By Alexei Alexis
Significant progress has been made on a forthcoming House bill to address the Department of Homeland Security's role in helping U.S. companies combat cyberthreats, Rep. Patrick Meehan (R-Pa.), one of the drafters, told BNA May 16.
The upcoming bill will likely focus on codifying the role of DHS as a central point for cyberthreat information sharing between the federal government and private sector, according to Meehan, who chairs the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
“Pen has been put to paper, and we're well along the way,” he said in a BNA interview that followed a subcommittee hearing. “We're meeting privately with multiple industry sectors and discussing the details of what should be contained in the bill.”
Meehan said he expected legislation to be introduced soon but did not have a specific time. He said that he was drafting the legislation with Rep. Michael McCaul (R-Texas), chairman of the full committee.
The subcommittee has been conducting a series of cybersecurity hearings that are expected to inform the coming bill. The latest hearing focused on work that DHS is doing to protect U.S. companies from cyber-attacks.
“This needs to be properly codified,” Meehan told BNA. “Right now, it's all over the place, from presidential directives to executive orders.”
According to a statement provided by DHS, the agency coordinates the overall federal effort to promote the security and resilience of the nation's “critical infrastructure” through coordination with the private sector.
“The United States confronts a dangerous combination of known and unknown vulnerabilities in cyberspace and strong and rapidly expanding adversary capabilities,” the statement said.
In April, the House passed a cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA) (H.R. 624) (12 PVLR 671, 4/22/13), which was introduced by Reps. Mike Rogers (R-Mich.) and C.A. “Dutch” Ruppersberger (D-Md.), chairman and ranking member, respectively, of the House Intelligence Committee.
While that bill addresses information sharing, Meehan said that more work needs to be done on the role of DHS and its relationship with the private sector, which comes squarely under the jurisdiction of the Homeland Security Committee.
Meanwhile, Sen. Tom Carper (D-Del.), chairman of the Senate Homeland Security and Governmental Affairs Committee, has said that he will work with Senate colleagues on both sides of the aisle to develop broader cybersecurity legislation that would support initiatives already moving forward under an executive order signed by President Obama in February (12 PVLR 257, 2/18/13).
BNA INSIGHTS ARCHIVE
Implementation of the Cybersecurity Executive Order and Presidential Policy Directive: Timetable and Processes--Jonathan G. Cedarbaum and Leah Schloss, Wilmer Cutler Pickering Hale and Dorr LLP, Washington
The president's order directed the National Institute of Standards and Technology, a component of the Department of Commerce, to lead the creation of a framework consisting of voluntary cybersecurity standards for the nation's critical infrastructure owners and operators.
The order also required DHS to coordinate the development of a program to promote the framework. In addition, regulatory agencies were charged with reviewing existing cybersecurity mandates to determine whether they are sufficient (see related report).
Further information on the hearing--“Facilitating Cyber Threat Information Sharing and Partnering with the Private Sector to Protect Critical Infrastructure: An Assessment of DHS Capabilities”--including links to prepared testimony and an archived webcast of the hearing, is available at http://homeland.house.gov/hearing/subcommittee-hearing-facilitating-cyber-threat-information-sharing-and-partnering-private.