Cybersecurity Bill Advances in House

Bill Would Limit DHS Regulatory Authority

By , January 16, 2014.
House Homeland Security Committee Chairman Michael McCaul
House Homeland Security Committee Chairman Michael McCaul

Bipartisan legislation that backers say would fortify the cybersecurity of the nation's 16 critical infrastructure sectors and the federal government by codifying, strengthening and providing oversight of the mission of the Department of Homeland Security has cleared its first hurdle.

See Also: The Evolution of Advanced Malware

The House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies approved the bill, HR 3696, Jan. 15 by a voice vote. The measure, the National Cybersecurity and Critical Infrastructure Protection Act of 2013, heads to the full Homeland Security Committee for consideration.

"HR 3696 recognizes this growing threat and strengthens the capabilities of DHS - a civilian, transparent agency - to protect critical infrastructure, while prohibiting new regulations," says Homeland Security Committee Chairman Michael McCaul, R-Texas.

Bill's Provisions

Bill sponsors say the legislation, if enacted, would bolster the partnership between industry and government on cybersecurity. According to its sponsors, the bill would:

  • Codify and strengthen the National Cybersecurity and Communications Integration Center, a federal civilian agency that promotes real-time cyberthreat information sharing across critical infrastructure sectors;
  • Establish an equal partnership between industry and DHS, and ensure that DHS properly recognizes industry-led entities to facilitate critical infrastructure protection and incident response;
  • Codify and strengthen the National Infrastructure Protection Plan, a public-private partnership framework that has been supported by the industry since 2003;
  • Codify the Cyber Incident Response Teams to provide timely technical assistance, crisis management and actionable recommendations on cyberthreats to critical infrastructure owners and operators on a voluntary basis;
  • Ensure that the National Cybersecurity Incident Response Plan is updated regularly and coordinated with federal, state, local and private-sector stakeholders;
  • Codify DHS operational information security activities to ensure the resiliency of all federal civilian information systems and networks;
  • Amend the SAFETY Act to establish a threshold for qualifying cyber-incidents so private entities can submit voluntarily their cybersecurity procedures to the SAFETY Act office to gain additional liability protections in the event of a qualifying cyber incident.

Anti-Regulation Theme

The bill, which would not require any additional funding, would prohibit DHS from obtaining new cybersecurity regulatory authority. That provision reflects Republican resolve that the government will not adopt cybersecurity regulations to impose on the private sector.

The House action comes a month before the Obama administration issues its cybersecurity framework that will describe how private critical infrastructure operators could protect themselves from digital assaults. Use of the framework will be voluntary, not mandatory

The bipartisan bill was introduced in December by McCaul, Ranking Member Bennie Thompson, D-Miss., Subcommittee Chairman Patrick Meehan, R-Pa., and Subcommittee Ranking Member Yvette Clarke, D-N.Y.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Online Identity: The Legal Questions

The more organizations structure business and processes around online identities, the more they...

Latest Tweets and Mentions

ARTICLE Online Identity: The Legal Questions

The more organizations structure business and processes around online identities, the more they...

The ISMG Network