In the final days of 2014, President Obama signed four cybersecurity bills into law. While none likely will have a direct impact – at least for now – on most companies, they signal ongoing concern with cybersecurity from the executive branch. The Cybersecurity Enhancement Act of 2014 (S.1353) directs the National Institute of Standards and Technology to disseminate cybersecurity technical standards and best practices in an effort to make best practices usable by individuals, small to medium-sized business, educational institutions, and state and local governments. The National Cybersecurity Protection Act of 2014 (bill S.2519) charges the DHS National Cybersecurity Communications Integration Center with sharing information about cybersecurity risks, incidents, analysis, and warnings. The Center’s responsibilities also include providing technical assistance and risk management support when requested. The Cybersecurity Workforce Assessment Act (H.R. 2952) requires the Secretary of Homeland Security to assess the DHS’ readiness and capacity to meet its cybersecurity mission and produce a strategy to enhance its capacity, training, and recruitment of the DHS’ cybersecurity workforce. Finally, Bill S. 2521 amends the Federal Information Security Management Act of 2002 by requiring (a) an assessment of the effectiveness of the federal information security policies, and (b) agency compliance with safeguards designed to protect against information security threats, vulnerabilities, and risks.
TIP: These laws are likely to be only four of many that we will see on the cybersecurity front in 2015, and serve as a reminder for companies to take the time to ensure that their security “houses” are in order.