Legislative Branch Activity
- Wednesday, March 26: The Senate Homeland Security and Governmental Affairs Committee will hold a hearing at 10:00 am titled “Strengthening Public-Private Partnerships to Reduce Cyber Risks to Our Nation’s Critical Infrastructure.”
- Wednesday, March 26: The Senate Commerce, Science and Transportation Committee will hold a hearing at 2:30 pm titled “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.”
Executive Branch Activity
NIST Privacy Workshop
On April 9-10, the National Institute of Standards and Technology (NIST) will host a privacy engineering workshop at the NIST headquarters in Gaithersburg, MD to explore the development of new privacy standards. According to the agenda released in advance of the workshop, NIST is planning to discuss the potential for privacy engineering to contribute to the development of effective and repeatable privacy protections.
In addition, NIST plans to issue its next “status update” in mid-April on the Cybersecurity Framework that was released last month. This update will likely include some of the major issues discussed at the privacy workshop, as well as an update on the implementation of the Framework to date. NIST is also planning to host another implementation workshop within six months of the release of the Framework but this workshop may be pushed back to September of this year.
The Securities and Exchange Commission (SEC) will host a roundtable on Wednesday to discuss the cybersecurity landscape and issues faced by exchanges and other key market systems, broker-dealers, investment advisers, transfer agents, and public companies. The roundtable panelists will also address industry and coordination efforts between the public and private sectors to assess and respond to cybersecurity issues. The SEC posted a notice last week requesting public comments on the topics discussed at the roundtable. Comments are due on May 2.
DHS Cybersecurity Workshops
The U.S. Department of Homeland Security (DHS) plans to hold three large cybersecurity workshops with industry this year to promote the adoption of the NIST Cybersecurity Framework through its Critical Infrastructure Cyber Community (C3) Voluntary Program. In addition, DHS plans to hold a series of smaller sector-specific events as well. The workshops will be held at various locations throughout the country and the first DHS workshop is likely going to be this spring.
Department of Defense Rulemaking
The FY 2013 National Defense Authorization Act required the U.S. Department of Defense (DOD) to develop draft regulations for defense contractors with security clearances to be required to rapidly report cyber penetrations within their networks. Although the draft regulations were to be issued last week, DOD has indicated that there is a delay in the process but has not yet set a new deadline for when the interim rule will be released. Once DOD issues the draft regulations, the public will have a chance to comment on what is included in the proposed rule through a formal public comment process.