President Signs Critical Cyber Security Bills into Law

WASHINGTON – President Obama signed into law Thursday four bipartisan bills that will modernize, strengthen, and improve our nation’s cyber security defenses. The measures are the first major cyber security bills to become law in several years.

The bills – now law – reflect the work of Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.) and Ranking Member Tom Coburn (R-Okla.); House Homeland Security Committee Chairman Michael McCaul (R-Tex.), Ranking Member Bennie G. Thompson (D-Miss), and Subcommittee Chair Patrick Meehan (R-Pa.) and Ranking Member Yvette Clarke (D-NY); and House Oversight and Government Reform Chairman Darrell Issa (R-Calif.) and Ranking Member Elijah Cummings (D-Md.).

Chairman Tom Carper (D-Del.), Senate Homeland Security and Governmental Affairs Committee: “The President took a historic step in bolstering our national security by signing four cyber security bills into law. These measures make significant strides to modernize our nation’s cybersecurity defenses and help the public and private sectors work together to tackle cyber threats more effectively. I’d like to thank my colleagues in the Senate and House, particularly my Ranking Member Dr. Coburn and his staff, for their tireless efforts and dedication. While we’ve made progress, we cannot end our efforts now. The threat is too great and continues to grow. Cybersecurity remains a top priority for me in the 114th Congress, and I will continue to work with my colleagues on both sides of the aisle on additional measures to enhance our nation’s cybersecurity efforts.”

Ranking Member Tom Coburn (R-Okla.), Senate Homeland Security and Governmental Affairs Committee: “Our nation faces serious cybersecurity threats, including foreign nations and other adversaries that continue to compromise our networks and steal the America people’s sensitive information. These bills will help the nation address these threats. Updating the law for federal information security will ensure that agencies are accountable to Congress and the public for data breaches. Codifying the NCCIC will require DHS to improve its programs for assisting the private sector and sets the stage for future legislation to provide liability protection for sharing cyber threat information. I thank and applaud Chairman Carper for his dedication and leadership.”

Chairman Michael McCaul (R-Tex.), House Homeland Security Committee: “With these bills we have laid the foundation for the fight against cyber-attacks and I am please the president has signed them into law. Every day Americans’ private information is lost, money is stolen, sensitive information is leaked and vital systems are disrupted in data breaches. But as we have seen with the Sony hack, cyber-attacks can be more than just theft – they can destroy. These bills are an important step in the right direction to protecting our vital networks, but there is more work to be done. Cybersecurity will be a top focus of my committee next Congress and I look forward to working with my colleagues in the House and Senate on a renewed effort.”

Ranking Member Bennie G. Thompson (D-Miss), House Homeland Security Committee: “At the beginning of this Congress, expectations were high for some legislative action in the area of cybersecurity. It has taken some time to get here but what we have before us is something solid that sets forth what DHS must do, as the lead civilian agency for cybersecurity. With this cybersecurity legislation, simply put, we will raise the level of cybersecurity, particularly within the Federal government and protecting our nation’s critical infrastructure. I want to thank my colleagues in the House and Senate, both Democrat and Republican, for pushing hard to get this legislation passed.”

Chairman Patrick Meehan (R-Pa.), House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies: “This legislation is the first significant cyber legislation in a decade and among the most important legislation that has been passed this Congress. Cyberattacks against government agencies, corporations and consumers have grown exponentially over the past year, and losses from these breaches have reached into the billions of dollars. Cyber capabilities of our adversaries — both states and non-state actors — continue to grow and outpace our efforts to defend against them. This legislation is a major achievement to improve our nation’s cybersecurity defenses, improve coordination between government and private sector and protect the personal data of millions of American consumers.”

Ranking Member Yvette Clarke (D-NY), House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies: “For the Department of Homeland Security to be effective in its cybersecurity mission, it must have a workforce in place to meet this challenge. The legislation the President signed includes language I included to help ensure that DHS has the ‘boots-on-the-ground’ it needs to meet its diverse cybersecurity mission by requiring it to develop and issue a comprehensive workforce strategy. I would like to thank my colleagues for their support and the spirit of collaboration they have shown this Congress.”

Ranking Member Elijah Cummings (D-Md.), House Oversight and Government Reform Committee: “The increasing number of cyber-attacks is unprecedented and poses a clear and present danger to our nation and our citizens, and together these laws are a critical first step toward addressing this growing threat. The Federal Information Security Modernization Act in particular will help ensure that federal agencies take a smart, risk-based approach to securing their networks.”

The following measures were enacted:

The National Cybersecurity Protection Act of 2014 (S. 2519) will codify the existing cybersecurity and communications operations center at the Department of Homeland Security (DHS), known as the National Cybersecurity and Communications Integration Center. It calls on the  Center to serve as a federal civilian information sharing interface for cybersecurity. The new law will authorizes the Center’s current activities to share cybersecurity information and analysis with the private sector, provide incident response and technical assistance to companies and federal agencies, and recommend security measures to enhance cybersecurity. The law was originally introduced as the National Cybersecurity and Communications Integration Center Act of 2014 by Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del.) and Ranking Member Tom Coburn (R-Okla.). House Homeland Security Committee Chairman Michael McCaul (R-Tex.), Ranking Member Bennie G. Thompson (D-Miss.), Subcommittee Chairman Patrick Meehan (R-Pa.) and Ranking Member Yvette Clarke (D-NY) introduced a bill with similar provisions in the House of Representatives.

The Federal Information Security Modernization Act of 2014 (S. 2521), introduced by Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.) and Ranking Member Tom Coburn (R-Okla.), which updates the Federal Information Security Management Act of 2002 to better protect federal agencies from cyber attacks. The newly enacted law, which updates a 12-year-old law to meet the federal government’s current cybersecurity needs, establishes real-time monitoring of federal computer networks, and enhances oversight of federal data breaches.

The Border Patrol Agent Pay Reform Act of 2013 (S. 1691) included language from Senator Carper’s DHS Cybersecurity Workforce Recruitment and Retention Act, which will help the Department of Homeland Security recruit and retain cyber professionals who are in high demand across the government and private sector. The newly enacted law will help address critical challenges that the Department faces in hiring and retaining cybersecurity professionals by providing the Secretary of Homeland Security hiring and compensation authorities for cybersecurity experts like those of the Secretary of Defense. House Homeland Security Committee Chairman Michael McCaul (R-Tex.), Ranking Member Bennie G. Thompson (D-Miss.), Subcommittee Chairman Patrick Meehan (R-Pa.) and Ranking Member Yvette Clarke (D-NY) introduced a bill with similar provisions in the House of Representatives.

The Cybersecurity Workforce Assessment Act (H.R. 2952) will examine where critical cyber positions are located within the Department, the Department’s readiness and capacity to meet its cyber missions, and the types of positions. The goal of the strategy will be to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce, and will include a recruitment and implementation plan. The bill was originally introduced by House Homeland Security Subcommittee Chairman Patrick Meehan (R-Pa.) and Ranking Member Yvette Clarke (D-NY).