Legislative Update – Cybersecurity

more+
less-

As the 112th Congress gets underway, many continue to feel that partisan gridlock will block movement on significant legislation, leaving congressional activity to legislation that doesn’t require a heavy lift. However, in what many view as a surprising move, Congress appears ready to address one of the most complicated issues on its agenda – cybersecurity.  There are ample disagreements in approach, but a serious effort is underway to bridge these differences and get a bill passed.  There is a strong push for information sharing between the public and private sectors as a means to protect against cyber attacks.  This concept of information sharing is a main component of a House cyber security bill that was marked up last week, and was also the topic of an opinion piece written by a group of Senate Republicans.  The authors – Sens. Hutchison, Grassley, Chambliss, and Murkowski – outline their approach to cybersecurity and stress that it is important for the Administration and Congress to work together to ensure a bipartisan solution.  In addition to information sharing, the overall balance between government intelligence needs and private business needs is a priority for both House and Senate cybersecurity legislation.  There have been reports that a classified briefing between Administration officials and Senators took place last week to discuss the urgency of passing a cybersecurity bill this year.

House:  A bill introduced by Cybersecurity Subcommittee chairman Dan Lungren (R-CA) and Homeland Security Committee chairman Peter King (R-NY) has drawn support from key Democrats, and will likely also gain support from Republicans because it is intended to facilitate information sharing between the government and private sector.  The Promoting and Enhancing Cybersecurity Act, H.R. 3674, represents a blend of incentives and new regulation.  This bill was marked up on Wednesday, February 1, and Chairman Lungren offered an amendment in the nature of a substitute.  There are other House proposals in the works, but it is unclear whether the House will follow the Senate’s lead and attempt to combine them into one comprehensive measure.  Rep. Mac Thornberry (R-TX), has indicated that the House is waiting to see what the Senate does and is aiming for getting cybersecurity bills on the floor by the end of February or beginning of March.  Rep. Thornberry has also noted that successful cybersecurity legislation should be focused on emerging threats and encourage both the public and private sector to practice good cyber hygiene and reduce clutter in their networks.  

Senate:  Several Senate committees, led by the Commerce Committee and the Homeland Security and Government Affairs Committee (HSGAC), have been working for more than a year on a comprehensive bill, and Senate Majority Leader Harry Reid (D-NV) announced late last year that he intended to bring a bill to the floor in the coming months.  Jeffrey Greene, Senior Counsel at HSGAC, has indicated that they have taken the Majority Leader’s direction seriously and are close to finalizing a bill that could be filed as early as this week.  Tom Ross, who is the intelligence expert from Sen. Reid’s office, has indicated that the Senate is working on formulating a federal data breach notification standard.  Members of the Judiciary and Commerce Committees wish to include this type of standard in cybersecurity legislation, but they are in the process of determining how broad the language should be.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.