How House Passed 3 Cybersecurity Bills
Codifying DHS's Role in Critical Infrastructure Protection
In what seemed to be a flashback to a more genial era in Congress, when compromise wasn't a dirty word, the House of Representatives passed a key cybersecurity bill, with its conservative Texas sponsor lauding the support for the measure from the liberal American Civil Liberties Union.
See Also: OnDemand | Navigating the SEC Rules for Enhanced Cybersecurity in IT and OT Environments
By voice votes on July 28, the House passed the National Cybersecurity and Critical Infrastructure Protection Act and two other cybrsecurity measures. Next stop: the Senate.
On the floor, House Homeland Security Committee Chairman Mike McCaul, R-Texas, pointed out that business organizations and the ACLU, groups that often are at odds over legislation, supported the bill, with McCaul alluding to the ACLU's characterization of the bill as being pro security and pro privacy.
"Striking a balance between security and privacy, I believe, is one of the most difficult challenges in developing cybersecurity legislation, and I'm so very proud that this committee and this bill achieves that goal," McCaul said.
The bill, if enacted, would codify the National Cybersecurity and Communications Integration Center, an agency within the Department of Homeland Security that fosters real-time cyberthreat information sharing with critical infrastructure operators. It also would establish an equal partnership between industry and DHS, and ensure that DHS recognizes industry-led organizations to expedite critical infrastructure protection and incident response.
McCaul emphasized that the coordination of sharing cyberthreat information would be performed by a civilian agency and not the Defense Department, which includes the National Security Agency. "Particularly in light of the Snowden revelations, importantly the bill protects civil liberties by putting a civilian agency with the nation's most robust privacy and civil liberties office in charge of preventing personal information from being shared while also prohibiting any new regulatory authority," he said.
Show of Bipartisanship
Getting the National Cybersecurity and Critical Infrastructure Protection Act passed was an ordeal, McCaul said, characterizing the bipartisan nature of the bill as "rare in this day and age." He said the measure required 19 months of extensive collaboration with stakeholders that required 300-plus meetings with experts, industry, government agencies, academics and privacy advocates as well as with leaders of other House committees. "We went through countless drafts and hours of negotiations to bring this common-sense legislation to the floor with support from all of the critical infrastructure sectors," McCaul says.
An earlier version of the bill also would have codified DHS's role as the agency overseeing the protection of the .gov domain, but the chairman of another committee with cybersecurity oversight, who was not identified, objected, said Rep. Yvette Clarke, D-N.Y., one of the bill's cosponsors.
"Unfortunately," she said, "the striking of these provisions appears to have been the price that Committee on Homeland Security had to pay to get this important legislation to the floor."
The two other cybersecurity bills passed by the House were the Critical Infrastructure Research and Development Advancement Act, which directs DHS to develop a strategic plan to accelerate research and development to protect the nation's critical infrastructure, and the Homeland Security Cybersecurity Boots-on-the-Ground Act, which would require DHS to develop occupation classifications for individuals performing cybersecurity activities.
