Ex-Officials Fret Hacked Firms, Fearing Legal Liability, Will Keep Law Enforcement in Dark | Law.com

Former government officials say they fear the Securities and Exchange Commission’s fraud lawsuit against the IT company SolarWinds and its chief information security officer over its massive 2019-2020 data breach will cause many companies to ”think twice” about reporting cyberattacks to law enforcement.

They say that those attacks, often originating overseas, are a mounting threat to the nation’s national security and that close cooperation and information-sharing between the public and private sectors is a key line of defense.

“A CISO or company concerned that the preliminary information about a cybersecurity incident or vulnerability it shares with law enforcement or industry may be treated in hindsight as something that should have been disclosed publicly may think twice before sharing that information in the first place,” says an amicus brief filed Friday by 20 former federal law enforcement and national security officials.

“As it evaluates this action, we would therefore urge this court to consider the importance of public-private sector sharing of cybersecurity threat information to the nation’s ability to prevent and respond to cyberattacks.”

Source: Ex-Officials Fret Hacked Firms, Fearing Legal Liability, Will Keep Law Enforcement in Dark | Law.com