DHS Secretary Hails Cybersecurity Legislation as ‘Good Step Forward'

Keep up with the latest developments and legal issues in the telecommunications and emerging technology sectors, with exclusive access to a comprehensive collection of telecommunications law news,...

By Alexei Alexis  

Feb. 26 --Homeland Security Secretary Jeh Johnson welcomed bipartisan cybersecurity legislation that was recently advanced by a key House committee.

The legislation (H.R. 3696), which was introduced by House Homeland Security Chairman Michael McCaul (R-Texas), would clarify the role of DHS in combatting cyberthreats facing the private sector.

“We think this bill is a good step forward,” Johnson said at a Feb. 26 hearing convened by McCaul. “We want to continue working with Congress on this and other legislation to improve the government's and the nation's overall cybersecurity posture.”

Johnson, who was sworn in as the fourth secretary of homeland security in late December, appeared before the House Homeland Security Committee to outline his vision for DHS. He previously highlighted the need for cybersecurity legislation in a speech laying out his priorities.

Under the McCaul proposal, which was approved by the committee on Feb. 5, the DHS National Cybersecurity and Communications Integration Center (NCCIC) would be codified as an entity charged with facilitating real-time cyberthreat information sharing.

Regulatory Activity Prohibited

The bill includes language to make clear that nothing in the legislation is intended to provide DHS with any new regulatory authority. Another provision would ensure that cybersecurity technologies are entitled to liability protection under the 2002 Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act.

The measure is co-sponsored by Rep. Bennie Thompson (D-Miss.), the committee's ranking member, and by Reps. Patrick Meehan (R-Pa.) and Yvette Clarke (D-N.Y.), the chairman and ranking member of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.

The legislation has been endorsed by a range of stakeholders, from the American Civil Liberties Union to the American Chemistry Council.

Last year, the House approved a cyberthreat information-sharing bill (H.R. 624) that was opposed by privacy groups. That measure, which was introduced by leaders of the House Intelligence Committee, called for companies to be given liability protections in exchange for sharing cyberthreat data with other private entities or the government. Critics said the bill, which prompted a veto threat from the White House and has not been acted upon in Senate, would broadly shield companies that share Internet users' personal data with other organizations.

Privacy advocates were particularly worried about potential government abuses. The outlook for the legislation has been further complicated by revelations about controversial National Security Agency surveillance activities.

McCaul Bill Seen Offering Path Forward

The Homeland Security Committee bill, proponents say, has the potential to refocus the cybersecurity debate.

“The fact that the American Civil Liberties Union called the bill 'pro-security and pro-privacy' underscores that H.R. 3696, as introduced, effectively avoids the privacy and civil liberties pitfalls that plagued other cyber legislation,” Clarke said in January.

However, it was not immediately clear when or if House leadership plans to bring the bill to the floor. A spokeswoman for House Majority Leader Eric Cantor (R-Va.) didn't respond to a request for comment.

In the meantime, the DHS and other federal agencies have been moving forward with cybersecurity steps directed by President Barack Obama.

Under an executive order signed by the president last year, the National Institute of Standards and Technology, a division of the Department of Commerce, was required to develop a framework consisting of voluntary cybersecurity best practices for “critical infrastructure” entities, such as banks and telecommunications providers.

On Feb. 12, the administration unveiled a final version of the NIST framework and a DHS program that offers related technical assistance to companies. The administration is expected to move forward with a plan to offer incentives to companies that agree to adopt the framework, but the details remain unclear.

To contact the reporter on this story: Alexei Alexis in Washington at aalexis@bna.com

To contact the editor responsible for this story: Heather Rothman at hrothman@bna.com

Full text of Johnson's prepared testimony can be found at http://docs.house.gov/meetings/HM/HM00/20140226/101722/HHRG-113-HM00-Wstate-JohnsonJ-20140226.pdf.

Request Tech & Telecom on Bloomberg Law