The US House of Representatives sent several cybersecurity bills to the Senate this week, highlighting an ever-growing cyber-risk awareness among lawmakers following news-making breaches and recent reports outlining the extent of threats and the country’s lagging efforts to combat them.
More than a year in the making, the National Cybersecurity and Critical Infrastructure Protection Act (NCCIP) was passed by the House on July 28. The measure is meant to codify and strength the National Cybersecurity and Communications Integration Center—an arm of the Department of Homeland Security—that aids in cyber-threat information sharing with critical infrastructure sectors.
House Homeland Committee Chairman Mike McCaul, R-Texas, said in a statement: “Americans could be greatly harmed by a cyber assault on our nation’s power supply, water or banking systems. H.R. 3696 recognizes this growing threat and strengthens the capabilities of DHS – a civilian, transparent agency – to protect critical infrastructure, while prohibiting new regulations.”
On the House floor McCaul referenced a recent report from the 9/11 Commission, which indicated one former senior leader told the group the US is at a pre-9/11 level in terms of cybersecurity.
ALSO READ: 9/11 Commission: US cybersecurity lags ‘far behind’ threat of attack
“A successful cyber attack on our nation’s water systems, oil and gas pipelines, power grids and mass transit systems on the scale of the recent retail breaches could cause crippling economic damage and could even cost lives,” said McCaul from the floor. “The reality is the threat is outpacing our readiness to combat it. This bipartisan bill establishes a true partnership between DHS and the private sector to ensure the distribution of real-time cyber threat information in order to secure our nation in cyberspace without burdensome mandates or regulations.”
The bill also codifies the public-private partnership framework, the National Infrastructure Protection Plan. NCCIP amends the SAFETY Act to define a qualifying cyber event so “private entities can voluntarily submit their cybersecurity procedures to the SAFETY Act Office to gain additional liability protections in the event of a qualifying cyber incident.”
The House also passed the Critical Infrastructure Research and Development Advancement Act to allow the DHS to develop the latest technology in an effort to stay ahead of terrorists, and the Homeland Security Cybersecurity Boots-on-the-Ground Act, requiring the Secretary of Homeland Security to establish cybersecurity occupation classifications, assess the cybersecurity workforce, and develop a strategy to address identified gaps.
Separately this month the Senate passed the Cybersecurity Information Sharing Act.