The Treasury Department is soliciting public feedback on whether it should change a terrorism risk insurance program to address cyber-related losses.

In a Federal Register notice set for publication Wednesday, Treasury seeks comment from the public for a mandatory report it must deliver to Congress this summer on the effectiveness of the terrorism risk insurance program (TRIP) created by the 2002 Terrorism Risk Insurance Act. That law arose from the Sept. 11 terror attacks and provided a federal backstop to make terrorism risk insurance more available and affordable.

Some experts have suggested that the cyber insurance industry should also get a federal backstop as the industry struggles to develop fully. With the law set to expire at the end of 2027, tying it to the reauthorization of the terrorism risk insurance law could be one way to get Congress to create such a cyber backstop.

Among the topics Treasury hopes commenters will address before it sends the report to Congress in June is the interaction between the terrorism risk insurance law and program, and cybersecurity. The agency will accept comments until May 8.

That includes: “Any potential changes to TRIA or TRIP that would encourage the take up of insurance for cyber-related losses arising from acts of terrorism as defined under TRIA, including, but not limited to the potential modification of the lines of insurance covered by TRIP and revisions to any of the current sharing mechanisms for cyber-related losses, such as, for example, the individual insurer deductible or the federal share percentage.”

In 2021, Treasury issued a rule making it clear that TRIP could cover cyber losses when written in a TRIP-eligible line of insurance. However, a Government Accountability Office report last year outlined some of the limitations there.

“Because TRIA was designed specifically as a federal backstop for losses from acts of terrorism, only losses from cyberattacks certified by Treasury as acts of terrorism would have TRIA coverage,” it states. “As a result, even large cyberattacks that result in catastrophic losses would not be covered under TRIA if they were not certified as acts of terrorism.”

Treasury said in its Federal Register notice that it wants feedback on cyber-related terrorism losses within TRIP and losses outside of it.

Cyberattacks would need to meet definitions under the terrorism risk insurance law to be certified. They need to be violent or otherwise dangerous to life, property or infrastructure, and designed to influence the U.S. population or government. Damage to U.S. organizations outside the United States still might not qualify.

Medical device maker Stryker recently suffered a wiper attack, with the pro-Palestinian, Iranian government-linked group Handala taking credit. It said the attack was in retaliation for U.S. and Israel military strikes against Iran, specifically a U.S. missile strike on a school that killed 175 people, according to Iran’s government.

The post Treasury asks whether terrorism risk insurance program should bolster cyber coverage appeared first on CyberScoop.

Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency looks to be over following his exclusion from a Senate vote Thursday to move forward on a panel of Trump administration picks.

Multiple senators placed holds or threatened holds on his nomination, some related to cybersecurity. But the hold from Sen. Rick Scott, R-Fla., appeared to be the biggest hurdle. With Plankey’s exclusion from the resolution to advance a bevy of nominees that got a key vote Thursday, procedural issues make it unlikely that he will be the nominee going forward, sources told CyberScoop. The administration would have to re-submit his name for nomination next year.

Scott’s hold was related to Department of Homeland Security Secretary Kristi Noem partially terminating a Coast Guard cutter program contract with Florida-based Eastern Shipbuilding Group, multiple sources told CyberScoop. The Government Accountability Office issued a critical report on the program.

While awaiting confirmation, Plankey, a 13-year Coast Guard officer, has been serving as senior adviser to the secretary for the Coast Guard. 

A spokesperson for Scott did not respond to a request for comment Thursday, and did not confirm information about his hold when asked for comment in recent weeks.

Sen. Ron Wyden, D-Ore., also had said he would place a hold on Plankey’s nomination until CISA released an unclassified report on telecommunications network security. CISA said in July it would release the report, but as of Thursday, the agency had not publicly done so.

North Carolina’s GOP senators, Ted Budd and Thom Tillis, also had placed a hold on DHS nominees over disaster relief funding for the state.

A single senator’s ability to hold up the nomination process made Plankey’s inclusion in a broader package  his best chance for advancing.

Plankey’s nomination had broad backing within the cybersecurity community. Backers have frequently called on the Senate to confirm him for CISA director.

Some Democratic senators voted against his nomination after a Senate Homeland Security and Governmental Affairs Committee hearing in July, however, where he faced tough questions from them about election security and the slashed workforce at the agency.

Bridget Bean, since departed from CISA, and Deputy Director Madhu Gottumukkala have served as acting director of the agency since the departure of Jen Easterly in January as the Biden administration ended. The agency is poised to go without a Senate-confirmed leader heading into a year where the Trump administration plans to kick off implementation of a national cybersecurity strategy.

The Trump administration has pulled back a historic number of nominees so far this year. But the Senate in September also confirmed 48 nominees all at once following a rules change intended to overcome Democratic objections to his picks.

The post Sean Plankey nomination to lead CISA appears to be over after Thursday vote appeared first on CyberScoop.