Two Mass. companies help found cybersecurity policy group

February 18, 2016

David Harris

With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues. Though no whistleblower retaliation statute deals directly with the topic, the Sarbanes-Oxley Act will often protect cybersecurity professionals who work directly for public corporations or those corporations’ service providers. Yet further, the Dodd-Frank Act could allow information security workers to receive a whistleblower reward for reporting cybersecurity concerns to the SEC or CFTC, in some cases.

However, the relationship among cybersecurity issues, SOX, and the Dodd-Frank Act is not yet clearly defined. Accordingly, information security professionals should educate themselves about whistleblower protections. Doing so could make the difference between being protected, receiving a whistleblower reward, or suffering retaliation without recourse.

- See more at:

A group of leading providers of cybersecurity products and services on Thursday launched the Coalition for Cybersecurity Policy and Law, a new organization that will focus on education and collaboration with policymakers on the complicated legislative and regulatory policies related to cybersecurity.

Founding members of the group from Massachusetts include Burlington-based Arbor Networks and Boston cybersecurity company Rapid7 (Nasdaq: RPD). Others include Cisco, Intel, Microsoft, Oracle and Symantec.

Working at the intersection between government entities, researchers, and vendors, the coalition will speak on behalf of the cybersecurity industry in Congress, federal agencies, international standards bodies, industry self-regulatory programs, and other relevant policymaking venues, according to a release.

“Rapidly-evolving technology issues like cybersecurity present a difficult challenge for policymakers as they try to develop effective and balanced policies on issues that are changing in real time,” said Matt Moynahan, president of Arbor Networks, in a statement.

"As the global digital economy and our reliance on technology both continue to grow and evolve, it will be increasingly important to develop robust and clear cybersecurity policy,” said Harley Geiger, director of public policy at Rapid7, in a statement. “We believe the best path forward is through strong collaboration between the security community and policymakers.”

Read Full Article