On October 6, 2015, the U.S. House of Representatives passed theDepartment of Homeland Security Cybersecurity Strategy Act of 2015 (the “Cybersecurity Strategy Act”), which, if enacted, would require the Department of Homeland Security (“DHS”) to develop a formal cybersecurity strategy. The legislation, H.R. 3510, calls for DHS to develop a departmental strategy to carry out its cybersecurity responsibilities no later than 60 days after the date of the enactment. The bill specifies that the strategy shall include “strategic and operational goals and priorities” as well as “information on the programs, policies, and activities that are required to successfully execute the full range of the Secretary’s cybersecurity responsibilities.”
The lead sponsor of the measure, House Homeland Security Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee Ranking Member Cedric Richmond (D-LA), remarked that “an important part of improving our nation's cybersecurity is making sure that the Department of Homeland Security is able to defend our nation and its people from cyber-attacks.” He further stated that the legislation “is proof that there is bipartisan support for finding effective solutions to this issue, and that we are not content to leave security to improvisation.”
The Cybersecurity Strategy Act was introduced on September 15, reported out of Committee on September 30, and passed the House last week easily by a voice vote. The bill now heads over to the Senate where the upper chamber is also expected to consider S. 754, the Cybersecurity Information Sharing Act(“CISA”), intended to address how companies can share cyber threat information with the federal government. The bill creates incentives to increase the sharing of cybersecurity threat information, without compelling the sharing of data, and offers liability protection to companies that share their threat information. CISA was passed out of the Senate Intelligence Committee in March 2015.
CISA could be brought to the Senate floor as early as next week when Congress returns from the weeklong Columbus Day recess, according to comments made by Senate Intelligence Committee Chairman Richard Burr (R-NC) and Ranking Member Dianne Feinstein (D-CA) during a recent U.S. Chamber cybersecurity summit.
Should the Senate ultimately pass the CISA bill, the measure will be packaged with information sharing bills passed by the House earlier this year. Importantly, the Obama Administration backs the legislation, and White House cyber czar Michael Daniel called the measure a "critical piece of enhancing the nation’s cybersecurity."