On July 28, 2014, the U.S. House of Representatives (“House”) passed three cybersecurity bills, the National Cybersecurity and Critical Infrastructure Protection Act of 2014 (H.R. 3696) (“NCCIP Act”), the Critical Infrastructure Research and Development Advancement Act (H.R. 2952) (“CIRDA Act”), and the Homeland Security Cybersecurity Boots-on-the-Ground Act (H.R. 3107) (“Boots-on-the-Ground Act”) with broad bipartisan support.

The NCCIP Act was introduced in December 2013 and is the most significant of the three measures.  As we noted at the time, the bill focuses primarily on strengthening the authorities of the Department of Homeland Security (“DHS”).  Under the provisions of the bill as passed by the House, the Secretary of DHS would have broad responsibilities for the protection of critical infrastructure (“CI”) from cyber threats.  Specifically, the Secretary would be charged with facilitating “a national effort to strengthen and maintain secure, functioning and resilient critical infrastructure” by seeking “industry-specific expertise” to “identify and disrupt threats” and providing “education and assistance” to CI owners and operators who request them.

The bill also promotes several avenues for public-private collaboration to protect CI, organized by sector.  To effectuate this collaboration, the Secretary of DHS would be directed to designate different sectors of critical infrastructure, such as communications, financial services, information technology, and transportation systems.  DHS would then interact with private sector entities on a sector-specific basis through designated federal agencies and “coordinating councils.”  The sector-specific coordinating councils would be designed to “reflect the unique composition of each sector” and would include critical infrastructure owners, operators, private sector entities and trade associations.  Government entities with any “regulating authority” would be prohibited from being members of the coordinating councils.  The bill would also direct DHS, in collaboration with the relevant coordinating council, to recognize at least one Information Sharing and Analysis Center (“ISAC”) for each CI sector, to help promote information sharing along with each coordinating council.  The bill would codify the National Cybersecurity and Communications Integration Center (“NCCIC”) within DHS to promote “ongoing multi-directional sharing” of cyber threat information among federal government entities and between such entities and the private sector, including through ISACs, the coordinating councils, the U.S. Computer Emergency Readiness Team, and other stakeholders.

The NCCIP Act bill would also codify the establishment of Cyber Incident Response Teams within DHS, which would be available to provide crisis management support to critical infrastructure owners and operators on request.  In addition, the NCCIP Act also amends and expands the SAFETY Act, 6 U.S.C. §§ 441-444, which currently affords some liability protections to companies who provide qualified anti-terrorism technologies following a traditional terrorist attack.  Under the bill, these liability protections would expanded to include qualified cybersecurity technologies in the event of a range of cyberattacks (to be further defined by the Secretary of DHS), even if wholly unconnected to terrorism.

The second bill passed by the House, the CIRDA Act, would further enhance DHS’s authority to protect CI by mandating that DHS develop and update a plan for research and development of cybersecurity technologies for the protection of critical infrastructure.  The plan would be developed with stakeholders, including sector-specific coordinating councils, and focus, among other things, on identifying risks and technology gaps and prioritizing security technology needs to address such risks and gaps.  The bill also would require DHS to report to Congress on, among other things, those aspects of critical infrastructure protection that are predominately operated by the private sector and that would most benefit from rapid security technology advancement.  The bill would also expand DHS’s Technology Clearinghouse, established pursuant to 6 U.S.C. § 193, to promote “rapidly sharing proven technology solutions for protecting critical infrastructure.”

Finally, the third bill passed by the House, the Cybersecurity-Boots-on-the-Ground Act, is focused largely on improving the DHS cyber work force.  It directs the Security of DHS to “assess the readiness and capacity” of the DHS workforce “to meet its cybersecurity mission.”  To this end, the bill requires the Secretary to establish uniform cybersecurity occupation classifications, assess the cybersecurity workforce, and develop a strategy to develop and recruit cybersecurity employees.

The three bills now proceed to the U.S. Senate for further consideration.

This post can also be found on InsidePrivacy, the firm’s blog on developments in global privacy and data security.

Tags: Boots On The Ground, CIRDA, cybersecurity, NCCIC, NCCIP, SAFETY Act
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Fagan David Fagan

David Fagan co-chairs the firm’s top ranked practice on cross-border investment and national security matters, including reviews conducted by the Committee on Foreign Investment in the United States (CFIUS), and is a partner in the firm’s data privacy and cybersecurity practice.

David has…

David Fagan co-chairs the firm’s top ranked practice on cross-border investment and national security matters, including reviews conducted by the Committee on Foreign Investment in the United States (CFIUS), and is a partner in the firm’s data privacy and cybersecurity practice.

David has been recognized by Chambers USA and Chambers Global for his leading expertise on bet-the-company CFIUS matters and has received multiple accolades for his work in this area, including being named The American Lawyer’s Dealmaker of the Year three times. His work includes successfully securing three of the four Presidential approvals in the history of CFIUS; securing the only Presidential order protecting a client against a proposed hostile takeover; and negotiating the only “golden share” the U.S. government has taken in a U.S. company. Clients laud him for “[seeing] far more matters than many other lawyers,” his “incredible insight,” and “know[ing] how to structure deals to facilitate regulatory reviews” (Chambers USA).

For more than two decades, David has handled transactions for clients across every sector subject to CFIUS review, including some of the most sensitive and complex matters that have set the template for CFIUS compliance and security agreements in their respective industries. He is also routinely called upon to rescue transactions that encounter challenges in CFIUS; provide strategic counsel to clients on navigating and addressing U.S. national security considerations in commercial transactions; and negotiate solutions with the U.S. government, including equity arrangements, that protect national security interests while preserving shareholder value and U.S. business interests.

In the enforcement area, David has represented clients in numerous enforcement actions pursued by CFIUS, including two of the three largest penalty cases resolved with CFIUS.

Reflecting his experience on complex U.S. national security matters intersecting with China, David is regularly engaged by the world’s leading multinational companies to advise on emerging legal issues, including outbound investment restrictions and regulations governing information and communications technologies and services (ICTS), as well as strategic legal projects related to the evolving U.S.-China competitive landscape.

In addition, in the foreign investment and national security area, David routinely advises clients on matters requiring mitigation of foreign ownership, control, or influence (FOCI) under applicable national industrial security regulations. His work includes advising many of the world’s leading aerospace and defense companies and private equity firms, as well as telecommunications transactions subject to public safety, law enforcement, and national security review by Team Telecom.

Read more about David FaganEmail
Show more Show less