Senate Passes DHS-Centric Cybersecurity Bill
The Senate passed the Department of Homeland Security-centric National Cybersecurity Protection Act (S-2519) by unanimous consent Wednesday. The bill codifies DHS’s current cybersecurity role, primarily via the department’s National Cybersecurity and Communications Integration Center (see 1412080071). Senate passage of the bill is “critical” for DHS to continue to build “strong relationships with businesses, state and local governments, and other entities across the country so that we can all be better prepared to stop cyber attacks,” said Senate Homeland Security Committee Chairman Tom Carper, D-Del., in a statement.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The House is likely to sign off on S-2519, which included some language from the House-passed National Cybersecurity and Critical Infrastructure Protection Act (HR-3696), an industry lobbyist told us. A second cybersecurity bill, the Federal Information Security Modernization Act (S-2521), passed the Senate Monday (see 1412090040). It's likely to face continued opposition in the House, the lobbyist said. That bill primarily updates the existing Federal Information Security Management Act but differs from a House-passed version of the bill (HR-1163).
S-2519 didn’t include language from HR-3696 that would have amended the Support Anti-terrorism by Fostering Effective Technologies (Safety) Act of 2002 to let companies seek liability protections for sharing cybersecurity information with DHS. That provision was the last chance for improving cybersecurity information sharing during the 113th Congress given that the controversial Cybersecurity Information Sharing Act (S-2588) stalled in the Senate, the industry lobbyist said. Senate Homeland Security ranking member Tom Coburn, R-Okla., said in a statement that S-2519 “sets the stage for future legislation for cyber security information sharing that includes liability protections for the private sector.”
“I’m surprised they passed anything to do with cybersecurity,” said former FCC Public Safety Bureau Chief Jamie Barnett, a telecom and cybersecurity lawyer at Venable. “I just didn’t think it was going to happen, so this a step forward.” S-2519 and S-2521 are two of the few cybersecurity bills the Senate passed during the 113th Congress. S-2519 “isn’t as far-ranging a cyber bill as we could have hoped for, but there’s a greater likelihood that we’ll see more out of the 114th Congress,” Barnett said. Absent better liability protections, tax incentives or another form of incentive, “I don’t think we can really expect major jumps in cybersecurity that have to occur in the private sector,” he said.