Cybersecurity continues to be a high priority for both Congress and the Administration in 2013. After President Obama issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the Department of Homeland Security and the National Institute of Standards and Technology (NIST) have been actively working to develop a framework for protecting critical infrastructure by 2014. As part of this process, NIST has held three Cybersecurity Framework Workshops for stakeholders to participate in the development of the framework. In addition to the workshops, stakeholders have been encouraged to provide comments on each draft of the proposed framework. The fourth Cybersecurity Framework Workshop will be held at the University of Texas at Dallas from September 11 to 13.
In addition to the work following the Executive Order, the many committees of jurisdiction in the House and Senate have been working on cybersecurity legislation. While the strategy in previous years has been to work toward a comprehensive cyber package, this year Congress is taking a more piecemeal approach. Each committee has been working on the areas of cybersecurity that fall under their jurisdiction.
For example, the Senate Commerce Committee passed the bipartisan Cybersecurity Act of 2013 (S. 1353) on July 30. This bill largely focuses on Department of Commerce’s cybersecurity authority through NIST, which is under the Commerce Committee’s jurisdiction. The Senate Homeland Security and Governmental Affairs Committee is focusing on Federal Information Security and Management Act (FISMA) and IT workforce issues, but it has not drafted a bill yet. The Senate Intelligence Committee is tasked with information sharing, which is more controversial than other cyber issues. Chairman Dianne Feinstein (D-CA) and Ranking Member Saxby Chambliss (R-GA) have drafted a bipartisan bill which would bolster cyber threat information sharing between government and industry. The Commerce Committee bill is the one most likely to see floor time before the end of the year.
On the House side, a number of cyber bills have passed earlier this year, including the Cyber Intelligence Sharing and Protection Act (CISPA) and the Federal Information Security Amendments Act of 2013. In addition, Chairman Michael McCaul (R-TX) of the Homeland Security Committee is working on the National Cybersecurity and Critical Infrastructure Protection Act, which addresses cybersecurity threats to critical infrastructure and seeks to facilitate actionable and real time cyber threat information sharing. The bill is expected to be formally introduced and marked up in the fall.
National Security Agency: In the aftermath of former NSA contractor Edward Snowden’s leak of documents detailing the National Security Agency’s mass surveillance programs, the House Intelligence Committee held a hearing on the NSA’s activities in June, where an array of federal officials defended the government’s actions while decrying the actions of Mr. Snowden. With more details coming to light over the recess, Senate Judiciary Chairman Patrick Leahy (D-VT) said that his committee will convene a hearing in the near future to determine how the NSA is ensuring that it respects the rights of American citizens and to ensure that Congress and the Federal Intelligence Surveillance Court can conduct proper oversight.