Leaders of the House Homeland Security Committee have introduced a bipartisan bill they contend would strengthen the cybersecurity of the nation's 16 critical infrastructure sectors and the federal government by codifying, strengthening and providing oversight of the mission of the Department of Homeland Security.
See Also: Don't Be The Next OPM: Recognizing Risk
The sponsors say the National Cybersecurity and Critical Infrastructure Protection Act of 2013, introduced Dec. 11, would bolster the partnership between industry and the government to jointly raise the bar on cybersecurity.
"The NCCIP Act will allow us to face the cyberthreat head on," says Rep. Patrick Meehan, R-Pa., who chairs the panel's Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee. "The bill will help us responsibly coordinate our cyberdefenses and strengthen civilian leadership of their while protecting Americans' privacy and civil liberties."
- Codify and strengthen the National Cybersecurity and Communications Integration Center, a federal civilian agency that promotes real-time cyberthreat information sharing across critical infrastructure sectors;
- Establish an equal partnership between industry and DHS, and ensure that DHS properly recognizes industry-led entities to facilitate critical infrastructure protection and incident response;
- Codify and strengthen the National Infrastructure Protection Plan, a public-private partnership framework that has been supported by the industry since 2003;
- Codify the Cyber Incident Response Teams to provide timely technical assistance, crisis management and actionable recommendations on cyberthreats to critical infrastructure owners and operators on a voluntary basis;
- Ensure that the National Cybersecurity Incident Response Plan is updated regularly and coordinated with federal, state, local and private-sector stakeholders;
- Codify DHS operational information security activities to ensure the resiliency of all federal civilian information systems and networks;
- Amend the SAFETY Act to establish a threshold for qualifying cyber-incidents so private entities can submit voluntarily their cybersecurity procedures to the SAFETY Act office to gain additional liability protections in the event of a qualifying cyber incident.
The measure, which is budget neutral, also would prohibit new regulatory authority at DHS.
"This bill represents a positive step forward to help foster a more secure cyberspace and keep America on the forefront of innovation," says Rep. Bennie Thompson, D-Miss., the committee's ranking member. "Under this measure, the Department of Homeland Security would have the authority it needs to effectively execute its cybersecurity mission, a bipartisan priority."