Trust Seen Hard To Come by on Government Involvement in Cybersecurity
Industry can and should self-regulate on cybersecurity matters, with government's role being to provide incentives in the form of tax breaks or liability limits, said Jamie Barnett, part of Venable's cybersecurity practice, on a cybersecurity panel at the FCBA annual…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
seminar Saturday. Multiple speakers said industry trust of government is difficult when data breaches are often followed by rulemaking or enforcement actions. "The FBI shows up, Secret Service shows up, they want to help," Barnett said. "Then six months on, the Enforcement Bureau knocks on the door and they are not perceived as so helpful by the carrier. Is government going to be on the side of companies as they try to defend? Or is government going to be criticizing companies? As long as government wants to be on both ends, it becomes very difficult to work with them." Megan Brown, a leader of Wiley Rein's Cybersecurity, Data and Network Security practice, agreed existing constructs are too adversarial. The next FCC administration has to figure out a means of getting industry comfortable with government collaboration on cybersecurity issues, she said. Brown said government wants companies to be candid with it in talks about cybersecurity threats, but "it's treacherous" and there are big questions about where that information subsequently could end up. The New York Attorney General's Office floated the idea of immunity that would come from meeting certain standards that are signed off on by a third party, but regulatory minimums can create a compliance mindset of meeting that minimum and nothing beyond, Brown said. Barnett also advocated creating a federal Department of Communications and Cyberspace, combining NTIA and the Department of Homeland Security's cybersecurity directorate. "Most nations have a ministry of communications," he said, though he said it would likely take a major cybersecurity breach before that would happen. Edward McNicholas, co-head of Sidley Austin's Privacy, Data Security and Information Law practice, said the insurance market could play a vital role in cybersecurity, but there's no good reinsurance market yet. Unlike standard directors and officers liability policies, cybersecurity policies vary considerably and the insurance market needs to be able to compare cybersecurity practices across companies, he said.