Hacking is no longer limited to bored teenage techies. It is a tool used by organized crime, unfriendly nations, radicals, extremists and terrorist groups. Today’s potential cyber risks and exposures are far more severe than just compromised personal information. Vulnerabilities in information systems threaten the entire country’s physical and financial safety and security. Cyber terrorism is real and it will continue to be exploited and "perfected".

Cyber terrorism falls into many categories.  The first, well exploited by Hollywood, would be hacking into a system in order to cause physical harm to people or property. Examples include opening a dam, shutting down a power grid or causing highly dangerous situations at refineries or chemical plants.

The second type of cyber related terrorism would be hacking into a system with the intent of causing massive financial harm as a direct result.

Other types of e-terrorism categories are more obscure, intertwined, and can easily be employed to help facilitate other types of attacks including the ones described above. These events, the ultimate damage, and any resulting liability may not be discovered for many years. These types of attacks include, but are certainly not limited to: 

• Raising Money - Setting up electronic theft, fraud, money-laundering or other schemes to fund other terrorist activities such as recruiting, planning, and executing future attacks.
• Using Malware – Hacking into a network to plant Trojan Horses, spyware, viruses, or other malware assisting in theft, destruction, or manipulation of assets, funds, information or data.
• Obtaining Remote Access - Accessing a computer or network to gain “safe” web access. To avoid detection, terrorists communicate, plan, time events, purchase tickets, etc. under the guise of such activities originating from a trusted source. This could be your organization’s network.  Google: "How to hack into a network," to see thousands of very scary results.
• Identity Theft - Terrorists use stolen identities to cover their actions and help elude detection. These identities also include “virtual identities” such network IP or email addresses. There are many benefits of stealing a virtual or online identity. Information gathering and planning can be made much easier by exploiting ‘trusted’ relationships when acting as the stolen identity. As an example, obtaining information from others as a ‘trusted’ email sender.
• Manipulate Stock Prices - Online stock trading and message boards have resulted in an environment where it is very possible to deliberately manipulate a stock’s price. This is made even easier and ultra-transparent with the ‘right’ stolen identity. Terrorists can use this as an additional funding source, or to manipulate stock or commodity prices with the ultimate intent of moving markets into chaos. A virtual ‘attack’ on a given company’s stock, rather than a physical attack on their facilities, could be highly effective. The planning and execution stages would be less detectable, and in particular, by using stolen identities through ‘safe’ networks. 

Unlike “conventional” terrorism limited to physical attacks on hard targets, cyber threats: 

• Have an almost infinite number of relatively easy access points
• Have a truly global reach from any location on earth
• Are more effective in relying on both true anonymity, and quite literally, at light speed
• Transcend all physical, organizational, operational, geopolitical, and national borders
• Can target any stakeholder — individuals, schools, municipalities, corporations or other organizations, including entire industries, sectors, markets, economies, governments, etc.
• Can cause physical or financial harm, or both: 
  • Can impact physical domains i.e. critical infrastructure or facility operations
  • Can be intended to cause, direct financial harm to specific targets 

As a part of their recent Board meeting, the Internet Security Alliance (ISA) released “The Cyber Security Social Contract: Policy Recommendations for the Obama Administration and the 111th Congress”. This 45-page document provides detailed recommendations for the new administration. One of the four top suggestions made to the President Elect is providing “Better positive based incentives … To accomplish this, we can look at historical examples of positive incentive programs, such as the SAFETY Act  ….  .”  Another of the four suggestions presented to Mr. Obama is the need to “Have a robust insurance market”.

Regardless of the cost, post September 11^th, there is currently not enough, and likely there will never be enough, terrorism related insurance available globally to assure any organization’s financial survival following a serious event. On the other hand, the good news is that approval under SAFETY Act automatically grants immunity, liability caps, affirmative defenses and other incentives for entities providing or using approved anti-terrorism products, technologies, facilities, software, procedures and/or services. The very nature of network and IT security protection makes the developer, provider or user an ideal candidate for SAFETY Act protection.

We can help you use SAFETY Act to drastically reduce the enterprise threatening liability exposures you will face if a cyber terrorism event somehow involves your products, systems, networks, hardware, software, advice, services or facilities. In addition, entities that sell or provide anti-terrorism / e-terrorism goods or services to others will enjoy a significant marketing advantage and higher demand for their approved products and services.

To qualify for SAFETY Act protection, the protections utilized do not have to be dedicated exclusively to preventing e-terrorism but they do need to have an anti-terrorism element. Network protection is an ideal example of simultaneously guarding against both terrorism and non-terrorism threats.

DHS approval under the SAFETY Act automatically grants unprecedented liability protection and immunity from lawsuits stemming from a terrorist event including cyber terrorism. The Act protects against allegations that a SAFETY Act Designated product, technology, service, procedure, software, advice or facility failed, was misused, inadequate or otherwise and did not identify, prevent, respond to or respond appropriately or otherwise help mitigate a terrorist act. SAFETY Act’s broad protections will apply to suits resulting from, or alleging, bodily injury, property damage and/or other harm, including financial harm.

Another exciting feature, although not the SAFETY Act’s intended purpose, is the significant marketing edge and higher demand that SAFETY Act approval creates for entities that provide products and services to others. 

See our SAFETY Act Marketing Advantages Page 

 SAC's White Paper: "Cyber Terrorism and the SAFETY Act" - Nov 2011

Download Here

 Cyber Related News

Deputy Secretary Lute gives a nod to the SAFETY Act

Written testimony of DHS Deputy Secretary Jane Holl Lute for a House Committee on Homeland Security hearing titled “DHS Cybersecurity: Roles and Responsibilities to Protect the Nation's Critical Infrastructure”



Release Date:  March 13, 2013

 From The Public Entity Risk Institute’s
"PERIScope" Newsletter - January 2011:  

PERI - "Cyber Terrorism and SAFETY Act"

Download Here 

The Public Entity Risk Institute (PERI) is an independent thought leader and definitive resource for risk management, serving public entities, small businesses and small nonprofit organizations. Its mission is to improve its constituents’ sustainability by enabling them to identify and address their risks and vulnerabilities. PERI provides guidance through relevant and high quality publications, information, training, resources, and consulting services. PERI was established in 1997 as a 501(c)(3) tax-exempt, nonprofit, non-membership organization.

The threat is real:

Stuxnet Computer Worm

 New threat: Hackers look to take over power plants

By LOLITA C. BALDOR (AP) – August 3, 2010

WASHINGTON — Computer hackers have begun targeting power plants and other critical operations around the world in bold new efforts to seize control of them, setting off a scramble to shore up aging, vulnerable systems....

Read Full Article

See our SAFETY Act Marketing Advantages Section

Our Core Services:

• Free Initial Consultation

• Help Reduce Your Costs

• Detailed SAFETY Act Explanation and Education

• Evaluate SAFETY Act Applicabilty to Your Specific Exposures

• Review and Evaluate Your Overall Terrorism Liability Exposures and Mitigation Strategies

• Provide Highly Cost Effective Solutions

• Provide Reports and Updates as Requested

• Full SAFETY Act Application Support

• Provide Updates & DHS Feedback

• Negotiate with the DHS, Lawyers, Brokers and/or Insurers as Needed

• Evaluate Existing SAFETY Act Approvals for Issues and Conflicts

• Review Insurance Program for Conflicts, Compliance, Adequacy and Potential Cost of Risk Savings

• Review Contracts and Agreements for Conflicts, Issues, Compliance and Modifications Needed

• Assist in Upgrading Any Existing SAFETY Act Approvals

• Help You Use SAFETY Act to Better Market Approved Products and/or Services

• Help Create an Overall SAFETY Act Strategy Plan for You, Your Customers, Suppliers, and Vendors

• Provide Expert Advice, Consultation and Access to Our Key Business Partners as Needed or Requested

• Consult on Other Related Terrorism Financial Protection Strategies and Solutions

By e-Mail:

    info [at] SAFETYACTCONSULTANTS dot com

Our online web-form:   Web-form

Phone:     (202) 640-4000

Toll-free:  (855) SAFETY ACT  or:                                (877) S ACT HELP 

Fax:           (202) 407-7054

Mailing Address:

SAFETY ACT CONSULTANTS
P.O. Box 1666
Brookfield, WI  53008-1666

We look forward to assisting you in creating customized solutions critical to your organization and key in helping to protect people and assets. 

We will help you:

Protect Your Organization from enterprise threatening liability that will follow a terrorist event alleged to involve your organization's facilities or products in any way

Protect your bottom line from suits stemming from the use, manufacture, distribution, provision or deployment of anti-terrorism or terrorism response or mitigation related products, advice, aid, procedures, technologies or other services

Save Money on both new and existing insurance programs, the ongoing cost of risk as well as the overall SAFETY Act process

Increase Your Revenue by using SAFETY Act approval to help market your products, advice, facilities, technologies or services including cyber or network related

Thoroughly understand the SAFETY Act as well as the regulations that implement it

Thoroughly understand the SAFETY Act application process

Evaluate the Act's benefit to your organization, insurance,  products, suppliers, vendors and customers

Determine if SAFETY Act
protection can apply to a given product, facility, technology, procedure and/or service

Describe and review the Act with your risk management, legal, upper management, finance, engineering, and marketing groups as needed 

Evaluate the time demands, costs and difficulty of the application process for your unique exposures

Manage the entire application process through completion

Evaluate insurance programs for adequacy in coverage, limits, protecting your liability cap savings, insurer and SAFETY Act compliance

Evaluate contracts and other agreements for conflicts, issues adequacy as well as insurer and SAFETY Act compliance

Provide options for minimizing cost of insurance and risk while maximizing coverages

Arrange for outside experts as appropriate for your specific needs including experts in technical, legal, insurance and political affairs as well as physical and financial asset, business income and supply chain protection

Monitor the SAFETY Act status of your suppliers, vendors, subcontractors and customers

Negotiate with the DHS, insurance brokers, insurers and/or lawyers if potential problems, conflicts, limitations, potential savings or enhancement possibilities exist

Create a standardized process to coordinate and manage all SAFETY Act related activities for existing, planned or future exposures as well as third party approvals (i.e. your vendors)

Post approval support including any changes in your insurance, the insurance market, insurance costs; changes in your approved products or services; periodic review of compliance and other services you deem necessary

Advise on other terrorism related financial protection strategies including contractual protection review, FARs, Public Law 85-804, Government Contractor Defense - "Boyle", captive utilization and/or formation, conventional and non-conventional terrorism insurance coverages, TRIA applicability and access, etc.