Thursday, February 2, 2012

DHS authority would increase under Lungren cybersec bill

From Fierce Government:


DHS authority would increase under Lungren cybersec bill

February 2, 2012 — 12:07pm ET | By 
 
Cybersecurity legislation now moving through the House would increase the Homeland Security Department's authority to coordinate cybersecurity activities across government, identify risks and performance standards throughout the private sector, and establish a cyber-threat information sharing body.
Despite having the same bill number, H.R. 3674 (.pdf), and sponsor, the bill passed Feb. 1 by the House Homeland Security subcommittee on cybersecurity, infrastructure protection and security technologies was an amendment in the nature of a substitute offered by subcommittee chairman Rep. Dan Lungren (R-Calif.)--indicating significant changes from the December version. In addition, the subcommittee agreed to eight amendments before a unanimous voice vote on the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011, or the PRECISE Act.
Lungren's bill draws heavily from recommendations made by a cybersecurity task force, led by Mac Thornberry (R-Texas) in October 2011.
"We know voluntary guidelines simply have not worked," said bill co-sponsor Rep. Jim Langevin (D-R.I.) in a statement, adding that government must set "security guidelines and ensure they are followed" by federal agencies and critical infrastructure companies.
If passed in its current state, DHS will make a determination on what is and is not considered "critical infrastructure" that requires federal cybersecurity oversight. DHS's ability to enforce cybersecurity standards is unclear, however, as the bill would not allow DHS to penalize or fine critical infrastructure companies that do not follow it's guidance.
If approved in its current state, DHS would be required to stand up the National Information Sharing Organization, or NISO. This industry controlled, non-profit group would facilitate best practices, provide technical assistance, and information sharing across critical infrastructure and the federal government.
DHS would also establish a federally-run, online portal for existing groups to coordinate online training, best practices, and other cybersecurity integration efforts. DHS would have to coordinate a plan for using federal cyber assets for disaster response efforts.
Among the approved amendments to the rewritten version of H.R. 3674 is a requirement, proposed by Rep. Michael McCaul (R-Texas), that DHS report to Congress which foreign actors and terrorist groups pose the most significant cybersecurity threat to critical infrastructure. Another accepted amendment, from Rep. Patrick Meehan (R-Penn.), seeks to eliminate redundant requirements on agencies and critical infrastructure once reviewed against DHS-identified risks.
H.R. 3674, as amended during the Feb. 1 markup, will be sent to full committee.
"As for the process, after we report this bill out to the whole House it's a bit unclear," said to Kevin Gronberg, senior counsel to the House Committee on Homeland Security.
Cybersecurity-related bills from various committees could be passed separately off the floor and conferenced with the Senate bill, or they could be held in the house and combined for a broader bill, Gronberg said.
An adviser to Senate Majority Leader Harry Reid (D-Nev.) recently committed to bringing up cyber legislation early this year.
For more:
download H.R. 3674 as introduced in subcommittee (.pdf)
see the Langevin press release
see a statement from the House Homeland Security Committee


Read more: DHS authority would increase under Lungren cybersec bill - FierceGovernmentIT http://www.fiercegovernmentit.com/story/dhs-authority-would-increase-under-lungren-cybersec-bill/2012-02-02?utm_medium=nl&utm_source=internal#ixzz1lGehyaNj
Subscribe: http://www.fiercegovernmentit.com/signup?sourceform=Viral-Tynt-FierceGovernmentIT-FierceGovernmentIT
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)