Melissa Hathaway Names 9 Cyber Bills to Watch

Melissa Hathaway

With cybersecurity becoming an increasingly visible issue, Congress has added its voice to the growing discussion with a number of bills currently pending. Melissa Hathaway, president of Hathaway Global Strategies and former cybersecurity official, recently authored a study of the pending legislation that is a must read for individuals in government and the private sector looking to operate within the cybersecurity field.

Out of the 40-odd bills at various stages in the legislative process, Hathaway finds nine bills to be the most important ones to watch. Along with a synopsis of each bill, she provides an analysis as well.

Data Breach Legislation (S. 139): This bill would make a national data breach to standardize the 46 State data breach laws. “One issue with this bill is that it would consolidate all reporting to the US Secret Service, which is not helpful for broader information sharing with industry or across government,” Hathaway writes.

Data Accountability and Trust Act (H.R. 2221): Recently voted down in the House, this bill requires ISPs to inform users when they become infected. “I believe the Comcast Denver, CO pilot program could be anticipatory market movement associated with this bill (to better understand costs),” Hathaway writes. “It will be interesting to see if this is extended to those services who may also be able to determine if there is anomalous behavior on the broader backbone. As you may know, Germany just passed a law requiring their ISPs to inform their citizens/consumers if they have been infected.”

International Cybercrime Reporting and Cooperation Act (S. 1438 and H.R. 4692): These bills, among other things, authorizes the State Department to create a cybersecurity Ambassador and “requires the President to produce an annual report to Congress providing an assessment of every country’s level of ICT utilization and development; assesses how each country’s legal, law enforcement and judicial systems address cyber crime and protect commerce and consumers,” according to Hathaway.

Cybersecurity Enhancement Act (H.R. 4061): This bill passed the House earlier this year and gives NIST additional responsibility and supports research and development in the cyber realm. “While this is non-controversial piece of legislation because it supports R&D efforts focused on identity management technologies and usability, authentication methods, and privacy, its not clear how the new office will interact with the current OSTP responsibilities,” Hathaway writes.

FISMA II (S. 921): This bill is designed to update the current FISMA guidelines which are widely seen as compliance driven. Instead, the new bill will make the guidelines performance based, based upon the tool implemented by John Streufert at the Department of State. “It also affords the department and agency chief information security officer the focus and attention it need and deserve,” Hathaway writes. “Finally, it is possible that FISMA II will address procurement reform.”

Intelligence Authorization Act (H.R. 2071): Among other things, this bill looks to strengthen Intelligence Community cybersecurity efforts.

Cybersecurity Act of 2009 (S. 773): “The bill combines audits, industry-developed and government-backed standards, increased information-sharing, and other mechanisms to bolster private sector cybersecurity,” Hathaway writes. “It establishes a Cybersecurity Advisory Panel (Presidential Level) and a National Clearinghouse for information sharing. Additionally, it extends the Scholarship for Service program (increases to 1000 scholarships) and increases the National Science Foundation’s budget for R&D.”

The Grid Reliability and Infrastructure Defense Act (H.R. 5026): “The bill amends the Federal Power Act and directs the Federal Energy Regulatory Commission to protect the electric transmission and distribution grid from vulnerabilities,” Hathaway writes. “If passed, the legislation will provide a security framework for the Smart Grid.”

Energy and Water Appropriations Act 2010 (Law): “It appropriates additional funds for Cybersecurity: $46.5 million for energy delivery cyber security, an increase of $34.5 million from 2009, to develop secure grid technologies as cyber attacks increase worldwide and the grid becomes increasingly network-connected,” Hathaway writes. “It also establishes a National Cyber Center for the grid.”

Hathaway concludes her analysis with three key recommendations which include:

Need Congressional leadership to set the legislative priorities for cybersecurity

Need to clearly articulate the direction for cybersecurity private-public engagement and responsibilities

Need broad-based awareness and education campaign for the U.S. population and other like-minded nations

You can read the full report here

You may also be interested in...

GSA Eyes ‘On-Ramp’ Solicitation for OASIS Small Business IDIQ’s Six Subpools

The General Services Administration has announced plans to issue a solicitation as an on-ramp for the six subpools of the One Acquisition Solution for Integrated Services Small Business contract vehicle. GSA’s Federal Acquisition Service said in a presolicitation notice published Friday that it expects to award 30 contracts for subpool 1, 20 contracts for subpool 3 and eight each for subpools 2, 4, 5B and 6 of the OASIS SB indefinite-delivery/indefinite-quantity contract.

SSL to Design Methane Emission Detection Satellite; Richard White Quoted

Maxar TechnologiesSSL subsidiary has received a contract from Environmental Defense Fund to design and define requirements for a small satellite designed to detect and monitor methane emissions from oil and gas facilities worldwide. MethaneSAT is a small form-factor satellite that will work to provide high-resolution images to help detect and measure low- and high-emission sources in regions that constitute more than 80 percent of global production of oil and gas per week, Maxar said Thursday

Booz Allen’s Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project

Sarah St. Clair, vice president responsible for human resource services at Booz Allen Hamilton, told Diginomica in an interview published Tuesday about the company’s experiences and efforts to address challenges associated with upgrading its HR technology system. St. Clair discussed Booz Allen’s move to execute the Workday project to manage recruitment operations and mentioned some of the actions the company made to mitigate negative impacts associated with project implementation.