While Congress has tried to pass major cybersecurity legislation for the last few years, this week marks what could be a major step forward in finally getting a bill to the President’s desk.
The House leadership has scheduled four cybersecurity bills for votes on Thursday and Friday of this week. The bills up for consideration concern information sharing between the government and the private sector, an overhaul of the law covering how federal government systems manage cybersecurity, and research and development in cybersecurity.
Arguably none of these bills are properly comprehensive, but House leadership opted for a strategy of handling a number of bills across the cybersecurity landscape. The Senate is focused on approving a single comprehensive bill, though some Republicans have placed their support behind another bill. The issues of contention for the Senate bills are the roles played by the Homeland Security Department and the National Security Agency, as well as the level of regulation in the bills.
Given the multiple bills at play (only some of which have been mentioned in this post), USACM has prepared this statement outlining its interests in cybersecurity legislation. It’s important that cybersecurity legislation ensures that:
- Any information sharing must include protections for personally identifiable information;
- Unnecessary restriction of cybersecurity risk management options;
- There are no broad certification requirements for cybersecurity professionals;
- Cybersecurity education should include systems analysis and design;
- There is continued federal support for cybersecurity research and development; and
- There are targeted sets of cybersecurity standards.
What happens later this week on the floor of the House will be the first part of a longer process. The next steps should follow in the Senate in a matter of weeks.
April 26 – Edited to note that the E-Verify hearing has been postponed.
April 24 – Edited to add E-Verify hearing for April 27.
The House is expected to consider four cybersecurity bills on Thursday and Friday, April 26 and 27.
The Senate Commerce, Science and Transportation Committee will hold a hearing on the migration of video viewing from broadcast and cable television to internet-enabled transmission mechanisms.
10 a.m., 253 Russell Building
The Subcommittee on Oversight, Investigations and Management of the House Homeland Security Committee will hold a hearing on the need to act on cybersecurity.
2 p.m., 311 Cannon Building
Two subcommittees of the House Homeland Security Committee will hold a hearing on the cybersecurity threats posed by Iran.
10 a.m., 311 Cannon Building
Hearing has been postponed.
The Subcommittee on Immigration Policy and Enforcement of the House Judiciary Committee will hold a hearing on electronic employment verification.
9:15 a.m., 2141 Rayburn Building
April 17 – Edited to add House Homeland Security markup on April 18
The House Oversight and Government Reform Committee will review a bill to update the Federal Information Security Management Act.
10 a.m., 2154 Rayburn Building
The House Homeland Security Committee will review a bill on information sharing related to cybersecurity.
10 a.m., 311 Cannon Building
The Immigration Subcommittee of the House Judiciary Committee will hold a hearing on electronic employment eligibility systems and document fraud.
11:15 a.m., 2141 Rayburn Building
The Human Resources Subcommittee of the House Ways and Means Committee will hold a hearing on how technology can help better target benefits and reduce waste, fraud, and abuse.
10 a.m., 1100 Longworth Building
Part of the Obama Administration’s proposed online privacy initiative involves consumer data privacy codes of conduct. These codes would be developed through a multi-stakeholder process, and the National Telecommunications and Information Administration (NTIA) is responsible for convening those processes.
To that end, NTIA released a request for comment in early March (the deadline was extended to April 2), and USACM filed comments earlier today. Much like our comments on the governance of the National Strategy for Trusted Identities in Cyberspace (NSTIC), the request and our comments are focused on issues of process and focus.
In our comments we encourage the NTIA to focus not only on the technologies and applications identified in their request for comment, but also to consider the assessments of privacy risks associated with these technologies and applications. We also recommended that the process – both the meetings and the output of those meetings – be made available to the public in formats that are easily reusable. Much like with NSTIC, trust is going to be an important contributor to the success or failure of the consumer data privacy codes of conduct.