In late July, the Senate Commerce, Space and Transportation Committee favorably reported a bipartisan bill (S. 1353, the Cybersecurity Act of 2013) to improve cybersecurity in the United States by encouraging the private and public sectors to collaborate on standards, guidelines, and best practices. The bill, sponsored by Senators Jay Rockefeller (D-WV) and John Thune (R-SD), also increases research and development for the design and testing of software, upgrades education for the workforce and students so they will be better prepared to stimulate and support innovation in cybersecurity, and promotes a national cybersecurity awareness campaign.
Of interest to records and information managers, the legislation directs the Office of Science and Technology Policy (OSTP) to develop, and update triennially, a federal cybersecurity research and development plan to meet cybersecurity objectives, including how to protect information stored using cloud computing or transmitted through wireless services. It also establishes National Science Foundation research and development grants for secure wireless networks, mobile devices, and cloud infrastructure. As more and more organizations turn to cloud computing as a low-cost alternative to in-house data management, policymakers are increasingly concerned about cybersecurity exposures and the protection of sensitive information.
S. 1353 builds upon the president’s February 12, 2013, Executive Order on improving critical cybersecurity infrastructure, which called on the National Institute of Standards and Technology (NIST) to develop and implement a national cybersecurity framework that consists of consensus-based voluntary standards designed to “be compatible with existing regulatory authorities and regulations.” However, legislation is needed by Congress to address other critical priorities. This includes sharing threat information and technical expertise between the government and private sector and across sectors by increasing access to intelligence information and providing a clear and predictable legal framework for sharing information, with appropriate liability and antitrust protections for those acting within the framework.
The House of Representatives passed legislation (H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013) on April 18 to address these priorities. The full Senate is expected to consider S. 1353 before the end of the year.
To read the American Bankers Association’s comment letter, click here.