While Congress has tried to pass major cybersecurity legislation for the last few years, this week marks what could be a major step forward in finally getting a bill to the President’s desk.
The House leadership has scheduled four cybersecurity bills for votes on Thursday and Friday of this week. The bills up for consideration concern information sharing between the government and the private sector, an overhaul of the law covering how federal government systems manage cybersecurity, and research and development in cybersecurity.
Arguably none of these bills are properly comprehensive, but House leadership opted for a strategy of handling a number of bills across the cybersecurity landscape. The Senate is focused on approving a single comprehensive bill, though some Republicans have placed their support behind another bill. The issues of contention for the Senate bills are the roles played by the Homeland Security Department and the National Security Agency, as well as the level of regulation in the bills.
Given the multiple bills at play (only some of which have been mentioned in this post), USACM has prepared this statement outlining its interests in cybersecurity legislation. It’s important that cybersecurity legislation ensures that:
- Any information sharing must include protections for personally identifiable information;
- Unnecessary restriction of cybersecurity risk management options;
- There are no broad certification requirements for cybersecurity professionals;
- Cybersecurity education should include systems analysis and design;
- There is continued federal support for cybersecurity research and development; and
- There are targeted sets of cybersecurity standards.
What happens later this week on the floor of the House will be the first part of a longer process. The next steps should follow in the Senate in a matter of weeks.