Cybersecurity activity bubbled along at a low simmer throughout the 113th Congress. Despite the fact that more than two dozen cybersecurity and data breach bills were introduced, along with several Congressional hearings on the topic, nothing has been signed into law.
But what is the fruit de jour on Capitol Hill this time of year? The kind that hangs low. Congress finally passed four cybersecurity bills this week! And they have broad industry support! Here are the bills that are headed to the President’s desk for his autograph:
H.R. 2952 Cybersecurity Workforce Assessment Act – passed the Senate on Wednesday and passed the House on Thursday. This bill was originally Rep. Patrick Meehan’s Critical Infrastructure Research and Development Advancement Act when it passed the House in July. The Senate stripped out the House language and inserted new language requiring the Secretary of Homeland Security to evaluate the cybersecurity workforce and develop a plan to enhance it. This new language made it the Cybersecurity Workforce Assessment Act.
2519 National Cybersecurity Protection Act— passed the Senate on Wednesday and passed the House on Thursday. This bill codifies some DHS authorities on federal and national cybersecurity and authorizes the National Cybersecurity and Communications Integration Center (NCCIC) at DHS.
2521 Federal Information Security Modernization Act (FISMA)—passed the Senate on Monday and passed the House on Wednesday.
1691 Border Patrol Agent Reform Act—passed the Senate in September and passed the House on Wednesday. This bill includes language from Senator Carper’s DHS Cybersecurity Workforce Recruitment and Retention Act, which would help the Department of Homeland Security recruit and retain cyber professionals.
House and Senate staff are still trying to work out issues with S. 1353, the Cybersecurity Enhancement Act. The Senate Commerce Committee was said to have reached a compromise with the House Science Committee on a substitute to the bill. The substitute merges the Cybersecurity Act (S.1353), which passed the Senate Commerce Committee, and the House-passed Cybersecurity Enhancement Act (HR 756).
The compromise has the Senate bill number S. 1353, but takes the House bill title “the Cybersecurity Enhancement Act.” The compromise adds several priority sections from HR 756 (sections 4, 203, 204, 501, 502, 503, and 504 of the substitute), as well as merges some sections of the two bills that overlapped (sections 201, 302, and 401). A number of other small technical changes were also made. There are new concerns about the cost of the bill, so movement has stalled.
The House plans to adjourn by the end of the week for the remainder of the year, so the window for action in this Congress is closing. Regardless, this late surge of action on these incremental, non-controversial cyber measures bodes well for a quick start early next year on continuation of these cyber priorities and others.