Legislative Branch Activity

Cybersecurity Legislation

At a Senate Homeland Security and Governmental Affairs Committee (HSGAC) hearing last week, Ranking Member Tom Coburn (R-OK) announced that the committee is working on legislation that will give the Department of Homeland Security (DHS) the authority to hire more cybersecurity professionals. Ranking Member Coburn stated that the committee will consider this bill during its next mark-up but did not offer a specific timeline for the bill’s consideration.

Data Security

Last week, the Senate Commerce, Science, and Transportation Committee held a hearing focused on data security and the recent data breach at the Target Corporation. At the hearing, many Senators noted the need for a single data breach notification standard to ensure that companies are aware of their responsibilities when a data breach occurs. There are several pieces of legislation that would establish a national data breach notification standard including Chairman John Rockefeller’s (D-WV) Data Security and Breach Notification Act of 2014 (S. 1976), Senator Pat Toomey’s (R-PA) Data Security and Breach Notification Act of 2013 (S. 1193) and HSGAC Chairman Tom Carper’s (D-DE) legislation that would require notice of security breaches (S. 1927). It is expected that these bills will start going through their respective committees of jurisdiction in the next few weeks. If these bills move forward, it is likely that broader cybersecurity amendments will be added as a way to incorporate cybersecurity into the current debate on data security. A possible piece of legislation that could be included in these efforts is the Cybersecurity Act of 2013 (S. 1353) that passed out of the Senate Commerce Committee last summer and is currently awaiting Senate floor action.

Upcoming Hearings:

  • Wednesday, April 2: The Senate Homeland Security and Governmental Affairs Committee will hold a hearing titled “Data Breach on the Rise: Protecting Personal Information from Harm.”

Executive Branch Activity

Treasury Department Guidance for Small Financial Firms

At a recent event, the Acting Director of the Office of Critical Infrastructure Protection and Compliance Policy at the U.S. Department of Treasury Brian Peretti, announced that the department may issue guidance to help small financial firms use the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) as part of President Obama’s February 2013 cybersecurity Executive Order. The Treasury Department is concerned that many small companies lack experience in the area of cybersecurity and may struggle to use the NIST Cybersecurity Framework to their advantage. The department has not released a timeline for the release of this guidance.

Homeland Security Grant Program

Last week, DHS announced that it is accepting applications for the FY 2014 Homeland Security Grant Program, which provides funding for states and urban areas to prevent, protect against, respond to, and recover from acts of terrorism or other threats. In this year’s funding opportunity announcement, DHS included a new section that allows funding from the program to be used to enhance a city or state’s cybersecurity capabilities. In addition, the announcement notes that applicants that request funds for cybersecurity are encouraged to propose projects that will aid in the implementation of the NIST Cybersecurity Framework. Applications for the Homeland Security Grant Program are due May 23, 2014.