Cyber Legislation Possible in the Lame Duck; Comments Due on NIST Information Sharing Guide

Legislative Activity

Carper and McCaul Call for Cyber Legislation in the Lame Duck

Senate Homeland Security and Governmental Affairs Committee (HSGAC) Chairman Tom Carper (D-DE) recently urged Senate leaders to take up his cybersecurity legislation – the National Cybersecurity and Communications Integration Center Act of 2014 (S. 2519). This legislation would codify the existing National Cybersecurity and Communications Integration Center (NCCIC) at the U.S. Department of Homeland Security (DHS) and is considered to be relatively non-controversial. Chairman Carper is hopeful that the Senate will take up the legislation in the lame duck given that the House passed a similar bill in this summer – the National Cybersecurity and Critical Infrastructure Protection Act of 2014 (H.R. 3696) – which also sought to codify the NCCIC and establish DHS’s role in cybersecurity.

House Homeland Security Chairman Michael McCaul (R-TX) also recently indicated that the House and Senate Committees with jurisdiction over cybersecurity issues are also working to reach a consensus on two other bills that the House passed this Congress but the Senate has yet to take action on to date. The bills would update the Federal Information Security Management Act (FISMA) and enhance the hiring capabilities and cybersecurity workforce at DHS. The House previously passed a FISMA reform bill (H.R. 1163) in April 2013 and a cybersecurity workforce bill (H.R. 3107) in July 2014; HSGAC passed similar bills on both issues out of committee in June 2014.

It is expected that if any cybersecurity legislation were to be passed in the lame duck, it would have to be attached to another broader piece of legislation, such as the National Defense Authorization Act (NDAA). Senator Carper has filed the text of S. 2519 as an amendment to the NDAA but it is unclear whether or not the Senate will choose to consider the amendment on the floor in December.

This Week’s Hearings:

• Wednesday, November 19: The House Oversight and Government Reform Subcommittee on Federal Workforce, U.S. Postal Service and the Census will hold a hearing titled “Examining Data Security at the Postal Service.”

Regulatory Activity

NIST Draft Guide to Cyber Threat Information Sharing

Comments on the National Institute of Standards and Technology (NIST) draft Guide to Cyber Threat Information Sharing are due Friday, November 28.  Based on the comments it receives, NIST will issue a final guidance document next year regarding how to improve the efficiency and effectiveness of defensive cyber operations and incident response activities through increased information sharing.