With a lame duck session pending, Congress may address a number of cybersecurity and data security issues before the end of the calendar year. Since it passed the “Cybersecurity Act of 2015,” Congress has been addressing cybersecurity issues in a piecemeal fashion rather than crafting major legislation. While it is highly unlikely that Congress would legislate on a national data security standard or privacy regime — particularly in light of the Democrats flipping the House — a number of bills could move now that the mid-term elections are behind us. Here, I provide a summary of the most significant of the cybersecurity-related bills that Congress could grab off the shelf during the lame duck.
To date, Congress has passed a number of cyber-related bills the president has signed into law. For example, the “John S. McCain National Defense Authorization Act for Fiscal Year 2019” is replete with defense-oriented cybersecurity and supply chain provisions, including language restricting the federal government’s use of Huawei and ZTE products and services. Congress also passed a relatively minor cybersecurity bill, the “NIST Small Business Cybersecurity Act” (S.770), which directs the National Institute of Standards and Technology (NIST) to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
Just this week, the House sent a bill to the White House that would reorganize and rename the National Protection and Programs Directorate (NPPD). The Senate pinged its version of the “Cybersecurity and Infrastructure Security Agency Act of 2018” (H.R. 3359) to the House in early October, and the House agreed to this bill by unanimous consent on November 13. This bill would establish a new agency, the Cybersecurity and Infrastructure Security Agency, within the Department of Homeland Security (DHS) that combines NPPD with other existing DHS components. The new agency would be led by a Senate-confirmed director and consist of a Cybersecurity Division, an Infrastructure Division, and an Emergency Communications Division.
However, other bills could pass in the current lame duck session. In September, the House passed four cyber-related bills that demonstrate the scope of bills more likely to be enacted provided the Senate takes up these bills:
(Via Just Security)
Read on to get all the details. Vigilance will be needed.