US Congress Approves Four Cybersecurity Bills Ahead of Year End

Four cybersecurity bills approved by U.S. Congress in surprise flurry of activity ahead of the session’s end.

Chris Burt

December 19, 2014

2 Min Read
US Congress Approves Four Cybersecurity Bills Ahead of Year End



This article originally appeared at The WHIR

Four cybersecurity bills have been approved by the US Congress in a surprise flurry of activity ahead of the session’s end. While the bills are not expected to have a major impact on government or industry practices, Hunton & Williams LLP suggest in a blog post that they could indicate that more impactful legislation on cybersecurity will be passed in the next session.

The Federal Information Security Modernization Act of 2014 overhauls the Federal Information Security Management Act, a 12-year-old law that required agencies to file IT security checklists. The Department of Homeland Security is now responsible for “compiling and analyzing data on agency information security” and providing tools “to continuously diagnose and mitigate against cyber threats and vulnerabilities, with or without reimbursement.” The department has already been performing this duty for many agencies.

The Homeland Security Cybersecurity Workforce Assessment Act was passed as a rider to the Border Patrol Agent Pay Reform Act. The newly passed bill may eventually lead to the federal government hiring cybersecurity professionals, however it seems largely to overlap the Homeland Security Cybersecurity Boots-on-the-Ground Act, which was passed earlier in the year and includes a department workforce assessment.

Another current Homeland Security practice was made official by the National Cybersecurity and Critical Infrastructure Protection Act of 2014, which codifies the National Cybersecurity and Communications Integration Center as the hub of public-private information sharing. Also known as the National Cybersecurity Protection Act, it is a version of earlier legislation stripped in the senate of legal protections for industry information sharing. It is believed that liability concerns will continue to hamper information sharing.

Finally, the Cybersecurity Enhancement Act of 2014 makes the NIST Cybersecurity Framework official. No regulatory authority was added, so the process remains voluntary.

If the passage of the four bills represents an emerging consensus or sufficient political will to resolve jurisdictional disagreements, then more effective legislation could soon follow. Hunton & Williams suggests information sharing liability protection and legislation related to data breaches could be on the docket for 2014, as service providers continue to push for updated laws to address outdated legislation and a variety of growing concerns.

This article originally appeared at:

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like