Feb. 26 --Homeland Security Secretary Jeh Johnson welcomed bipartisan cybersecurity legislation that was recently advanced by a key House committee.
The legislation (H.R. 3696), which was introduced by House Homeland Security Chairman Michael McCaul (R-Texas), would clarify the role of DHS in combatting cyberthreats facing the private sector.
“We think this bill is a good step forward,” Johnson said at a Feb. 26 hearing convened by McCaul. “We want to continue working with Congress on this and other legislation to improve the government's and the nation's overall cybersecurity posture.”
Johnson, who was sworn in as the fourth secretary of homeland security in late December, appeared before the House Homeland Security Committee to outline his vision for DHS. He previously highlighted the need for cybersecurity legislation in a speech laying out his priorities.
Under the McCaul proposal, which was approved by the committee on Feb. 5, the DHS National Cybersecurity and Communications Integration Center (NCCIC) would be codified as an entity charged with facilitating real-time cyberthreat information sharing.
The bill includes language to make clear that nothing in the legislation is intended to provide DHS with any new regulatory authority. Another provision would ensure that cybersecurity technologies are entitled to liability protection under the 2002 Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act.
The measure is co-sponsored by Rep. Bennie Thompson (D-Miss.), the committee's ranking member, and by Reps. Patrick Meehan (R-Pa.) and Yvette Clarke (D-N.Y.), the chairman and ranking member of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
The legislation has been endorsed by a range of stakeholders, from the American Civil Liberties Union to the American Chemistry Council.
Last year, the House approved a cyberthreat information-sharing bill (H.R. 624) that was opposed by privacy groups. That measure, which was introduced by leaders of the House Intelligence Committee, called for companies to be given liability protections in exchange for sharing cyberthreat data with other private entities or the government. Critics said the bill, which prompted a veto threat from the White House and has not been acted upon in Senate, would broadly shield companies that share Internet users' personal data with other organizations.
Privacy advocates were particularly worried about potential government abuses. The outlook for the legislation has been further complicated by revelations about controversial National Security Agency surveillance activities.
The Homeland Security Committee bill, proponents say, has the potential to refocus the cybersecurity debate.
“The fact that the American Civil Liberties Union called the bill 'pro-security and pro-privacy' underscores that H.R. 3696, as introduced, effectively avoids the privacy and civil liberties pitfalls that plagued other cyber legislation,” Clarke said in January.
However, it was not immediately clear when or if House leadership plans to bring the bill to the floor. A spokeswoman for House Majority Leader Eric Cantor (R-Va.) didn't respond to a request for comment.
In the meantime, the DHS and other federal agencies have been moving forward with cybersecurity steps directed by President Barack Obama.
Under an executive order signed by the president last year, the National Institute of Standards and Technology, a division of the Department of Commerce, was required to develop a framework consisting of voluntary cybersecurity best practices for “critical infrastructure” entities, such as banks and telecommunications providers.
On Feb. 12, the administration unveiled a final version of the NIST framework and a DHS program that offers related technical assistance to companies. The administration is expected to move forward with a plan to offer incentives to companies that agree to adopt the framework, but the details remain unclear.
To contact the reporter on this story: Alexei Alexis in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Heather Rothman at email@example.com
Full text of Johnson's prepared testimony can be found at http://docs.house.gov/meetings/HM/HM00/20140226/101722/HHRG-113-HM00-Wstate-JohnsonJ-20140226.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).