On December 18, President Obama signed five cybersecurity-related bills into law; an attempt to increase cyber protection in the wake of recent data breaches. This is the first time in 12 years that any significant cybersecurity legislation has become law, and the bills come at a crucial time according to the bill’s sponsors. Cyber attacks reported by federal agencies have increased nearly 680 percent over the past six years.
The first bill is the Federal Information Security Modernization Act, which eliminates the 12-year-old security review process that requires agencies to submit a checklist showing their IT processes comply with security standards and controls. Now, agencies are required to continuously monitor their systems. Additionally, the law codifies the practice of having the Office of Management and Budget determine IT security policies for federal agencies.
The second is the Homeland Security Workforce Assessment Act, a rider on the Border Patrol Agent Pay Reform Act, which more efficiently identifies and fills cybersecurity positions at the Department of Homeland Security (DHS). One provision of this law provides more competitive compensation to cybersecurity professionals. This law addresses the previous “slow and cumbersome hiring procedures” which have challenged DHS from competing for scarce cybersecurity talent in the past.
Third is the Cybersecurity Workforce Assessment Act, which requires DHS to adopt new strategies to enhance recruitment, training, and retention of its cybersecurity workforce.
Fourth is the National Cybersecurity Protection Act, which codifies the department’s national cybersecurity center, the National Cybersecurity and Communications Integration Center. The center will be open continuously and serve as a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The center will facilitate the sharing of information to provide better understanding of cybersecurity risks, incidents, and recovery actions.
Finally, the Cybersecurity Enhancement Act authorizes the Department of Commerce to assist in developing voluntary standards to effectively reduce the threat of cyber-risks.” The law also calls for the development of a federal cybersecurity research and development plan.
The bills aim to enhance the oversight of federal information security systems to better protect government agencies from cyber attacks.