The House Thursday unanimously passed S. 2519, the National Cybersecurity Protection Act of 2014 which the Senate passed earlier this week, as well as Senate amendment to H.R. 2952, the Cybersecurity Workforce Assessment Act — both bipartisan legislation to strengthen the nation’s cyber defenses.
Legislators said this is the most significant cyber bill to pass Congress in over a decade.
"The cyber bills passed this week are a historic moment in the fight against cyber attacks," said House Committee on Homeland Security Chairman Rep. Michael McCaul (R-Texas). "Every day, Americans’ private information is lost in criminal data breaches like those at Target and Home Depot. Nation-state actors, such as Russia, China and Iran, are increasingly hacking into US companies and government networks to conduct espionage or steal intellectual property. In fact, former director of the NSA, General Keith Alexander described this loss of IP as ‘the greatest transfer of wealth in history.’ However, the most malicious threat is from those who wish to do our country harm by shutting down our power grid, energy or water systems."
“With the passage of these bipartisan and bicameral bills, we can protect our vital digital private and government networks from daily attacks from foreign enemies across the globe by encouraging and supporting federal and private sector threat sharing," McCaul said. "These bills are a significant step in the right direction, and my colleagues have shown that cybersecurity is a priority for this Congress. But there is more work to be done.”
The National Cybersecurity Protection Act of 2014 codifies the existing cybersecurity and communications operations center at the Department of Homeland Security (DHS), known as the National Cybersecurity and Communications Integration Center.
Approved in June by the Senate Committee on Homeland Security and Governmental Affairs, the bill calls on the center to serve as a federal civilian information sharing interface for cybersecurity, and would authorize the center’s current activities to share cybersecurity information and analysis with the private sector, provide incident response and technical assistance to companies and federal agencies and recommend security measures to enhance cybersecurity.
"Cybersecurity is one of the biggest national security challenges our country faces. Our laws should reflect that reality,” said Senate Committee on Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del.). “By codifying the Department of Homeland Security’s existing cybersecurity operations center, the National Cybersecurity Protection Act of 2014 bolsters our nation’s cybersecurity while providing the department with clear authority to more effectively carry out its mission and partner with private and public entities. It is critical that the department continues to build strong relationships with businesses, state and local governments, and other entities across the country so that we can all be better prepared to stop cyber attacks and quickly address those intrusions that do occur.”
"Cyber attacks are one of the biggest national security threats facing our nation,” said ranking committee member, retiring Sen. Tom Coburn (R-Okla.). “Every day, adversaries are working to penetrate our networks and steal the American people’s information at a great cost to our nation. One of the best ways that we can defend against cyber attacks is to encourage the government and private sector to work together and share information about the threats we face. By codifying DHS’s cyber security information sharing center, this bill sets the stage for future legislation for cyber security information sharing that includes liability protections for the private sector.”
Introduced by Carper and Coburn, the Federal Information Security Modernization Act of 2014 would better delineate the roles and responsibilities assigned to agencies charged with securing the “.gov” domain, move agencies away from the current paperwork-heavy security review processes and put greater management and oversight attention on data breaches at federal agencies,” according to the committee.
“The bill is more than overdue,” Carper’s office said, noting that” cyber attacks reported by federal agencies have increased by nearly 680 percent over the past six years, according to a recent study by the Government Accountability Office [GAO].”
“Cybersecurity is one of our nation’s biggest challenges,” Carper said. “Recently, several federal agencies, from the Postal Service to the Office of Personnel Management to the State Department to the White House, have been hit with serious cyber attacks. It is more than clear that the federal government needs to address this 21st century threat with a 21st century response.”
To that end, Carper said, “This bill will modernize our outdated federal network security laws, provide the tools and authorities needed to improve security at our federal agencies, and increase transparency and accountability for data breaches at federal agencies. On top of that, it allows taxpayer dollars to be better spent on improving network security by reducing unnecessary and burdensome paper-based reporting.”
“For too long, the federal government has struggled with poor cybersecurity practices, which puts the American people’s sensitive information at risk,” Coburn added, saying, “This bipartisan reform bill is a small but significant step to address the problem.”
He said, “It requires agencies to be accountable to Congress and the public for data breaches and other incidents to protect the public’s information.”
The Senate also has approved the Federal Information Security Modernization Act of 2014 that would update the Federal Information Security Management Act of 2002 to better protect and held federal agencies thwart cyber attacks.
In September, the Senate passed the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 which would help address critical challenges that the Department of Homeland Security faces in hiring and retaining cybersecurity professionals by providing the secretary of homeland security hiring and compensation authorities for cybersecurity experts like those of the Secretary of Defense.
In July, the House overwhelmingly passed three bills to strengthen efforts to combat cyber attacks on critical infrastructure through the distribution of cyber threat information, the development and procurement of new technologies and support for DHS’s cybersecurity workforce.