Diversity & Inclusion
A host of cybersecurity incidents this year, ranging from successful hacks into the systems of RSA, Lockheed Martin, Citigroup and Sony's Playstation Network, to McAfee’s report of "Operation Shady RAT," a widespread, systematic program of cyber espionage against U.S. governmental systems by an unnamed foreign government has renewed the urgency for Congress and the Obama administration to pass comprehensive cybersecurity legislation.
We expect that Congress will come under increasing pressure to produce bipartisan legislation. Cybersecurity may be an area where both parties could come together to produce legislation. Public companies, owner/operators of “covered critical infrastructure” (e.g., the energy grid, telecommunications networks, defense contractors, etc.), financial services companies, companies that collect “sensitive personally identifiable information” (such as credit card and social security numbers from consumers) and companies seeking to do business with the federal government likely would be affected by this legislation, both operationally and with respect to disclosure obligations in the event of a security breach.
The Obama administration has proposed legislation, and two separate bills have been proposed in Congress: the Cybersecurity Act of 2010 (co-sponsored by Sens. Jay Rockefeller, D-WV and Olympia Snowe, R-ME) and the Cybersecurity and Internet Freedom Act of 2011 (co-sponsored by Sens. Joseph Lieberman, I-CT, Susan Collins, R-ME and Thomas Carper, D-DE). While the content of any final legislation will differ from any of the bills’ current forms, any final law may affect companies in the following general ways:
In addition to any new legislative requirements, we expect industry “best practice” standards to become more robust. To begin preparing for more stringent requirements, companies should work with their IT and cybersecurity officers to thoroughly understand their current systems. After Congress passes legislation and agencies implement related rules, companies should seek to move swiftly to meet new requirements. We will continue to monitor the status of legislation and provide updates as significant developments occur.
This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.