. The following is an excerpt:
Convincing companies to share cybersecurity information is a longstanding goal, because much of US critical infrastructure is privately owned.
In the 1990s, the Clinton administration called for the creation of information sharing and analysis centers—ISACs—to encourage communication among critical sectors. Many companies remained reluctant to discuss cyber vulnerabilities, however, often because of legal concerns.
CISA 2015 sought to bridge that gap by providing liability protection against privacy, antitrust, and other enforcement actions.
Losing those assurances would move the decision from security officers back to the general counsel—potentially curtailing information sharing. Conducting the needed legal reviews can take months or years, if companies decide to share at all, said Ari Schwartz, managing director of cyber services at Venable LLP.
“We’d just have to go back to those days of lots of legal vetting, projects being slowed down, maybe not actually happening the way they’re supposed to,” said Schwartz, who was cybersecurity director for the National Security Council in the Obama White House.
For the full article, click here.