Capital Thinking: Cybersecurity




House Cybersecurity Legislation

The House Homeland Security Committee is currently circulating a revised draft of the National Cybersecurity and Critical Protection Act (NCCIP), the committee’s cybersecurity legislation. The bill would codify many of the current cybersecurity roles of the U.S. Department of Homeland Security (DHS), including the National Cybersecurity and Communications Integration Center (NCCIC). The bill also includes identical language from the Senate Commerce, Science and Transportation Committee legislation, the Cybersecurity Act of 2013 (S. 1353), which was marked up by the Committee at the end of July. The language builds on existing authorities of the National Institute of Standards and Technology (NIST) and focuses on efforts to facilitate and support the development of voluntary, industry-led cyber standards and best practices for critical infrastructure. The bill is likely to be officially introduced and marked up in the coming weeks.

Senate Cybersecurity Legislation

While the Senate Commerce, Science and Transportation Committee marked up its bill prior to the August recess, the Senate Homeland Security and Governmental Affairs Committee and Senate Intelligence Committee are also expected to introduce separate cybersecurity bills this year.  In addition, Senate Judiciary Subcommittee on Crime and Terrorism Chairman Sheldon Whitehouse (D-RI) and Ranking Member Lindsey Graham (R-SC) have been circulating draft legislation to enhance U.S. criminal laws against trade secrets theft, particularly by means of computer hacking from foreign countries.

Executive Branch Activity


DHS Undersecretary for Cybersecurity

In August, DHS named Phyllis Schneck, Vice President and Chief Technology Officer at McAfee, as the next Undersecretary for Cybersecurity after Mark Weatherford’s departure from DHS in May. Schneck will play a key role at the Department as DHS continues to implement President Obama’s Executive Order (EO).

NIST Cybersecurity Framework Workshop

The next NIST Cybersecurity Framework workshop will take place September 11-13 in Dallas, Texas. Last week, NIST released a discussion draft of the Framework in preparation for the workshop. After reviewing feedback from stakeholders that attend next week’s workshop, NIST will release its draft Cybersecurity Framework in October, as required by the EO. A final version of the Cybersecurity Framework is due in February 2014.

Incentives for Critical Infrastructure

As part of the EO, the Departments of Homeland Security, Commerce and the Treasury were required to compile a list of incentives for critical infrastructure that would be needed to promote participation in the voluntary NIST Cybersecurity Framework. The Departments released their recommendations in August which included incentives such as limited protections from legal liability, expedited security clearance approval, technical assistance, procurement considerations and other recommended incentives for entities that participate in the Cybersecurity Framework. Many of the incentives will require additional legislation before they can be implemented.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Squire Patton Boggs | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.