Congress failed to pass major cyber-security reform during the 2012 legislative session. In the Senate, Democratic Majority Leader Harry Reid (D-NV) pushed the “Secure Act of 2012” to a floor vote, but failed to get the necessary votes. In the House, Republican Majority Leader John Boehner (R-OH) advocated for a cyber-security reform through a series of individual bills as opposed to one comprehensive bill as a step toward enhancing America’s defenses on cyber-security.
At the start of 2013, we have seen a reboot of the discussion on the need for cyber-security reform, but each chamber is taking the same approach as last time, with the Senate seeking to push one major bill and the House seeking to push several individual bills.
However, there are two new developments in 2013 that may push Congress to act. First, earlier this year the Obama Administration issued an executive order on cyber-security directing federal agencies to improve their cyber-security efforts, including the sharing of information about cyber-threats and attacks with the private sector.
Second, the Obama Administration undertook a more direct role by publicly raising concerns with the Chinese government about cyber-security attacks on U.S. interests.
These developments have raised the stakes on Congress and the IT industry to do more to ensure the passage of cyber-security reform. There is recognition that the U.S. economy is vulnerable to a major cyber-security attack from abroad, so the sense of urgency on the Hill is real.
To address the need for cyber-reform, the House Leadership has announced that April 15 to 19, 2013, will be “cyber week.” There are at least four bills that will be put up for votes:
- H.R. 624: Cyber Intelligence Sharing and Protection Act (HPSCI).
- H.R. 1163: Federal Information Security Amendments Act of 2013 (OGR).
- H.R. 756: Cyber-security Enhancement Act of 2013.
- H.R. 967: Advancing America’s Networking and Information Technology Research and Development Act of 2013 (Science).
Combined, these bills would create a new framework for the sharing of information between the federal government and critical infrastructure owners and operators. The Federal Information Security Management (FISMA) Act would be reformed to incorporate a model of “continuous monitoring.” Finally, several federal agencies would be granted authority to continue, resume or create new programs designed to increase the U.S. government capacity for research and development focused on cyber-security.