The House of Representatives passed three cyber-security bills this week designed to bolster efforts to guard critical infrastructure companies against attacks.
On July 28, the House passed the bi-partisan ‘National Cybersecurity and Critical Infrastructure Protection Act’, which among other things amends the Safety Act to establish a threshold for qualifying cyber incidents so that companies can submit information about their cybersecurity procedures to the SAFETY Act Office voluntarily and gain liability protection if they are attacked.
The bill also codifies the National Cybersecurity and Communications Integration Center (NCCIC), which is was created to facilitate the sharing of threat intelligence between the public and private sectors.
“The National Cybersecurity and Critical Infrastructure Protection Act – the result of consultations with hundreds of stakeholders across government, the private sector and privacy advocates – will enable government and the private sector work together to prevent and defeat cyber attacks,” said Rep. Patrick Meehan (R-PA), subcommittee chairman of the Homeland Security Committee, in a statement. “And it does it while being, in the words of the ACLU, both ‘pro-privacy and pro-security’.”
“A successful cyber attack on our nation’s water systems, oil and gas pipelines, power grids and mass transit systems on the scale of the recent retail breaches could cause crippling economic damage and could even cost lives,” Rep. Michael McCaul (R-TX), chair of the Homeland Security committee, said in a statement. “The reality is the threat is outpacing our readiness to combat it.”
“This bipartisan bill establishes a true partnership between DHS and the private sector to ensure the distribution of real-time cyber threat information in order to secure our nation in cyberspace without burdensome mandates or regulations,” he said.
Information sharing is of course only one part of the puzzle for protecting critical infrastructure. A second piece is closing what many have called the cybersecurity workforce gap. To that end, the House also passed the ‘HR 3107 Homeland Security Cybersecurity Boots-on-the-Ground Act’. The bill requires the Secretary of Homeland Security to establish cybersecurity job classifications, assess the cybersecurity workforce and develop a strategy to address any gaps in that workforce that are identified.
The House also passed H.R. 2952, the ‘Critical Infrastructure Research and Development Advancement Act of 2013’, which is aimed at making “certain improvements in the laws relating to the advancement of security technologies for critical infrastructure protection” and for other purposes.
“The Critical Infrastructure Research and Development Advancement Act is a bipartisan accomplishment,” Meehan said. “It’s the product of collaboration between Republicans and Democrats, the Department of Homeland Security and other stakeholders. We identified a problem – barriers that prevented the department from acquiring the best equipment available to protect the homeland – and we worked together to solve it. This bill will protect Americans by strengthening DHS’ ability to develop the latest technology to stay one step ahead of terrorists who wish to do us harm.”
American Banking Association President Frank Keating commended the House on passing the legislation, and stated that the National Cybersecurity and Critical Infrastructure Protection Act would help the financial industry identify threats and response to cyber attacks.
“NCCIP and the other bills passed by the House [Monday] are another good step forward on the road to enactment of strong cybersecurity legislation,” he said in a statement.