The House of Representatives Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies has passed a bill to bolster provisions to protect the nation’s critical infrastructure, moving it one step closure to full consideration.
The National Cybersecurity and Critical Infrastructure Protection Act of 2013 (NCCIP), which enjoys bipartisan support, amends the Homeland Security Act of 2002 to include oversight of DHS’s cybersecurity operations, and encourage public-private partnerships in threat intelligence sharing.
“HR 3696 strengthens our cyber defenses by bolstering and providing oversight of DHS’s cybersecurity mission, fostering collaborative public-private partnerships, while also ensuring privacy and civil liberties are protected,” a joint statement from committee members said.
“We are greatly encouraged by the strong bipartisan support of the NCCIP Act, as well as the many endorsements it has received from both industry and privacy advocates, and we look forward to moving this legislation to the House floor.”
The NCCIP Act:
- Prohibits new regulatory authority at the Department of Homeland Security (DHS) and is budget neutral;
- Codifies and strengthens the National Cybersecurity and Communications Integration Center (NCCIC), a federal civilian, transparent interface to facilitate real-time cyber threat information sharing across critical infrastructure sectors;
- Establishes an equal partnership between private industry and DHS, and ensures that DHS properly recognizes industry-led entities to facilitate critical infrastructure protection and incident response;
- Codifies and strengthens the successful aspects of the National Infrastructure Protection Plan (NIPP), a public-private partnership framework that has been supported by the private sector since 2003;Codifies the Cyber Incident Response Teams to provide timely technical assistance, crisis management, and actionable recommendations on cyber threats to critical infrastructure owners and operators on a voluntary basis;
- Ensures that the National Cybersecurity Incident Response Plan is regularly updated and exercised in coordination with federal, state, local, and private sector stakeholders;
- Codifies DHS operational information security activities to protect and ensure the integrity and resiliency of all federal civilian information systems and networks (.gov); and
- Amends the SAFETY Act to establish a threshold for qualifying cyber incidents so private entities can voluntarily submit their cybersecurity procedures to the SAFETY Act Office to gain additional liability protections in the event of a qualifying cyber incident.
“Our top national security experts agree that the threat of cyber attacks on our nation’s critical infrastructure will soon be the top national security threat,” subcommittee chairman Patrick Meehan said.
“The NCCIP Act will allow us to face the cyber threat head on. The bill will help us responsibly coordinate our cyber defenses and strengthen their civilian leadership while protecting Americans’ privacy and civil liberties.”
Cross posted from Tripewire's The State of Security blog.