Legislative Activity

National Defense Authorization Act Passes the House with Cyber Amendments

Last week, the House passed the National Defense Authorization Act (NDAA) for FY 2016 by a 269-151 vote. During the floor debate, a number of amendments related to cybersecurity were added to the bill. Rep. Mark Walker (R-NC) offered two amendments that both were included in the final bill – one regarding how defense contractors share information on cyber threat indicators with the federal government and a second amendment related to cyber acquisition standards. In addition, Rep. Will Hurd (R-TX) also introduced a successful amendment that would allow the Department of Defense to pay for cyber certifications and training for its cyber professionals.

The Senate Armed Services Committee also marked up its NDAA bill last week. The bill is expected to be considered on the Senate floor this summer. As international relations with Russia and China continue to be contentious and concerns about terrorism continue, we expect the Senate to seek to add additional cybersecurity amendments on the Senate floor.

This Week’s Hearings:

  • Tuesday, May 19: The House Financial Services Subcommittee on Financial Institutions and Consumer Credit will hold a hearing titled “Protecting Critical Infrastructure: How the Financial Sector Addresses Cyber Threats.”

Executive Branch Activity

ISAO Created as Part of President Obama’s February Executive Order

Last week, the Defense Security Information Exchange officially announced that it would be rebranded as the Defense Industrial Base Information Sharing and Analysis Organization (ISAO). This is the first official ISAO that has been named since President Obama issued his Executive Order in February calling for the creation of a network of ISAOs to share cyber threat information between a variety of public and private sector entities. Other groups, such as the American Bar Association and the state of Virginia, have indicated their interest in creating an ISAO as well.

The U.S. Department of Homeland Security (DHS) will hold a workshop on June 9 in Cambridge, Massachusetts to discuss ISAO engagements and how to form an ISAO. In addition, DHS is working to identify an organization that will set up and manage the ISAO Standards Organization, which is charged with drafting a set of voluntary guidelines for the creation and function of ISAOs. The Department is expected to announce the organization this summer so that it will be fully functioning by this fall.

Department of State Not Planning to Update International Strategy for Cybersecurity

At a Senate Foreign Relations Committee hearing last week, U.S. State Department Coordinator for Cyber Issues Christopher Painter indicated that the State Department does not plan to update its 2011 International Strategy for Cyberspace. Many of the Senators and witnesses at the hearing called on the Department to update the strategy given that the threat of cyber attacks from other countries has increased and changed significantly since the time that the strategy was updated. At the hearing, Painter noted that the strategy document was intended to serve as a “high-level” document so the overall goals have not changed and do not necessarily need to be updated.