Last week, the U.S. House of Representatives passed a slate of four cybersecurity bills as part of “Cyber Week." Here is a brief recap of the House activity:
- On Thursday, April 26, the House approved H.R. 3523, the Cyber Intelligence Sharing and Protection Act, by a vote of 248-168. The final version of the bill included amendments that addressed definitions of what information can be shared, limiting it to information linked specifically to threats to government or private networks (“cyber threat information”). An amendment offered by Rep. Mike Pompeo (R-KS) and approved by the House clarified that the Act would not alter or add government authority over private networks. Another approved amendment, offered by Rep. Ben Quayle (R-AZ), limits the use of cyber threat information, received by the government from the private sector, for cybersecurity purposes and for certain other specified purposes, including its use to prevent cyber threats and crimes to citizens that could cause them death or serious bodily harm, and its use to protect minors from sexual crimes and pornography. The bill was also amended to have it require reauthorization (or “sunset”) after five years.
- The House also passed, on Thursday, H.R. 4257, the Federal Information Security Amendments Act of 2012, by voice vote. This bill amends the Federal Information Security Management Act (FISMA) to harmonize information security programs across civilian government agencies, in part, by updating FISMA to refocus agency cybersecurity programs on proactively countering threats through automated and continuous monitoring of network systems activity, and to take advantage of commercially-developed information security technologies to do so.
- On Friday, April 27, the House finished its Cyber Week work by passing H.R. 2096, the Cybersecurity Enhancement Act of 2012, by a vote of 395-10, and passing H.R. 3834, the Advancing America's Networking and Information Technology Research and Development Act of 2012, by voice vote. These bills would enhance national cybersecurity research and development (R&D) as well as interagency planning and coordination.
Upon passage, these four bills were delivered to the Senate and will await further consideration there. The Senate is expected to take up cybersecurity legislation sometime next month.