FireEye first cybersecurity firm awarded DHS SAFETY Act certification
The Department of Homeland Security (DHS) certified FireEye technology under the SAFETY Act, effectively shielding the company's customers from any liability in the event of a cyber terrorism attack.
The Department of Homeland Security (DHS) certified two FireEye technologies under the SAFETY Act this week, making it the first cybersecurity company to have some of its products shielded from liability claims.
FireEye's Multi-Vector Virtual Execution engine and Dynamic Threat Intelligence cloud platform will be certified until April 30, 2020, DHS announced on its SAFETY Act website. The certification means FireEye customers are protected from lawsuits or claims that the company's products failed to prevent an act of cyber terrorism, if an attack were to happen. The technology will also be placed on an "approved products list" for Homeland Security.
The SAFETY Act, enacted as part of the Homeland Secure Act of 2002, provides “incentives for the development and deployment of anti-terrorism technologies by creating a system of ‘risk management' and a system of ‘litigation management,'” according to a FAQ page on the Act published by DHS.
Attorney Brian Finch, a legal expert on SAFETY Act concerns who also serves as outside counsel for FireEye, told SCMagazine.com in a Friday interview that the company worked for nearly a year to complete its application and receive approval. Finch, a partner at Pillsbury Winthrop Shaw Pittman LLP's public policy practice, explained that after seven months of assembling the application, DHS reviewed it over the course of four months with multiple inquiries to receive more information from FireEye. The company had to prove that its technology had been working in the real world and demonstrate that it would remain top of the line for years to come, Finch said.
Alexa King, FireEye's senior vice president, general counsel and secretary since April 2012, told SCMagazine.com on Friday that, "this certification is not only validating that customers who buy our products get an additional layer of protection and security, but also providing them with an additional layer of security with regard to legal fees."
DHS declined to respond to an inquiry as to whether other cybersecurity companies were pursuing this certification.