Legislative Activity

Congress Considers Information Sharing Legislation

This Wednesday, the Senate Homeland Security and Governmental Affairs Committee (HSGAC) will host a hearing to discuss information sharing legislation, which is a priority for the HSGAC Chairman Ron Johnson (R-WI). Chairman Johnson is expected to work with the Senate Intelligence Committee to draft and consider information sharing legislation this year but has not indicated a timeline for movement on a bill.

On the House side, House Homeland Security Committee Chairman Michael McCaul (R-TX) recently stated that he has started working on information sharing legislation that would “address the legal barriers that companies face to share information.” He is currently meeting with other committees and industry stakeholders to put together a bill that would clarify that the SAFETY Act applies to cyber attacks, provide additional liability protection for companies that share information on cyber threats, and update provisions related to information sharing with the National Cybersecurity and Communications Information Center (NCCIC). Chairman McCaul noted that he is looking to begin hearings on the topic of information sharing as early as February.

In addition, the House Intelligence Committee is also working to draft legislation that would focus on cyber threat information sharing that occurs with the National Security Agency. The new House Intelligence Committee Chairman Devin Nunes (R-CA) has indicated that this is also one of his priorities and will be working closely with Chairman McCaul to develop the legislation.

Data Security Remains a Priority for the 114th Congress

In addition to information sharing legislation, it is also very likely that the 114th Congress will consider data security legislation in the coming months. As noted below, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will host a hearing on the topic this week and other committees are likely to join in on the debate surrounding how to address data breaches when they occur. Chairman of the Subcommittee on Commerce, Manufacturing and Trade Michael Burgess (R-TX) said that he will be releasing a draft data breach bill in the coming days and plans to mark up the bill in February. These efforts will build on the work that former Rep. Lee Terry (R-NE) started last year before he lost in the November election. Additionally, Rep. Marsha Blackburn (R-TN) and Peter Welch (D-VT) have said that they are working on data breach legislation as well. All of these bills are expected to create a federal data breach notification law that would streamline and clarify what companies are required to do in the event of a data breach given that there are currently 47 different state standards that companies are required to follow.

The Senate is also actively engaged on data security legislation. Senate Commerce, Science and Transportation Committee Chairman John Thune (R-SD) has listed data breach legislation as one of his top priorities in the 114th Congress and the committee’s Ranking Member Bill Nelson (D-FL) introduced his own bill last week (S. 177). Senate Judiciary Committee Chairman Chuck Grassley (R-IA) said that he is also drafting a data breach notification bill and said that it would be one of the first pieces of legislation that he introduces this year.

This Week’s Hearings:

  • Tuesday, January 27: The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will host a hearing titled “What are the Elements of Sound Data Breach Legislation?”
  • Tuesday, January 27: The House Science, Space and Technology Subcommittee on Research and Technology will host a hearing titled “The Expanding Cyber Threat.” The hearing will feature witnesses from the National Science Foundation (NSF), the National Institute of Standards and Technology (NIST), Symantec Corporation, and the Information Technology Industry Council.
  • Wednesday, January 28: The Senate Homeland Security and Governmental Affairs Committee will host a hearing titled “Protecting America from Cyber Attacks: The Importance of Information Sharing.”

Regulatory Activity

White House Underscores the Importance of Quick Action on Cybersecurity

Leading up to last week’s State of the Union address, President Obama made a number of announcements related to cybersecurity and also released legislative proposals focused on information sharing, data breach notification, and law enforcement authorities and tools for dealing with cyber crime. He also referenced these announcements and the importance of moving forward on cybersecurity issues in his annual State of the Union speech last week. While Members of Congress have expressed their willingness to work with the White House on these issues, it is likely that the President’s legislative proposals will serve as a template for the Administration’s priorities but they are not expected to be introduced in Congress as many Members are working on separate legislation to address these issues.

U.S. and UK Agree to Work Together on Cybersecurity

The President recently met with United Kingdom Prime Minister David Cameron to discuss cooperation between the two nations on cybersecurity issues. After the meetings between the two leaders, the White House released a fact sheet detailing the work that the U.S. and UK agreed to in the meetings. The two countries plan to host a joint cyber exercise focused on the financial sector in the coming year. Additionally, they plan to work with industry to promote cybersecurity best practices and standards, including the NIST Cybersecurity Framework and the UK’s Cyber Essentials system.