In an earlier post about the information sharing provisions of the cybersecurity bill pending in the Senate I highlighted the issue of liability protection and the preemption of State law, musing that those provisions might prove controversial with those who wanted to retain traditional rights of action in State courts.
Well, other people have the opposite concern. Gus Coldebella, the former Acting General Counsel of the Department of Homeland Security, thinks that the liability provisions don’t go far enough and need to be fixed. Here’s the gist of it from the introduction:
[The bill] doesn’t sufficiently tamp down potential legal liability for private entities, and in some cases increases it, creating an insurmountable disincentive for companies to voluntarily share cyber information. It leaves owners of critical infrastructure subject to civil litigation and outsized damages if an attack happens, even when they fully comply with the Act’s mandates. Before the Act comes out of beta, Congress should debug its liability protection provisions.
The entire article is worth a read. More fodder for consideration as the bill moves forward.