Legislative Activity

Congress Moves Forward on Information Sharing Legislation

Last week, the Senate Select Committee on Intelligence held a closed mark-up to consider the Cybersecurity Information Sharing Act (CISA) passing the bill out of committee by a 14-1 vote. Senator Ron Wyden (D-OR) was the only Senator to vote against the bill. The White House and other Democratic Members of Congress had expressed their concerns before the mark-up that the bill in its previous form did not go far enough in its privacy protections and would allow for more data collection by the National Security Agency. At the mark-up, the Committee considered 15 amendments related to privacy issues and 12 of the amendments were incorporated into the bill that the Committee approved to address these concerns.

Senate Intelligence Committee Chairman Richard Burr (R-NC) indicated his hopes that the almost unanimous vote on the bill would convince the Senate leadership to bring the bill to the floor quickly in April. Senate Homeland Security and Governmental Affairs Committee (HSGAC) Chairman Ron Johnson (R-WI) has stated that he is supportive of CISA, particularly the bill’s inclusion of strong liability protections for private sector companies that share cyber threat information, and pledged his support to work with the Senate Intelligence Committee on full passage by the Senate. Senate Majority Leader Mitch McConnell (R-KY) previously said that cybersecurity information sharing legislation is a priority for the Senate but has not indicated a specific timeline for its consideration on the Senate floor.

On Thursday, the House Permanent Select Committee on Intelligence will hold a hearing on information sharing legislation after it was previously postponed due to inclement weather. The Committee is expected to release its own information sharing legislation soon, which many stakeholders expect to resemble CISA. The bill could be marked up in the Committee as early as the week of March 23.

This Week’s Hearings:

  • Wednesday, March 18: The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will hold a hearing to examine the discussion draft of the Data Security and Breach Notification Act of 2015.
  • Wednesday, March 18: The House Oversight and Government Reform Subcommittee on Information Technology will hold a hearing titled “Cybersecurity: The Evolving Nature of Cyber Threats Facing the Private Sector.”
  • Thursday, March 19: The House Permanent Select Committee on Intelligence will hold a hearing titled “The Growing Cyber Threat and its Impact on American Business.”
  • Thursday, March 19: The Senate Commerce, Science and Transportation Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security will hold a hearing titled “Examining the Evolving Cyber Insurance Marketplace.”
  • Thursday, March 19: The Senate Armed Services Committee will host a hearing on the Defense Authorization Request for FY 2016 for the U.S. Strategic Command, U.S. Transportation Command, and U.S. Cyber Command.

Regulatory Activity

NIST Releases Preliminary Framework for Cyber-Physical Systems

Last week, a National Institute of Standards and Technology (NIST) working group released its preliminary discussion draft of the Framework for Cyber-Physical Systems. Cyber-physical systems are defined by NIST as “smart systems that include co-engineered interacting networks of physical and computational components.” The preliminary framework aims to integrate privacy, cybersecurity, and interoperability for cyber-physical systems and will be the main topic of discussion at the working group’s upcoming meeting on April 7-8. The working group plans to release a final version of the framework and a roadmap for cyber-physical systems by 2016.