With less than two weeks left until the 114th
Congress ends on January 3rd, 2017 it is a good time to look at the
record of this session of Congress to see how much work was accomplished in the
legislative arena on cybersecurity issues. While I would like to be able to
focus just on control system security issues, there were very few bills that focused
on, or even mentioned, that topic. So for this post I will focus on general
cybersecurity issues while ignoring strictly breach notification bills and
cybersecurity bills that focused on government IT issues.
House
Members of the House introduced 38 bills that addressed
cybersecurity issues and passed 17 of those bills. Sixteen of those bills did
not make it to consideration in the Senate. Those sixteen bills were:
HR 1073 - Critical
Infrastructure Protection Act;
HR 1560 - Protecting
Cyber Networks Act;
HR 3586 - Border
and Maritime Coordination Improvement Act – Includes cybersecurity;
HR 3878 - Strengthening
Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015;
HR 4909 - National
Defense Authorization Act for Fiscal Year 2017 – Includes cybersecurity;
HR 5293 - Department
of Defense Appropriations Act, 2017 – Includes cybersecurity;
HR 5388 - Support
for Rapid Innovation Act of 2016 – Includes cybersecurity;
HR 5389 - Leveraging
Emerging Technologies Act of 2016 – Includes cybersecurity;
HR 5459 - Cyber
Preparedness Act of 2016;
HR 6393 - Intelligence
Authorization Act for Fiscal Year 2017 – Includes cybersecurity;
Note that six of those sixteen bills were not principally
cybersecurity bills, but did include significant cybersecurity provisions. This
was the first session of congress to include cybersecurity measures in other
bills (excluding authorization and appropriations bills).
The one House bill with cybersecurity provisions that did
make it to the President’s desk was HR 2029. That was the Consolidated
Appropriations Act of 2016 (PL
114-113) and it included the Cybersecurity
Act of 2015. This was the long awaited information sharing bill that
Congress had been trying to pass for the last six years in one form or another.
Senate
With less than a quarter of the members of the House the
Senate still introduced 22 cybersecurity related bills in the 114th
Congress. Only two of those bills passed and one (FY 2016 NDAA – PL 114-92)
made it to the President’s desk for signature.
S 1356 - National
Defense Authorization Act for Fiscal Year 2016 – Includes cybersecurity;
It should be noted that portions of S 754 made it into the
Cybersecurity Act of 2015 as did portions of HR 234, the Cyber
Intelligence Sharing and Protection Act, which saw no formal action in the
House.
115th Congress
With the amount of press coverage of cybersecurity issues in
the recent presidential election (not so much in the realm of policy
discussions from the campaigns) it is easy to guess that cybersecurity will
remain a topic of concern in the 115th Congress. It is hard to
imagine that the Republican controlled Congress will do much to require the
regulation of cybersecurity in the private sector, but I do suspect that we
will see continued interest in information sharing from federal agencies to the
private sector.
There will be continued discussion in the military and
intelligence appropriations and authorization bills about the role of cyber
retaliation for attacks on Federal agencies and major societal institutions.
Posts
No comments:
Post a Comment