Partisan bickering surrounding a bill aimed at protecting the nation's critical IT infrastructure is the likely reason the measure will not come up for a vote in the lower chamber this week, as representatives debate four other cybersecurity bills.
See Also: 2016 Social Engineering Report
Speaker John Boehner on April 20 said four cybersecurity bills will be considered this week by the full House. Missing from his list of legislation is the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act.
In a partisan vote, the GOP-dominated House Homeland Security Committee stripped provisions from an earlier version of the so-called Precise Act that would have given the government a say in setting the security standards for the mostly privately owned IT systems and networks deemed vital for the functioning of American society (see The NRA's Influence over Cybersecurity). The original bill called for the government and business to cooperate in creating the standards, but House Republican leaders see that as a slippery slope toward more stringent regulations.
According to Boehner, the bills to be debated include:
- Cyber Intelligence Sharing and Protection Act, known as the CISPO Act, which supporters contend would help private companies defend themselves from attacks from countries like China and Russia by allowing the government to provide the intelligence information needed to protect their networks and their customers' privacy. The bill also would allow companies to share cyberthreat information with others in the private sector, as well as with the federal government on a purely voluntary basis. Some civil libertarians contend those provisions would threaten individuals' privacy rights.
- Federal Information Security Amendments Act would update the Federal Information Security Management Act, or FISMA, by establishing a framework for securing information technology of federal government systems. The legislation would establish a mechanism for stronger oversight of IT systems by focusing on automated and continuous monitoring of cybersecurity threats and regular threat assessments. It also would reaffirm the Office of Management and Budget's lead role in enforcing FISMA, recognizing that the budgetary leverage of the Executive Office of the President is necessary to ensuring effective security over information technology systems. Some lawmakers want the Department of Homeland Security to take the lead in overseeing IT security governance among civilian, non-intelligence federal agencies.
- Cybersecurity Enhancement Act would enhance coordination of research and related activities conducted across the federal agencies to better address evolving cyberthreats. The bill would strengthen the efforts of the National Science Foundation and the National Institute of Standards and Technology in the areas of cybersecurity technical standards and cybersecurity awareness, education and talent development. Some lawmakers question how much regulatory authority should be given to NIST, which is designed to create but not enforce standards.
- Advancing America's Networking and Information Technology Research and Development Act would reauthorize the NITRD program, which represents the federal government's central research and development investment portfolio for unclassified networking, computing, software, cybersecurity and related information technology and involves 15 member agencies. In the area of cybersecurity, the NITRD program focuses on R&D to detect, prevent, resist, respond to and recover from actions that compromise or threaten to compromise the availability, integrity or confidentiality of computer-and network-based systems.
Regardless of what occurs in the House, the bill that's gaining most attention in the Senate is the Cybersecurity Act of 2012, which would give the government more sway in establishing security standards for critical, private IT networks as well as more authority to DHS in coordinating civilian agency IT security and in dealing with the private sector on IT security standards.
The squabbling over cybersecurity is far from over.