Legislative Branch Activity
Data Security Hearing
After hackers were able to access the credit and debit card data of nearly 40 million Target customers last month, Senators Robert Menendez (D-NJ), Chuck Schumer (D-NY) and Mark Warner (D-VA) sent a letter to the leaders of the Senate Banking, Housing and Urban Affairs Committee calling for Congressional hearings on the security of consumer financial data. The Senators noted in their letter that the cyber attack should prompt questions from Congress about whether companies are doing all that they can to protect customer information and if they should consider passing more stringent cybersecurity standards to prevent similar attacks in the future.
Executive Branch Activity
NIST Cybersecurity Framework
As required by President Barack Obama’s cybersecurity Executive Order (EO) released in February 2013, the National Institute of Standards and Technology (NIST) will unveil the final version of its Cybersecurity Framework next month. Currently, NIST officials are reviewing the comments from over 200 stakeholders that discussed their concerns about the preliminary Cybersecurity Framework that NIST released in October. A number of stakeholders, including the U.S. Chamber of Commerce, the Internet Commerce Coalition and a number of major energy associations, have expressed concerns about the draft Framework’s proposed methodology for handling personally identifiable information. When the final Cybersecurity Framework is released in February, the Department of Homeland Security will also work with those stakeholders who voluntarily choose to adopt the standards outlined in the Framework.
Department of Defense Cybersecurity Programs
Prior to recessing for the holidays, Congress passed the 2014 National Defense Authorization Act which authorizes all of the programs at the U.S. Department of Defense (DOD). The legislation addressed several cybersecurity-related issues at DOD and requires the Department to appoint a high-level Principal Cyber Advisor that will oversee offensive and defensive cyber missions, resources, personnel, acquisition and technology at the Pentagon. The bill also authorized billions of dollars in funding to help train U.S. Cyber Command staff and to support some of the operation’s classified activities. In addition, DOD will also conduct a broad analysis of its current cyber operations to assess its manpower requirements, education and training, the potential for offering bonuses to cyber personnel and the use of “virtual deployments” to support cybersecurity operations.