by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : June 30, 2015
Cybersecurity compliance for government contractors is an ever- growing challenge. Companies face current and emerging obligations arising from a patchwork of execu- tive orders, standards from the Office of Management and Budget and the National Institute of Stan- dards and Technology, rulemaking in the Federal Acquisition Regula- tion and agency supplements, con- tract terms, and legislative action (and inaction). But how well is your business financially protected in the event of a cybersecurity incident? (Or if you are on the government side, how safe are your industry partners?) The financial costs of cyber events can be staggering. The highly publicized attack on Target cost the retailer and financial institutions a reported $348 million. And for gov- ernment contractors, the implica- tions can be existential. In 2014, a high-profile provider of background checks to the Office of Personnel Management fell victim to a sus- pected state-sponsored cyberattack that potentially exposed confidential information regarding 27,000 gov- ernment employees. OPM not only declined to renew the company’s contracts (which in one year totaled $417 million in revenue), but the contractor’s parent company filed for bankruptcy, citing the cyberattack as a key cause. Following a 2011 data breach at a major contractor for the military’s Tricare health benefits program, the government required the company to pay the costs of notifying 5 mil- lion affected Tricare recipients. On top of that, the contractor faced years of class-action litigation. Those numbers reinforce the notion that contractors should focus not only on cyber compliance prac- tices but also on ways to mitigate the financial impacts of inevitable cyber incidents. Those investments should complement more traditional cyber compliance measures (e.g., system security and training). Two such measures in particular are worth a closer look: corporate insurance and liability protections under the Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act of 2002. Although the cybersecurity insurance market is still evolving, contractors would be well-served to review their current policies. Advance review and planning will help identify potential coverage issues and gaps before a cyber event takes place, position contractors to maximize their potential recoveries in the event of a cyber incident and even enable contractors to negotiate more favorable policy language to maximize their liability protections. The SAFETY Act might also provide liability protections to approved businesses that use or provide approved products or services that can reach cybersecu- rity vulnerabilities. For example, FireEye recently announced that the Department of Homeland Security had certified two of the company’s cybersecurity products as “qualified anti-terrorism technologies” under the SAFETY Act. Government contractors and other businesses that use DHS- certified technology may cloak themselves in the law’s protections, effectively avoiding the tort liability that can arise from a cyberattack when such technology is used. Fire- Eye’s DHS approval further confirms that the SAFETY Act’s protections extend beyond terrorism concerns to include the cybersecurity threats facing American companies and, through them, U.S. economic and national security interests. Those threats — particularly for government contractors — show no signs of abating. Contractors that are waiting for financial pro- tection from federal regulators or Congress will likely be disappoint- ed. Therefore, companies should take every advantage of the finan- cial and liability safeguards cur- rently at their disposal and include the assessment of those safeguards as an integral part of their cyberse- curity strategies. n What cyber insurance can do for contractors When it comes to cybersecurity, the SAFETY Act deserves a second look, but companies should also consider commercial coverage Companies should take every advantage of the financial and liability safeguards currently at their disposal. Commentary | JUSTIN CHIARODO AND PHILIP BESHARA JUSTIN CHIARODO is a partner and PHILIP BESHARA is an associate in Dickstein Shapiro’s Government Contracts Practice. June 30, 2015 FCW.COM 11 0630fcw_011.indd 11 6/10/15 9:03 AM
June 15, 2015
July 15, 2015