Cyber Security - Protecting Critical Information

Allison Glatfelter, Senior Analyst Monday November 3rd 2014

From the Target shopping store breach in 2013, to the more recent “Heartbleed” bug, cybersecurity affects everyone online – as well as the nation’s critical infrastructure. Remarkably, no major cybersecurity legislation has passed through Congress since 2002. And while the Obama Administration issued an Executive Order addressing cybersecurity in February 2013, many say the lack of a legislative underpinning weakens the U.S. against cyber attack. Here are 13 bills from the 113th Congress that would boost the nation’s defenses against cyber attack.

These three bills call for collaboration between the private sector and the government in setting standards to protect against cyber attack:

H.R. 3696 – National Cybersecurity and Critical Infrastructure Projection Act of 2013 (Rep. Michael Mccaul,R-TX)– would codify the civilian National Cybersecurity and Communications Integration Center within the Department of Homeland Security (DHS), and form a partnership between industry and federal regulators.

S.21 – Cybersecurity and American Competitiveness Act of 2013 (Sen. John Rockefeller, D-WV) – calls for bipartisan legislation to improve communication and collaboration between the private sector and the federal government to secure against a cyber attack, and to create jobs in the information technology industry.

S. 1353 – Cybersecurity Act of 2013 (Sen. John Rockefeller, D-WV)— would allow the National Institute of Standards and Technology (NIST) to facilitate a voluntary, industry-led set of standards to reduce cyber risks to critical infrastructure.

At least four bills address federal strategies and responses to counter cyber attack:

S. 658 – Cyber Warrior Act of 2013 (Sen. Kirsten Gillibrant, D-NY)– would establish a separate team of National Guard members in each state – the Cyber and Computer Network Incident Response Team – to protect for and respond to emergencies involving a cyber attack.

H.R. 624 – Cyber Intelligence Sharing and Protection Act (CISPA) (Rep. Mike Rogers, R-MI) – requires the federal government to engage in “shared situational awareness” to share cyber threat information in real time. The House passed the bill on April 18, 2013.

H.R. 3107 – Cybersecurity Boots-on-the Ground Act (Rep. Yvette Clarke, D-NY) on September 17, 2013– would require the Department of Homeland Security (DHS) to establish cybersecurity occupation classifications, assess the cybersecurity workforce, and develop a strategy to address gaps, among other provisions.

H.R. 1121 – Cyber Privacy Fortification Act of 2013 introduced by Rep. John Conyers (D-MI) on March 13, 2013 —would provide criminal penalties for intentionally failing to provide notice of a security breach.

An additional three bills would require reports on and repercussions for cyberspace espionage:

S. 1111 – Cyber Economic Espionage Accountability Act introduced by Sen. Ron Johnson (R-WI) June 6, 2013 and its House counterpart, H.R. 2281 – Cyber Economic Espionage Accountability Act of 2013 introduced by Rep. Mike Rogers (R-MI) on June 6, 2013 –address cyber economic espionage. The bills would require the President to publish a list of foreign individuals responsible for cyber espionage of intellectual property, among other provisions.

S. 884 – Deter Cyber Theft Act introduced by Sen. Carl Levin (D-MI) on May 2013—would direct the Director of National Intelligence (DNI) to report to Congress on foreign countries engaging in cyberspace espionage related to U.S. trade secrets or proprietary information.

Finally, these three bills would aim to bolster federal research development (R&D) activities:

H.R. 2952 – Critical Infrastructure Research and Development Advancement Act (CIRDA) of 2013 (Rep. Patrick Meehan, R-PA) on August 1, 2013 – would require the Department of Homeland Security to submit to Congress a strategic plan on federal physical and cybersecurity technology R&D, including any security risks and technology needs,.

H.R. 967 – Advancing America’s Networking and Information Technology Research Development Act of 2013 (Rep. Cynthia Lummis, R-WY)– would require federal agencies participating in the Networking and Information Technology Research and Development Program to periodically assess its funding levels, to ensure it has long-term R&D activities, among other provisions. The House passed the bill on April 16, 2013.

H.R. 756 – Cybersecurity Research and Development Act of 2013 (Rep. Michael Mccaul, R-TX) – would require federal agencies participating in the national High-Performance Computing Program to report to congress on its cybersecurity strategic research and development plan, and annually update the implementation roadmaps for these plans. The House passed the bill on April 16, 2013