Proposed US Cybersecurity Legislation considered Pro-Security and Pro-Privacy
A new US cibersecurity law, H.R. 3696, has passed in the House of Representatives and goes on to the US Senate for a vote. The proposed law is considered a pro-security and pro-privacy measure, and would require the National Institute of Standards and Technology (NIST) to work closely with the Department of Homeland Security (DHS) and with critical infrastructure sector councils and others in order to establish new cybersecurity practices and procedures. DHS officially recognizes 16 critical infrastructure sectors. A key element of this bill is that it would prevent DHS from using cyber threat information, «to engage in the monitoring, surveillance, exfiltration or other collection activities» to track down an individual’s personal information. That makes H.R. 3696 one of the strongest cybersecurity bills in regards to personal privacy. The bill requires federal agencies to notify all potential victims of a data breach involving their personal information “without unreasonable delay consistent with the needs of law enforcement.” When the eBay breach was reported, some members received notifications for them to change their password as late as a week after the breach was reported in the news media. Additionally, HR 3696 would establish an equal partnership between industry and DHS so that DHS can work with industry-led organizations to speed up critical infrastructure security and incident response. The bill prevents DHS from obtaining new cybersecurity regulatory authority that imposes on the private sector. Highlights of the Bill include:
- Strengthen the National Infrastructure Protection Plan, a public-private partnership in place since 2003.
- Ensure that Cyber Incident Response Teams voluntarily provide timely technical assistance with recommendations on cyber threats to critical infrastructure owners/operators.
- Frequent updates of the National Cybersecurity Incident Response Plan with disclosures to authorities at the federal, state, local governmental level and private-sector leaders.
- Allow private organizations to voluntarily submit their cybersecurity procedures to the government in order to secure additional liability protections in case of a qualifying cyber-attack or breach.
The bill faces obstacles in the US Senate due to distinct differences between Senate and House leaders on cybersecurity policy. The Senate sees cybersecurity through a comprehensive bill, where the House of Representatives prefers narrowly-focused bills. While we wait for a vote in the Senate version of the bill, the administration has moved forward with a new guide The U.S. government is taking new steps to ward against cyber piracy and launched a guide to cybersecurity for companies and business owners take steps to protect their computer systems. President Barack Obama said in a statement, “Hacking attacks are one of the national dangers facing the United States.» President Obama signed an executive order calling for the creation of a framework on best practices in cybersecurity. This framework would be a joint effort with government officials and private sector technology experts and academic cybersecurity experts. REALSEC is delighted to see significant public sector-private sector partnerships when it comes to new legislation for cybersecurity.