Legislative Branch Activity

Cybersecurity Legislation

In the Senate, the committees with jurisdiction over cybersecurity issues continue to work on drafting legislation that will be introduced in the coming weeks, including the Senate Homeland Security and Governmental Affairs Committee, the Senate Commerce, Science, and Transportation Committee, and the Senate Intelligence Committee. Previous efforts to pass cybersecurity legislation in the Senate failed last Congress due to strong opposition from a number of outside groups, including the U.S. Chamber of Commerce. Last week, Treasury Secretary Jack Lew spoke at a private event to the Chamber’s Board of Directors calling for companies to keep cybersecurity as a priority on their corporate agendas and asking the Chamber to support legislation that would “incentivize the adoption of best practices and standards for critical infrastructure.”

Data Security Legislation

Last week, Sen. Pat Toomey (R-PA), along with Sens. Angus King (I-ME) and John Thune (R-SD), introduced the Data Security and Breach Notification Act of 2013 (S. 1193) that would create a national data breach standard to replace the 46 separate state standards that currently exist. The bill is identical to the legislation Sen. Toomey introduced last Congress and would require companies to notify consumers promptly via mail, email or phone if their personal information was stolen. The National Cable and Telecommunications Association has also indicated its support of the legislation.

Executive Branch Activity

NIST Workshop

The next Cybersecurity Framework workshop hosted by the National Institute of Standards and Technology (NIST) will occur at the University of Southern California in San Diego on July 10-12. This will be the third out of four total workshops that NIST will host to discuss the voluntary set of cybersecurity standards for owners and operators of critical infrastructure, as directed by the President’s Executive Order in February.

Department of Energy Cybersecurity Council

The U.S. Department of Energy announced last week that it has created a new cybersecurity council that includes representation from the Office of Electricity Delivery and Energy Reliability, the Office of Intelligence, the Office of the Chief Information Officer, and the National Nuclear Security Administration. The council will be working on formulating best practices for cybersecurity in the energy sector that will include ways to protect the electric grid, nuclear stockpiles, and oil and gas facilities.

DHS Inspector General Report

Last week, the Department of Homeland Security (DHS) Inspector General released a report detailing the Department’s lack of a strategic plan for assisting federal agencies to be in compliance with the Federal Information Security Management Act (FISMA). The report noted that the Office of Cybersecurity and Communications’ Federal Network Resilience unit has yet to identify and develop medium- and long-term cybersecurity goals for federal agencies to meet in order to ensure that all federal networks are secure. DHS will be working in the coming months to address concerns outlined in the report and will be drafting an updated strategic implementation plan to incorporate new priorities after a number of key managers left the Office of Cybersecurity and Communications this past year.