About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (March 1, 2017)

handle is hein.crs/govcezy0001 and id is 1 raw text is: FF.ri E.$~ & March 1, 2017 Cybersecurity Legislation in the 113th and 114th Congresses The legislative framework for cybersecurity is complex, with more than 50 federal laws affecting various aspects of it. Nevertheless, since the 11 Ith Congress, more than 300 bills have been introduced that would address a range of cybersecurity issues. Several that were enacted in the 113th and 114th Congresses are discussed below. Those bills addressed five main topics: Protection of Federal Information Systems: updating federal agency requirements to reflect changes in technology and the threat landscape, and establishing Department of Homeland Security (DHS) authorities to protect federal systems. Information Sharing: facilitating public- and private- sector sharing of information on cyberthreats and defensive measures and permitting private-sector entities to monitor and operate defenses on their information systems. Statutory Authorization of Ongoing Activities: * DHS-the National Cybersecurity and Communications Integration Center (NCCIC) and the intrusion-protection system known as EINSTEIN. * National Institute of Standards and Technology (NIST)-relating to the Framework for Improving Critical Infrastructure (CI) Cybersecurity and the National Initiative for Cybersecurity Education (NICE). * National Science Foundation (NSF)-the CyberCorps: Scholarship-for-Service program to train new cybersecurity professionals. Research and Development (R&D): requiring a multiagency strategic plan for cybersecurity R&D and specifying areas of research for NSF. Federal Cybersecurity Workforce: requiring the Office of Personnel Management (OPM) to establish and implement an employment-code structure for federal cybersecurity personnel and improving the size, skills, and preparation of the DHS cybersecurity workforce, including recruitment. Other Provisions required the following: * DHS to develop and exercise incident-response plans for cybersecurity risks to CI, * DHS and NIST to assist states in improving cybersecurity for emergency response networks, * the Department of Health and Human Services (HHS) to assist the healthcare sector in reducing cybersecurity risks, * the Office of Management and Budget (OMB) to establish procedures for notification and other responses to federal agency data breaches of personal information, * the Department of State to produce an international cyberspace policy and engage in international consultations on measures against cybercriminals, and * various federal agencies to report to Congress on specified cybersecurity topics and activities. The provisions summarized above are in the bills cited in Table 1. Table I. Cybersecurity Laws Enacted in 2014 and 2015 Public Law Title P.L. 113-246 Cybersecurity Workforce Assessment Act P.L. 113-274 Cybersecurity Enhancement Act of 2014 P.L. 113-277 Border Patrol Agent Pay Reform Act of 2014 P.L. 113-282 National Cybersecurity Protection Act of 2014- NCPA P.L. 113-283 Federal Information Security Modernization Act of 2014-FISMA 2014 P.L. 114-113 Cybersecurity Act of 2015 (Division N)-CSA Cybersecurity Information Sharing Act (Title I)- CISA National Cybersecurity Protection Advancement Act of 2015 (Subtitle A of Title II)-NCPPA Federal Cybersecurity Enhancement Act of 2015 (Subtitle B of Title II)-FCEA Federal Cybersecurity Workforce Assessment Act of 2015 (Title III) Other Cyber Matters (Title IV) Source: CRS. The Cybersecurity Workforce Assessment Act required an assessment by DHS of its cybersecurity workforce and development of a workforce strategy. The Border Patrol Agent Pay Reform Act of 2014 provided additional hiring and compensation authorities to DHS and required a DHS assessment of workforce needs. The Cybersecurity Enhancement Act contained the provisions on R&D and on NIST and NSF program authorizations described above. NCPA provided statutory authority for the DHS NCCIC, and specified both public- and private-sector members. The act gave NCCIC responsibility for sharing timely and actionable cybersecurity information, providing situational awareness and coordination of information across sectors, performing integration and analysis of risks and incidents, providing technical assistance upon request, and making recommendations for improving cybersecurity. The act also requires DHS to develop and exercise incident- response plans for cybersecurity risks to CI and to provide security clearances to appropriate representatives. 'O 'T gognko g-o , q 'S a X 11L\U\k\N'\1kJ\W'

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most