With Congress widely expected to focus on cybersecurity legislation this year, a former NSA director is urging the property/casualty industry to make its collective voice heard now.
He said the determination of liability in a cyber attack is particularly at stake.
“It will come up this spring or summer [and] it is important to you as an industry because part of [the debate] is liability,” ex-National Security Agency director and retired U.S. Army Gen. Keith Alexander told an insurance industry audience at the launch of the Property Casualty Industry Forum in New York on Jan. 13.
“You should be involved in some of the discussions as to what it means to your clients,” said Alexander, who also commanded the U.S. Cyber Command. “You don’t want expansive liability. But you have the right to set liability.”
Alexander was responsible for ensuring the security of Department of Defense computer systems (and saw some controversy last year with the launch of IronNet Cybersecurity, his new company designed to address emerging cybersecurity concerns) (Reuters, Oct. 13, 2014, “Exclusive: NSA reviewing deal between official, ex-spy agency head”). The cybersecurity expert argued that the U.S. is in urgent need of cyber legislation that allows companies, in part, to better communicate with government about the cyber attacks they increasingly face.
“We have the technical ability to see bad things coming into the country,” Alexander said. “If you put together what industry and government sees, it would be far better than what the country does individually” to address cyber attacks, cyber terror and other related salvos.
Beyond cyber legislation, he noted that current cyber protection standards fall painfully short.
“Most companies with routine cybersecurity don’t have defensible architecture,” Alexander said. “We need industry and government to work together” to counter this.
While cybersecurity standards may fall short right now, Alexander insisted that he sees the technology eventually catching up and surpassing the status quo.
“We can come up with ways of protecting our network that can protect things way beyond where they are today,” Alexander said.