Congress passes series of cybersecurity bills

By Erin Ayers on December 16, 2014

capitol-building-150x150Congress passed several bills aimed at improving the nation’s cybersecurity defenses this week in terms of breach response, federal workforce capabilities, and information sharing among agencies.

S-2519, a measure to launch an operations center for overseeing infrastructure, cybersecurity, and related programs under the Department of Homeland Security, now goes to Pres. Barack Obama’s desk for his signature.

The center will support sharing of information relating to cybersecurity threats, vulnerabilities, impacts, and incidents among federal, state, and local government entities and private sector entities, as well as provide technical assistance. The bill specifically notes that the new center will have no regulatory authority and is to be composed of federal agencies, civilians, law enforcement, private sector business, operators of critical information centers, the intelligence community, and state and local governments. It does not address immunity from liability for private sector companies that share information about threats with the government or each other, a key concern for many industries that track and assess cyber threats.

Another bill, S-2521, the Federal Information Security Modernization Act of 2014, clarifies that the DHS oversees all policies relating to information security. It requires all federal agencies to notify Congress of any breaches within seven days of the incident and authorizes the Office of Management and Budget (OMB) to outline response plans for government agencies in the event of a breach of personally identifiable information. The measure updates the Federal Information Security Management Act of 2002.

Another bill, S-1691, provides for hiring and compensation details of additional staff at the DHS to direct cybersecurity initiatives. The bill recommends that these would be senior level positions, compensated in accordance with similar roles at the Department of Defense.

Finally, another bill, H.R. 2592, remains in the Senate where the two houses are resolving differences. The goal of the measure is to ensure that the government’s cyber-related workforce is up-to-date and there is a strategic plan in place for protecting critical infrastructure from all risks.

One of the lead sponsors of the National Cybersecurity Protection Act of 2014 (S-2519), Sen. Tom Carper (D-Del.), stated, “Cybersecurity is one of our nation’s biggest challenges. It is more than clear that the federal government needs to address this 21st century threat with a 21st century response. While our work in this area is far from finished, these bills are an important step in our effort to modernize our nation’s cybersecurity programs and help the public and private sectors work together to tackle cyber threats more effectively in the future.”

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].