Congressional Action on Cybersecurity Legislation
Last week, the House approved a fiscal 2016 intelligence authorization bill that would compel the executive branch to provide Congress more detail on the massive hacking of the federal personnel system and sets requirements for the Cyber Threat Intelligence Center (CTIIC). One of the CTIIC provisions would require the Director of National Intelligence, James Clapper, to provide an assessment of collaborative efforts between federal agencies, and recommendations to improve those efforts. The report is due 10 months after the bill’s enactment and will be an annual report the Director would need to complete for the next three years.
In addition to the 2016 intelligence authorization bill, House Homeland Security Chairman Michael McCaul (R-TX) recently urged Senators to move quickly to pass an information sharing bill before the August recess. This comes as increased pressure has developed for the Senate to take action on cybersecurity information-sharing legislation, where several Senators have begun to advocate for cyber legislation to move to the floor quickly before spending fights and presidential politics take over the legislative agenda.
This Week’s Hearings:
- Tuesday, June 23: The Senate Judiciary Subcommittee on Crime and Terrorism will hold a hearing titled “Cyber Crime: Modernizing our Legal Framework for the Information Age.”
- Wednesday, June 24: The House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technology will hold a hearing titled “DHS’ Efforts to Secure .Gov.”
Executive Branch Activity
Office of Personnel and Management Response
In light of the massive infiltration of the Office of Personnel and Management’s (OPM) data system, the President has seen increased pressure from Congress, industry, and experts to issue a strong response. While the White House has yet to specifically name China as the responsible party for the cyber attack, many stakeholders and experts would like to see the White House begin to develop a more structured way of deterring cyber “warfare”. However, it is important to note all interested parties seem to be having trouble agreeing on what exactly the proper deterrent should be for these repeated hacks and intrusions.
Information Sharing Entities Face Challenges
Last week the U.S. Department of Homeland Security (DHS) held a workshop to discuss the agency’s plans to help guide the development of information sharing and analysis organizations (ISAOs). Through this workshop the agency announced they will pick a non-governmental agency to spearhead the development of standards for the ISAOs this summer as well as discussed the fundamentals of how an ISAO would operate. While no specifics or substantial developments were agreed upon, the Department plans on developing a white paper to inform a second workshop next month in California. The hope is that the white paper will provide some substantial ideas for how to define an ISAO for participants to comment on.