House OKs Cybersecurity Bills on DHS Role, Workforce, Research and Development

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Alexei Alexis  

July 28 — The House July 28 passed a trio of cybersecurity bills to: clarify the Department of Homeland Security's role in combatting cyberthreats facing U.S. critical infrastructure (H.R. 3696); assess DHS cybersecurity workforce needs (H.R. 3107); and task the DHS with creating a new cybersecurity technology research and development plan (H.R. 2952).

Congress has been under pressure to act to strengthen cybersecurity in the face of increased reports of attacks on corporate and governmental websites.

Former members of the 9/11 Commission urged Congress to act on cybersecurity in a recent report, concluding that U.S. efforts to prepare for a major attack on vital public or private computer networks haven't kept pace with mounting threats.

DHS Work With Private Sector

The bipartisan H.R. 3696, which was passed by voice vote, would codify the DHS National Cybersecurity Communications Integration Center (NCCIC) as an entity charged with facilitating real-time cyberthreat information sharing.

The House-passed measure, dubbed the National Cybersecurity and Critical Infrastructure Protection Act, includes language that says nothing in the legislation is intended to provide the DHS with any new regulatory authority. Another provision would amend the 2002 Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act to allow companies to obtain new liability protections in the area of cybersecurity.

“Time is tight on the legislative calendar in the 113th Congress, but there's still time to get this bill and others enacted this year,” Norma M. Krayem, principal and global co-chair of data protection and cybersecurity at Squire Patton Boggs LLP, in Washington, told Bloomberg BNA July 28.

“If there are votes, they will likely happen after the November elections,” Brian E. Finch, a partner at Pillsbury Winthrop Shaw Pittman LLP, in Washington, told Bloomberg BNA July 28.

“I hope our colleagues on the Senate side will respond to this,” House Homeland Security Committee Chairman Michael McCaul (R-Texas), the bill's chief sponsor, said in floor remarks.

There are separate cybersecurity bills under consideration in the Senate. But it is unclear when or if the Senate will vote on bills recently advanced by the Senate Intelligence Committee and the Senate Homeland Security and Governmental Affairs Committee.

The Senate Intelligence Committee July 8 approved legislation (S. 2588) to provide liability protection to companies that share cyberthreat data with the government. The bill has strong support from leading business groups, such as the U.S. Chamber of Commerce. However, the outlook for the measure has been complicated by privacy concerns.

Legislation (S. 2519) approved June 25 by the Senate Homeland Security and Governmental Affairs Committee to codify the NCCIC is also still awaiting action by the full Senate.

Workforce, R&D Measures

Under H.R. 3107, which was approved on a 395-8 roll call vote, the DHS would be required to take steps to improve its cybersecurity readiness, including the development of occupational classifications for its cybersecurity professionals.

Under the Homeland Security Cybersecurity Boots-on-the-Ground Act, the DHS would be required to assess its readiness for meeting its cybersecurity mission and to ensure that the new occupational classifications are made available to other federal agencies.

In addition, the department would be required to develop a workforce strategy to enhance the readiness of its cybersecurity workforce, including a recruitment plan, a five-year implementation plan and a 10-year projection of federal workforce needs, plus a process to verify that employees of independent contractors who serve in DHS cybersecurity positions receive security training commensurate with their assigned responsibilities. The measure calls on the DHS to provide Congress with annual updates and for the Government Accountability Office also to report on the department's progress with respect to such assessments and strategies.

H.R. 2952, which passed on a voice vote, would require the DHS to develop a strategic plan on the direction of federal government “physical security and cybersecurity technology research and development efforts.”

To contact the reporter on this story: Alexei Alexis in Washington at

To contact the editor responsible for this story: Donald G. Aplin at

H.R. 3696, as passed by the House, is available at

Full text of H.R. 3107, as passed by the House, is available at

H.R. 2952, as passed by the House, is available at

Request Bloomberg Law Privacy and Data Security