Legislative Branch Activity

Cybersecurity Legislation

The Senate Permanent Select Committee on Intelligence is currently in the process of receiving stakeholder comments on its draft cybersecurity information sharing legislation that is likely to be introduced in the coming weeks. Last week, House Intelligence Committee Chairman Mike Rogers (R-MI) called on the Senate to act on their legislation prior to the August recess, noting his fear that it is not likely that Congress will have the political will to consider cybersecurity legislation during the fall leading up to the November mid-term elections. If the Senate Intelligence Committee introduces and considers a cybersecurity information sharing bill this summer, Chairman Rogers committed to moving quickly to a conference committee with his bill that the House passed in April 2013, the Cyber Intelligence Sharing and Protection Act (H.R. 624), which the White House threatened to veto and the Senate has refused to consider to date.

In addition to legislation on information sharing, it is possible that the Senate will take action on several other cybersecurity-related bills. The Senate Judiciary Committee may take up a draft bill that is currently being circulated by Senators Sheldon Whitehouse (D-RI) and Lindsey Graham (R-SC) that would strengthen the protection of trade secrets, increase penalties for cyber crimes, and clarify that state-sponsored overseas hacking may be prosecuted as economic espionage. The Senate Homeland Security and Governmental Affairs Committee (HSGAC) also recently reported the Department of Homeland Security (DHS) Cybersecurity Workforce Recruitment and Retention Act of 2014 (S. 2354) out of the Committee and the bill may move to the Senate floor in the coming weeks. In addition, HSGAC Chairman Tom Carper (D-DE) is also looking at legislation that would clarify DHS’s roles and responsibilities and update the Federal Information Sharing Management Act (FISMA).

Hearings this Week

  • Tuesday, June 3: The Senate Banking, Housing and Urban Affairs Committee will mark-up Terrorism Risk Insurance Program Reauthorization Act (S. 2244).

Executive Branch Activity

Cybersecurity Regulations

White House Cybersecurity Coordinator Michael Daniel recently posted a blog post regarding the Obama Administration’s cybersecurity efforts to date since the President released his cybersecurity Executive Order (EO) in February 2013. As part of the EO, Executive Branch departments and agencies with responsibility for regulating the security of private sector critical infrastructure were tasked with assessing their current regulatory authority related to cybersecurity and proposing any changes needed to address insufficiencies in their existing authorities. The White House determined that three departments and agencies were required to submit reports on their regulatory authorities including the Department of Homeland Security, the Department of Health and Human Services, and the Environmental Protection Agency. In his blog post, Daniel noted that the findings in the report support the Administration’s current voluntary approach to addressing cybersecurity risk. As such, the Obama Administration determined that the existing regulatory requirements, when complemented by strong voluntary cybersecurity partnerships, are capable of protecting critical infrastructure from cyber attacks without needing additional regulations.