Cybersecurity bills before congress

Wednesday, April 28, 2010 @ 05:04 PM gHale


Congress is now in the midst of considering at least six notable cybersecurity bills before summer rolls around and senators and representatives begin to focus more on the fall elections.

Of these cybersecurity measures, only one bill has passed either chamber; in February, the House of Representatives overwhelmingly approved the Cybersecurity Enhancement Act. And just one significant IT security bill has made it to the full Senate, the Cybersecurity Act, which cleared a Senate panel on a voice vote. The other bills remain in committee.

Most of the bills have some overlapping provisions, but except for the International Cybercrime Reporting and Cooperation Act that have twin Senate and House versions, none of the bills are identical.

What follows are brief descriptions of each of these cybersecurity bills and their respective status. (This list does not include the International Cyberspace and Cybersecurity Coordination Act of 2010, which Sens. John Kerry, D.-Mass., and Kristen Gillibrand, D.-N.Y., introduced.

H.R. 4061 : Cybersecurity Enhancement Act of 2010, sponsored by Rep. Daniel Lipinski, D.-Ill., passed the House on February 4. The measure, assigned to the Senate Commerce, Science and Transportation Committee, promotes the development of a skilled cybersecurity federal workforce, coordinate and prioritize federal cybersecurity research and development, improve the transfer of cybersecurity technologies to the marketplace and promote cybersecurity education and awareness for the public. It also would strengthen the role of the National Institute of Standards and Technology in shaping the way the federal government and the nation address cybersecurity. H.R. 1051 would order NIST to develop and implement a public cybersecurity awareness and education program to encourage the more widespread adoption of best practices.

S 773: Cybersecurity Act of 2010, sponsored by Sens. Jay Rockefeller, D.-W.Va., and Olympia Snowe, R.-Maine, requires the president to work with the private sector to develop a comprehensive national cybersecurity strategy for the nation and establish a cybersecurity advisory panel of outside experts from industry, academia and non-profit advocacy organizations to advise him on cybersecurity related matters. The bill, which cleared the Senate Committee on Commerce, Science and Transportation on March 24, delegates NIST as the United States’ representative in the development of international cybersecurity standards. Other provisions would require periodic appraisals of the nation’s cybersecurity posture, promote cybersecurity education, awareness and research and development. It also would establish a board to standardized secure computer products for federal acquisition.

Rockefeller and Snowe have a companion bill ‑ S. 788, assigned to the Committee on Homeland Security and Governmental Affair ‑ that would establish within the Executive Office of the White House the Office of National Cybersecurity Adviser.

S. 921: United States Information and Communications Enhancement Act, or U.S. ICE primarily would update the 8-year-old Federal Information Security Management Act, which provides the blueprint for federal departments and agencies to secure their IT assets. Sen. Tom Carper, the Delaware Democrat who chairs the Senate subcommittee with cybersecurity oversight, is the bill’s chief sponsor. The measure was assigned to the Committee on Homeland Security and Governmental Affairs.

The original version of U.S. ICE introduced nearly a year ago, like S. 788, would have established a White House office to oversee cybersecurity, but that provision was excised in a revision approved last summer. The revision gives the Department of Homeland Security more sway in managing cybersecurity among federal executive departments and agencies. Though the Office of Management and Budget would retain final say over agencies’ cybersecurity budgets, the revised bill provides for DHS to review all departmental and agency cybersecurity spending plans and forward its recommendation to OMB.

H.R. 4900: Federal Information Security Amendment Act, sponsored by Rep. Diane Watson, D.-Calif., is similar to U.S. ICE since both measures aim at updating FISMA. The major difference between the two bills is the House version places cybersecurity authority in the White House whereas the Senate measure grants much cybersecurity governance clout in DHS. Among other provisions of H.R. 4900: Establish a National Office for Cyberspace in the White House whose Senate-confirmed director would chair a newly created Federal Cybersecurity Practice Board to develop the processes agency would follow to defend their IT systems.

The bill also would establish requirements for agencies to undertake automated and continuous system monitoring to identify system compliance, deficiencies and potential risks, require agencies to conduct regular evaluations of their systems and obtain an annual, independent audit of their IT programs to determine their overall effectiveness and compliance with FISMA requirements. It also would establish requirements for the purchase of secure commercial, off-the-shelf IT products and services as well as policies for mitigating supply chain risks associated with those products.

S. 3155 and H.R. 4692: International Cybercrime Reporting and Cooperation Act were introduced in both chambers by Rep. Yvette Clarke and Sen. Kristen Gillibrand, both New York Democrats. The legislation would require the president to provide a global assessment of identity threats from abroad and work with other countries to crack down on their own cyber criminals. The bills provide for financial sanctions on countries that do not cooperate.

The Senate bill went to the Foreign Relations Committee; the House measure was assigned to the Foreign Affairs, Ways and Means and Financial Services.

S. 1438: Fostering a Global Response to Cyber Attacks Act was introduced by Gillibrand and assigned to the Foreign Relations Committee. This bill would require the Secretary of State to submit a report to Congress on improving cybersecurity, encourage international cybersecurity cooperation and develop safeguards to protect privacy, freedom of speech, and commercial transactions for inclusion in cybersecurity agreements.



Leave a Reply

You must be logged in to post a comment.