Cyber terrorism falls into three basic categories. The first would be hacking into a system in order to cause physical harm to people or property. Some examples would include opening a dam, shutting down a power grid or causing highly dangerous situations at refineries or chemical plants. The second type of cyber related terrorism would be using a system to intentionally cause massive financial harm such as to the NYSE or a financial institution’s network. Third, setting up money-laundering schemes used to finance other terrorist activities. Any of these would create massive liability exposures for any party deemed responsible.

As a part of their recent Board meeting, the Internet Security Alliance (ISA) released “The Cyber Security Social Contract: Policy Recommendations for the Obama Administration and the 111th Congress”. This 45-page document provides detailed recommendations for the new administration. One of the four top suggestions made to the President Elect is providing “Better positive based incentives … To accomplish this, we can look at historical examples of positive incentive programs, such as the SAFETY Act …. .” Another of the four suggestions presented to Mr. Obama is the need to “Have a robust insurance market”.

Regardless of the cost, post September 11th, there is not enough, and likely will never be enough, terrorism related insurance available globally to assure any organization’s financial survival following a serious event. On the other hand, the good news is that approval under the SAFETY Act automatically grants immunity, liability caps, affirmative defenses and other incentives for entities providing or using approved anti-terrorism products, technologies, facilities, software, procedures and/or services. The very nature of network and IT security protection makes the developer, provider or user an ideal candidate for the sweeping protections available under the SAFETY Act.

SAFETY Act approval drastically reduces the enterprise threatening liability exposures faced if a cyber terrorism event somehow involves an entity’s products, systems, networks, hardware, software, advice, services or facilities. In addition, entities that sell or provide anti-terrorism / e-terrorism goods or services to others will enjoy a significant marketing advantage and higher demand for their SAFETY Act approved products and services.

To qualify for SAFETY Act protection, the protections, technologies or procedures utilized do not have to be dedicated exclusively to preventing e-terrorism. They do need to have an anti-terrorism element. Network protection technologies, software, hardware, procedures and strategies are ideal examples of simultaneously guarding against both terrorism and non-terrorism threats.

DHS approval under the SAFETY Act automatically grants unprecedented liability protection and immunity from lawsuits stemming from a terrorist event including cyber terrorism. The Act protects against allegations that a SAFETY Act Designated product, technology, service, procedure, software, advice or facility failed, was misused, inadequate or otherwise and did not identify, prevent, respond to or respond appropriately or otherwise help mitigate a terrorist act. SAFETY Act’s broad protections will apply to suits resulting from, or alleging, bodily injury, property damage and/or other harm, including financial harm.

Another exciting feature, although not the SAFETY Act’s intended purpose, is the significant marketing edge and higher demand that SAFETY Act approval creates for entities that provide products and services to others.

Read more about the SAFETY Act on our site http://www.SAFETYACTCONSULTANTS.com or at the DHS’ site at http://www.SAFETYACT.gov