Monday, April 12, 2010

6 Key Cybersecurity Bills Before Congress

As Congress returns from its spring break this week, it will have six notable cybersecurity bills - perhaps one more - to consider before summer rolls around and senators and representatives focus more on getting reelected than lawmaking.

Of these cybersecurity measures, only one bill has passed either chamber; in February, the House of Representatives overwhelmingly approved the Cybersecurity Enhancement Act. And just one significant IT security bill has made it to the full Senate, the Cybersecurity Act, which cleared a Senate panel on a voice vote last month. The other bills remain in committee.

Most of the bills have some overlapping provisions, but except for the International Cybercrime Reporting and Cooperation Act that have twin Senate and House versions, none of the bills are identical.

What follows are brief descriptions of each of these cybersecurity bills and their respective status.

H.R. 1051: Cybersecurity Enhancement Act of 2010, sponsored by Rep. Daniel Lipinski, D.-Ill., passed the House on Feb. 4. The measure - assigned to the Senate Commerce, Science and Transportation Committee - promotes the development of a skilled cybersecurity federal workforce, coordinate and prioritize federal cybersecurity research and development, improve the transfer of cybersecurity technologies to the marketplace and promote cybersecurity education and awareness for the public. It also would strengthen the role of the National Institute of Standards and Technology in shaping the way the federal government and the nation address cybersecurity. H.R. 1051 would order NIST to develop and implement a public cybersecurity awareness and education program to encourage the more widespread adoption of best practices.

S 773: Cybersecurity Act of 2010, sponsored by Sens. Jay Rockefeller, D.-W.Va., and Olympia Snowe, R.-Maine, requires the president to work with the private sector to develop a comprehensive national cybersecurity strategy for the nation and establish a cybersecurity advisory panel of outside experts from industry, academia and non-profit advocacy organizations to advise him on cybersecurity related matters. The bill - which cleared the Senate Committee on Commerce, Science and Transportation on March 24 - delegates NIST as the United States' representative in the development of international cybersecurity standards. Other provisions would require periodic appraisals of the nation's cybersecurity posture, promote cybersecurity education, awareness and research and development. It also would establish a board to standardized secure computer products for federal acquisition.

Rockefeller and Snowe have a companion bill - S. 788, assigned to the Committee on Homeland Security and Governmental Affair - that would establish within the Executive Office of the White House the Office of National Cybersecurity Adviser.

S. 921: United States Information and Communications Enhancement Act, or U.S. ICE primarily would update the 8-year-old Federal Information Security Management Act, which provides the blueprint for federal departments and agencies to secure their IT assets. Sen. Tom Carper, the Delaware Democrat who chairs the Senate subcommittee with cybersecurity oversight, is the bill's chief sponsor. The measure was assigned to the Committee on Homeland Security and Governmental Affairs.

The original version of U.S. ICE introduced nearly a year ago, like S. 788, would have established a White House office to oversee cybersecurity, but that provision was excised in a revision approved last summer. The revision gives the Department of Homeland Security more sway in managing cybersecurity among federal executive departments and agencies. Though the Office of Management and Budget would retain final say over agencies' cybersecurity budgets, the revised bill provides for DHS to review all departmental and agency cybersecurity spending plans and forward its recommendation to OMB.
ReadMore: govinfosecurity.com

No comments:

Post a Comment