Cybersecurity Act of 2012

Law Technology News this morning had an article that might end up being of interest to many of our readers.

Senator Joe Lieberman of Connecticut , LTN reports, “will be introducing the Cybersecurity Act of 2012 this week, which will aim at protecting crucial American computer infrastructure by giving oversight to the Department of Homeland Security. Experts, however, say it's possible that large law firms and corporate legal departments could be impacted and find themselves reporting security procedures to the federal government, or face fines and public scrutiny.

“The bill,” the article continues, “states that oversight, as evaluated by the National Institute of Standards and Technology, would apply to any agency, company, or organization at which an electronic attack ‘could reasonably lead to catastrophic interruption of life-sustaining services, catastrophic economic damage, or severe degredation of national security capabilities,’ according to summary documents on the U.S. Senate Committee on Homeland Security and Governmental Affairs site.”

The ABA, according to the article, is reserving judgment, but a former Homeland Security policy official was quoted as saying it's possible that law firms could be impacted in extreme situations.

Stewart Baker, a partner at the Washington, D.C. firm, Steptoe & Johnson, who is scheduled to testify before the Senate committee tomorrow, said "It's not completely outside the realm of possibility. But it would be hard to identify those portions of the legal industy that really are critical infrastructure. That is to say, there might be 100 or 200 law firms in America whose secrets, if compromised, would in aggregation result in really significant economic harm. At the end of the day, it's not the law firm's secrets that are important, it's their clients'. Any law firm in America could fail and nobody would die.”

“The bill, in the mean time,” the article said, “is already fostering some controversy. It originated in 2010 as the Protecting Cyber Space as a National Asset Act, and evolved in 2011 as the Cybersecurity and Internet Freedom Act. Those versions were widely criticized for allowing presidential power to order disconnection of networks from the internet, known generally as the internet kill switch. The new bill removes such provisions, yet still invokes what some call constitutional controversy about stipulations that private businesses could be subject to federal monitoring of their computer security, and that businesses could be forced to share potentially private data with the government and other companies. There is also resistance from libertarian groups about what they assert is unnecessary bureaucracy.”