The United States Senate recently passed the DHS Cyber Hunt and Incident Response Teams Act, a piece of legislation that instructs the DHS to help organizations protect themselves against cyber threats and respond to incidents.
First introduced in 2018 by Senators Maggie Hassan (D-NH) and Rob Portman (R-OH) as the DHS Cyber Incident Response Teams Act of 2018 and then reintroduced this year, the bill authorizes the DHS to maintain “cyber hunt” and incident response teams that would assist both government and private entities in their effort to prevent cyberattacks and respond in case there is an incident.
Senator Charles E. Schumer, who co-sponsored the bill, believes it could be highly useful for protecting educational institutions against ransomware and other types of threats.
If the bill is signed into law, organizations could ask the DHS to send its cyber hunt teams to help them strengthen their cyber defenses or, if a successful attack has occurred, send in its incident response teams.
Now that it has passed Senate, the bill will need to get approval from the House of Representatives and then it can be signed into law by the president. However, the DHS Cyber Hunt and Incident Response Teams Act is similar to another bill that has already passed the House of Representatives and the two will have to undergo a reconciliation process.
“Our cyber response teams play an important role in protecting against cyber threats, reducing cybersecurity risks, and helping to get our cyber infrastructure back up and running after an attack occurs,” stated Senator Portman. “I am glad the Senate passed our bipartisan legislation and I hope we send it to the president’s desk soon so that we can strengthen our response efforts in the event of a cyberattack.”
This is not the only cyber-focused legislation proposed by senators Hassan and Portman. They are also behind the Hack DHS Act and Public-Private Cybersecurity Cooperation Act, both of which were signed into law in 2018. The former establishes a bug bounty program whose goal is to encourage vetted researchers to find vulnerabilities in DHS systems, while the latter establishes a vulnerability disclosure program that should make it easy to report and address the security holes identified in DHS systems.