Congress finally passed the Cyber Security Protection Act this month, amending the Homeland Security Act of 2002 to modernize cybersecurity measures for the 21st century. Four things you need to know about the sweeping legislation:
- A bolstered security hub
The legislation codifies the Department of Homeland Security’s National Cybersecurity and Communication Integration Center (NCCIC) and officially authorizes the center’s role to coordinate cybersecurity efforts between Federal, state, local, and private entities.It also authorizes the NCCIC’s current activities to share cybersecurity information and analysis with the private sector, provide incident response and technical assistance to companies and Federal agencies, and recommend security measures to enhance cybersecurity, according to the Senate Committee on Homeland Security and Governmental Affairs.“By codifying DHS’s cyber security information sharing center, this bill sets the stage for future legislation for cyber security information sharing that includes liability protections for the private sector,” Sen. Tom Coburn, R-Okla., told the National Journal.
- A win for the private sector
The legislation aptly arrives as industry groups are demanding legal protection for companies sharing sensitive cyber information with government agencies, such as the NSA and the OMB.The bill will enhance the ability of the DHS to work with the private sector on cybersecurity threats, vulnerabilities, and defense measures. Explicit language in the bill allows the DHS to provide assistance to the private sector to identify vulnerabilities and restore their networks after an attack.
- Improved information sharing for all
The NCCIC provides a platform for the government and private companies to share data regarding cybersecurity threats. The NCCIC must include representatives of Federal agencies, state and local governments, and private sector owners and operators of critical information systems, according to the National Law Review. The NCCIC receives cyber information from multiple government and industry sources, and then disseminates information on specific cyber threats back to those partners.The bill “bolsters our nation’s cybersecurity while providing the Department with clear authority to more effectively carry out its mission and partner with private and public entities,” Tom Carper D-Del., Chairman of the Senate Committee on Homeland Security and Governmental Affairs, told the National Journal.
- Better late than never
“The bill is more than overdue,” Carper’s office said, noting that ”cyber-attacks reported by Federal agencies have increased by nearly 680 percent over the past six years, according to a recent study by the Government Accountability Office [GAO].