Legislative Activity

Cybersecurity Legislation

Last week, House Intelligence Committee Chairman Mike Rogers (R-MI) called on the Senate Intelligence Committee to pass a cybersecurity information sharing bill so that it could eventually be conferenced with his bill that passed the House in April – the Cyber Intelligence Sharing and Protection Act (H.R. 624). Privacy and national security concerns as a result of the National Security Agency information leaks have made many in Congress hesitant to move forward on cybersecurity legislation; however the House Homeland Security Committee and key committees in the Senate continue their efforts.  The Senate Homeland Security and Governmental Affairs Committee (HSGAC) is working to draft a bill that would codify the U.S. Department of Homeland Security’s (DHS) cybersecurity roles and responsibilities and update the Federal Information Security Management Act of 2002. A definite timeline for introducing the Senate HSGAC bill has not been established.

Executive Branch Activity

NIST Cybersecurity Framework

National Institute of Standards and Technology (NIST) Director Patrick Gallagher said last week that the draft Cybersecurity Framework that was required by President Barack Obama’s cybersecurity Executive Order is “essentially complete” despite the fact that NIST announced another workshop session scheduled for November 14-15 in Raleigh, North Carolina. NIST is working with DHS to encourage companies to adopt the Cybersecurity Framework, as this will be a major step in finalizing its implementation. Last week, DHS convened the first meeting of a working group of public and private entities that is tasked with developing a voluntary program to promote the adoption of the Cybersecurity Framework. The working group plans to meet again on October 21 and November 18 to continue their discussions about DHS’s voluntary program.