Enacting Cyber Law Remains Possibility

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/blogs/enacting-cyber-law-remains-possibility-p-1779

It's not just the Almighty who works in mysterious ways; Congress, too, can
be enigmatic as it legislates.

Conventional wisdom holds that Congress has run out of time in the waning
days of the 113th Congress to enact significant cybersecurity legislation.
After all, lawmakers over the past six years have mostly agreed on major
aspects of various cybersecurity measures, yet none has been approved by
both houses of Congress.

But there's nothing conventional about Congress, and word surfaced this
past week that lawmakers and their staffs were working behind the scenes to
get one or perhaps two pieces of cybersecurity legislation enacted.

"Chairman Carper continues to work closely with his colleagues in the
Senate and the House and is hopeful cybersecurity legislation will pass
before the end of the year," says a committee aide to Senate Homeland
Security and Governmental Affairs Chairman Tom Carper, D-Del., speaking on
background.

"That being said, there's still much more work to do in this area," the
committee aide says. "He plans to continue to pursue cybersecurity as a top
priority in the 114th Congress."

With the 114th Congress convening Jan. 6, Democrats lose their majority in
the Senate and Carper surrenders his chairmanship to Sen. Ron Johnson,
R-Wis., and becomes the ranking member of the Senate panel.

Best Chance for Passage

The cybersecurity bill given the best chance to be voted on this year in
the Senate is the National Cybersecurity and Critical Infrastructure
Protection Act of 2014, sponsored by House Homeland Security Committee
Chairman Mike McCaul, R.-Texas. That measure passed the House of
Representatives with bipartisan support by a voice vote on July 28 (see How
House Passed 3 Cybersecurity Bills).

McCaul's congressional staff confirms that he told The Hill newspaper that
"a lot of intense negotiations" are going on regarding his bill. His staff
also confirms comments McCaul made at a Chamber of Commerce event on Dec.
3: "There had been some movement in the Senate. ... This would be the most
significant piece of cyber legislation that's been passed by the United
States Congress."

The National Cybersecurity and Critical Infrastructure Protection Act, if
enacted, would codify the  National Cybersecurity and Communications
Integration Center, an agency within the Department of Homeland Security
that fosters real-time cyberthreat information sharing with critical
infrastructure operators. It also would establish an equal partnership
between industry and DHS, and ensure that DHS recognizes industry-led
organizations to expedite critical infrastructure protection and incident
response. A Senate panel earlier this year passed a similar, but not as
comprehensive bill codifying the integration center. For a bill to become
law, both houses must pass legislation with identical language.

Should the National Cybersecurity and Critical Infrastructure Protection
Act come up for a Senate vote, it would be done under a process known as a
"hotline" in which senators agree to bring up a bill for a vote without
debate or amendments. Any vote would require the unanimous consent of the
senators. If one senator objects, the bill would not be voted on.

To hasten enactment, the Senate would need to pass the exact bill the House
approved or have McCaul and House leaders agree in advance to the language
of a Senate version of the bill so the House could quickly vote on it.

Reforming FISMA Remains Hope

Supporters of legislation to reform the the Federal Information Security
Management Act, the law that governs federal government information
security, hold out hope that the bill could find its way to the Oval Office.

The FISMA reform measure, known as the Federal Information Security
Modernization Act, passed the Senate Homeland Security and Governmental
Affairs Committee last June, but Senate Majority Leader Harry Reid, D-Nev.,
had not scheduled a floor vote on the measure. Word bubbling up from the
inner sanctums of the Capitol says FISMA reform is being "hotlined," but
getting all senators to agree on the wording of FISMA reform would require
a lot of compromise. The version of FISMA reform that passed the House last
year (see FISMA Reform Passes House on 416-0 Vote) does not include Senate
provisions to give DHS added authority to help direct the cybersecurity of
federal civilian agencies (see FISMA Reform Heads to Senate Floor).

Because of those differences, it's unlikely FISMA reform would pass this
year. Yet, don't bet against it; stranger things have happened in Congress.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!