Legislative Activity

Cybersecurity Legislation

Last week, the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies marked up two cybersecurity bills – the Critical Infrastructure Research and Development Advancement (CIRDA) Act of 2013 (H.R. 2952) and the Homeland Security Cybersecurity Boots-on-the-Ground Act (H.R. 3107). The subcommittee passed both bills by voice vote and they will now move to the full House Homeland Security Committee for consideration. The full committee is also planning to consider another cybersecurity bill – the National Cybersecurity and Critical Infrastructure Protection Act of 2013 – in the coming weeks which will be introduced after the committee completes its stakeholder review process.

Executive Branch Activity

National Infrastructure Advisory Council Recommendations

Last week, the Department of Homeland Security’s (DHS) National Infrastructure Advisory Council (NIAC) adopted recommendations for the implementation of the Cybersecurity Framework that the National Institute of Standards and Technology (NIST) was tasked with developing as part of the President’s Executive Order (EO), including recommendations on how to encourage private sector participation in the Framework. NIAC recommended that the voluntary program DHS is coordinating to encourage Framework adoption should focus on securing “lifeline” sectors (energy, water, transportation and telecommunications, according to NIAC), developing an outcomes-based program focused on risk and cost-effectiveness, and ensuring that the Framework is eventually handed off to the private sector to implement and manage. DHS will hold a working group meeting today to discuss the development of the voluntary program and what incentives are needed to incentivize greater adoption of the Cybersecurity Framework. NIAC plans to issue a final report on November 21 that will include these recommendations.

NIST Cybersecurity Framework

NIST announced that it will hold another public workshop in early November. While NIST is required by the EO to release a draft Cybersecurity Framework on October 10, the recent materials circulated prior to the NIST workshop this month identified a series of “missing information” that still needs to be addressed. This additional workshop is designed to help address these issues. NIST will have a 45-day comment period on the draft Framework with all comments due by November 25. All of the written comments and feedback received at the public workshop will be incorporated into the final Cybersecurity Framework which will be released in February 2014.

Cybersecurity Technology Demonstration

DHS’s Science and Technology (S&T) Directorate will host an event for industry on October 9 in Washington, D.C. to showcase eight new emerging technologies developed by the Department of Energy’s national laboratories. The event, titled “Transition-to-Practice Technology Demonstration Day for Investors, Integrators and IT Companies (i3) East,” will feature technologies that are ready to transition into commercial products, including tools for intrusion detection, removable media protection, software assurance, and malware forensics.