Cybersecurity Bill Advances in House

Bill Would Limit DHS Regulatory Authority
Cybersecurity Bill Advances in House
House Homeland Security Committee Chairman Michael McCaul

Bipartisan legislation that backers say would fortify the cybersecurity of the nation's 16 critical infrastructure sectors and the federal government by codifying, strengthening and providing oversight of the mission of the Department of Homeland Security has cleared its first hurdle.

See Also: Cyber Kill Chain: How To Keep Network Intruders At Bay

The House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies approved the bill, HR 3696, Jan. 15 by a voice vote. The measure, the National Cybersecurity and Critical Infrastructure Protection Act of 2013, heads to the full Homeland Security Committee for consideration.

"HR 3696 recognizes this growing threat and strengthens the capabilities of DHS - a civilian, transparent agency - to protect critical infrastructure, while prohibiting new regulations," says Homeland Security Committee Chairman Michael McCaul, R-Texas.

Bill's Provisions

Bill sponsors say the legislation, if enacted, would bolster the partnership between industry and government on cybersecurity. According to its sponsors, the bill would:

  • Codify and strengthen the National Cybersecurity and Communications Integration Center, a federal civilian agency that promotes real-time cyberthreat information sharing across critical infrastructure sectors;
  • Establish an equal partnership between industry and DHS, and ensure that DHS properly recognizes industry-led entities to facilitate critical infrastructure protection and incident response;
  • Codify and strengthen the National Infrastructure Protection Plan, a public-private partnership framework that has been supported by the industry since 2003;
  • Codify the Cyber Incident Response Teams to provide timely technical assistance, crisis management and actionable recommendations on cyberthreats to critical infrastructure owners and operators on a voluntary basis;
  • Ensure that the National Cybersecurity Incident Response Plan is updated regularly and coordinated with federal, state, local and private-sector stakeholders;
  • Codify DHS operational information security activities to ensure the resiliency of all federal civilian information systems and networks;
  • Amend the SAFETY Act to establish a threshold for qualifying cyber-incidents so private entities can submit voluntarily their cybersecurity procedures to the SAFETY Act office to gain additional liability protections in the event of a qualifying cyber incident.

Anti-Regulation Theme

The bill, which would not require any additional funding, would prohibit DHS from obtaining new cybersecurity regulatory authority. That provision reflects Republican resolve that the government will not adopt cybersecurity regulations to impose on the private sector.

The House action comes a month before the Obama administration issues its cybersecurity framework that will describe how private critical infrastructure operators could protect themselves from digital assaults. Use of the framework will be voluntary, not mandatory

The bipartisan bill was introduced in December by McCaul, Ranking Member Bennie Thompson, D-Miss., Subcommittee Chairman Patrick Meehan, R-Pa., and Subcommittee Ranking Member Yvette Clarke, D-N.Y.

About the Author

Eric Chabrow

Eric Chabrow

Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow, who oversees ISMG's GovInfoSecurity and InfoRiskToday, is a veteran multimedia journalist who has covered information technology, government and business. He's the former top editor at the award-winning business journal CIO Insight and a long-time editor and writer at InformationWeek.

Around the Network