Earlier this week, both chambers on Capitol Hill took steps that would increase the Department of Homeland Security’s (DHS) role in the area of cybersecurity.  On the Senate side, the Senate Homeland Security and Governmental Affairs Committee approved a DHS reauthorization bill that included amendments to rename and reorganize the DHS National Protection and Programs Directorate (NPPD), to increase protections for certain personally identifiable information (PII), and to emphasize the need for cybersecurity research.  On the House side, the House Homeland Security Committee approved the Cyber Incident Response Teams Act, which would establish teams within DHS devoted to cyber incident response.

Department of Homeland Security Reauthorization Bill

On March 7, the Senate Homeland Security and Governmental Affairs Committee approved H.R. 2825, which, if enacted into law, would be the first reauthorization of DHS since it was created in response to the September 11 attacks.  The Senate version of the bill added a number of cybersecurity related amendments.  Under one amendment, the NPPD would be renamed and reorganized as the Cybersecurity and Infrastructure Security Agency.  Among its enumerated responsibilities, this Agency would “lead cybersecurity and critical infrastructure security programs, operations, and associated policy for the Agency, including national cybersecurity asset response activities” and carry out its “cybersecurity and critical infrastructure activities” in coordination with Federal and private entities.  On the Senate Committee’s website, Senator Ron Johnson (R-WI), Chairman of the Committee, is quoted as stating, “Establishing an agency within DHS to focus on cyber and infrastructure security will help DHS achieve its missions.” A second amendment would require U.S. Customs and Border Protection (CBP) to remove personally identifiable information, including social security numbers, passport numbers, and residential addresses, from any manifest signed and transmitted to the CBP before it is disclosed to the public.  Finally, a third amendment, requires the Under Secretary for Science and Technology to support “research, development, testing, evaluation, and transition of new cybersecurity technologies” and to coordinate those activities with other Federal agencies, industry, and academia.  To help spur this development, the bill also extends DHS’ authority to  award other transaction authority agreements consistent with the Department of Defense’s recent push for quicker and more flexible agreements with non-traditional contractors.

Two proposed amendments were not included in the bill but it is possible that these amendments could still find their way into the final bill.  The first amendment would have increased DHS’ role in assisting states with monitoring and addressing cybersecurity threats and vulnerabilities during their elections.  The second amendment would have clarified liability protections for cybersecurity technology developers under the SAFETY Act.  Currently, the SAFETY Act offers liability protection to sellers and users of approved anti-terrorism technologies in the event of litigation stemming from acts of terrorism.  This amendment would have extended the SAFETY Act program to cybersecurity technologies and services by granting liability protections to industry for a terrorist act or a “declared cyber incident” that is caused by malicious cyber actors.  A date has yet to be set for the full Senate to vote on the DHS reauthorization bill.  The House passed its version of the bill last July.

Cyber Incident Response Teams Act

Also on March 7, the House Homeland Security Committee unanimously approved H.R. 5074, the Cyber Incident Response Teams Act.  This Act would authorize the National Cybersecurity and Communications Integration Center within DHS to establish “cyber hunt and incident response teams.”  Such teams would be responsible for assisting “asset owners and operators in restoring services following a cyber incident,” identifying any “cybersecurity risk and unauthorized cyber activity,” and offering both “mitigation strategies to prevent, deter, and protect against cybersecurity risks” and “recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks.”  Some members of the House Committee on Homeland Security have suggested that the Cyber Incident Response Teams’ scope of assistance would also include recommendations regarding the cybersecurity of election infrastructure.

The composition of these Cyber Incident Response Teams would not be limited to just governmental employees.  Rather, the Act expressly authorizes the inclusion of “cybersecurity specialists from the private sector,” enabling DHS to rely on specialist expertise outside of the government when addressing threats and attacks.  Although the assistance is “upon request,” private companies may be reluctant to permit private sector specialists access to very sensitive information about their networks and/or a potential breach.  The Act also would require the National Cybersecurity and Communications Integration Center report every four years to the House Committee on Homeland Security and the Senate Homeland Security and Governmental Affairs Committee.  Their report will include the “total number of incident response requests received,” the “number of incident response tickets opened,” and “all interagency staffing of incident response teams,” as well as provide information regarding “interagency collaborations established to support incident response teams.”  A date has yet to be set for the full House to vote on the Cyber Incident Response Teams Act.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Raymond Biagini Raymond Biagini

A distinguished counselor and litigator, Raymond Biagini has risen to national prominence in a number of high-profile tort cases, defending commercial and government contractors.  In particular, Mr. Biagini’s cases have established key legal principles in high profile “contractor on the battlefield” tort suits. …

A distinguished counselor and litigator, Raymond Biagini has risen to national prominence in a number of high-profile tort cases, defending commercial and government contractors.  In particular, Mr. Biagini’s cases have established key legal principles in high profile “contractor on the battlefield” tort suits.  In 2002, Mr. Biagini authored the core provisions of the U.S. SAFETY Act which protects homeland security companies from enterprise-threatening tort suits arising out of terror attacks.  Mr. Biagini also has an extensive product liability prevention practice, counseling companies on mechanisms for reducing their tort exposure for products and services sold to government and commercial entities.

Photo of Susan B. Cassidy Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government…

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.