Federal Cybersecurity Legislation Signed into Law

Posted on Dec 23, 2014 in Government | Comments Off on Federal Cybersecurity Legislation Signed into Law

New cybersecurity legislation provides for cybersecurity information sharing and codifies the process for the National Institute of Standards and Technology (NIST) to adopt a Cybersecurity Framework. The set of cybersecurity bills were signed into law on December 18, 2014.

The National Cybersecurity Protection Act of 2014 establishes within the Department of Homeland Security (DHS) a national cybersecurity and communications integration center for sharing information on cybersecurity risks, incidents, analyses, and warnings for both the public and private sectors. Also, DHS is directed to develop adaptable cyber incident response plans to address cybersecurity risks to critical infrastructure. Notably, the legislation did not include liability protections for information sharing that have been included in earlier versions of cybersecurity legislation, such as the House’s Cyber Intelligence Sharing and Protection Act (CISPA).

The Cybersecurity Enhancement Act of 2014  authorizes NIST to develop a “voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks to critical infrastructure.” This essentially codifies the direction given to NIST in President Obama’s February 12, 2013, Executive Order on Improving Critical Infrastructure Cybersecurity. According to the legislation, the framework remains voluntary. The Cybersecurity Enhancement Act of 2014 also requires the development of a strategic plan on federal cybersecurity research and development, promotes cybersecurity research, requires the development of standards to enhance the cybersecurity of the federal government’s computer systems, includes provisions for enhancing the federal government’s cybersecurity workforce, and calls for the continuation of a national cybersecurity awareness and education program.

The package of bills, HR2952 and S.1691, also adopts provisions intended to strengthen the federal government’s cybersecurity, including improving management and oversight of federal information security and enhancing the readiness, capacity, training, recruitment and retention of the federal government’s cybersecurity workforce.

Back to top
TAGS: , , , , , , ,