The federal government today released a framework for cybersecurity meant for voluntary adoption within the private sector while acknowledging that work remains to be done in constructing incentives for adoption, and within the framework itself. Framework development has been a year-long effort under the tutelage of NIST, which received a mandate through an cybersecurity executive order.
The House Homeland Security Committee approved by unanimous voice vote a cybersecurity bill that would codify the Homeland Security Department's role in federal cybersecurity and require it to work with the private sector on securing critical infrastructure.
The Homeland Security Department will update its emergency services sector plan by the end of this year to include the need for security protections for the cyber attack-vulnberable NG9-1-1 and FirstNet national public safety broadband network.
The final draft of the critical infrastructure cybersecurity framework under development by the National Institute of Standards and Technology for nearly a year will not include a separate appendix for privacy controls. In the place of a dedicated privacy appendix, NIST will incorporate an alternative methodology first developed (.pdf) by Hogan Lovells partner Harriet Pearson.
The omnibus appropriations bill that the House and Senate both passed this week would provide $190 million toward the consolidation of the Homeland Security Department headquarters, much less than the Obama administration requested.
A House Homeland Security subcommittee approved by unchallenged voice vote a critical infrastructure cybersecurity bill, adding in the process several amendments – one of which could generate opposition to an otherwise bipartisan bill.
Legislation proposed by Sen. Patrick Leahy (D-Vt.) would make it an explicit felony to damage critical infrastructure systems or information, with violators subject to three to 20 years imprisonment. Leahy's bill comes as the House prepares to vote Friday on two healthcare data related bills that both passed through the House Rules Committee on Wednesday.
A revised National Infrastructure Protection Plan issued by the Homeland Security Department in late December places greater emphasis on security and resilience than its predecessor from 2009.
A bipartisan cybersecurity bill introduced Wednesday by members of the House Homeland Security Committee would codify the department's existing governmentwide civilian agency cybersecurity duties and require it to analyze its current public-private partnership model with critical infrastructure sectors to ensure that owners and operators "are equal partners and regularly collaborate on all programs and activities" of DHS to protect critical infrastructure.
The Homeland Security Department took first public steps in development of a research and development strategy for strengthening the security and resilience of critical infrastructure in the Dec. 5 solicitation of public comment.