As cybersecurity issues continue to garner headlines, more than half a dozen bills that attempt to address different facets of network security are pending in Congress. Last week, the House of Representatives passed four separate bills addressing various aspects of the cybersecurity problem. The Obama Administration has already proposed its own model bill and continues to press Congress to act, citing a number of potential threats. In the Senate, proponents of the leading bill are negotiating with proponents of a Republican alternative. Meanwhile, perceptions of the threat continue to evolve and congressional proposals continue to change as new information becomes available. Notably, lawmakers increasingly are singling out China as the most threatening state actor, especially with respect to economic espionage.
Operators of “critical infrastructure” should be aware of their potential new legal obligations and privileges under the various bills. The bills’ definitions of “critical infrastructure” vary, but generally include operators of utilities and the electrical grid, telecommunications networks, financial services firms and defense contractors. Technology companies, government contractors and others also may be covered. All of these parties may face new regulatory requirements after the passage of a law. Operators of critical infrastructure and other businesses that source equipment from foreign sources, most notably China, may also be affected by a new law. Businesses also may need to update their cybersecurity policies related to the handling of sensitive business and customer information to address any new laws or regulations.
Please see full publication below for more information.