After a prolonged debate and months-long consideration of amendments, the Senate has passed S. 754, which includes the Cybersecurity Information Sharing Act (“CISA”) of 2015, by a vote of 74-21. CISA has the support of the White House and many industry stakeholders, but some of the most well-recognized privacy advocacy organizations oppose it. The House of Representatives must now decide whether to pass CISA or work with the Senate on compromise legislation that incorporates the House cybersecurity information sharing bills, H.R. 1560 and H.R. 1731. It remains to be seen what form the final cybersecurity information sharing bill will take, but the Senate’s overwhelming vote for CISA suggests that the chances for overall passage are stronger than ever.
President Obama today addressed cybersecurity for the second time in as many days in a speech at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). Early this morning, the White House announced a February 13 Summit on Cybersecurity and Consumer Protection and released further details on several initiatives to promote cybersecurity information sharing between the private sector and government. The President then convened a meeting with congressional leaders in which he discussed cybersecurity issues. Speaking about his cooperation with House Speaker John Boehner (R-OH) and Senate Majority Leader Mitch McConnell (R-KY), the President noted “I think we agreed that this is an area where we can work hard together, get some legislation done and make sure that we are much more effective in protecting the American people from these kinds of cyber attacks.” Today’s developments follow the President’s address to the Federal Trade Commission (FTC) yesterday, in which he announced a legislative proposal on national data breach reporting and emphasized the importance of student and consumer privacy. Together, these events provide a preview of initiatives that the President is expected to highlight during his State of the Union address on January 20.
Government officials emphasized the importance of risk analysis and risk management in safeguarding PHI at the Seventh Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 23–24, 2014, and co-hosted by the National Institute of Standards and Technology and the Department of Health and Human Services, Office for Civil Rights. The conference’s themes—which include risk analysis and risk management, information sharing, and upcoming OCR enforcement efforts—highlighted how HIPAA regulated entities should approach cybersecurity considerations and compliance with the HIPAA Security Rule.
On April 10, 2014, the Department of Justice and Federal Trade Commission issued a joint policy statement on the antitrust implications of sharing cybersecurity information to help facilitate the flow of cyberintelligence throughout the private sector. The statement addresses the long-standing concern that sharing cyberintelligence may violate antitrust law under certain circumstances and explains the analytical framework for such arrangements to make it clear that legitimate cyberintelligence exchanges will not raise antitrust issues.
On April 18, the US House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 624, which would enable companies to share information about cyber threats while benefiting from certain liability protections. The bill passed despite a White House threat earlier this week to veto the bill. The vote was 288-127, with 196 Republicans and 92 Democrats in […]
Development of the new Cybersecurity Framework is now in full swing. President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity (which we previously covered) calls on NIST to lead the development of a Cybersecurity Framework that will provide “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address […]
On February 12, President Obama signed an Executive Order on “Improving Critical Infrastructure Cybersecurity,” and then referenced the Order and the need for additional congressional action during the State of the Union address on the same day: America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate […]
Noting that security incidents affecting information systems “are becoming bigger, more frequent, and more complex,” and that the majority of respondents to its consultation on the topic reported having experienced such an incident in the past year, today the European Commission released a proposal for a Directive “concerning measures to ensure a high common level […]
Cybersecurity is on the 113th Congress’ agenda given recent developments in the U.S. Senate. Today Senator Rockefeller, Chairman of the Commerce Committee, released a staff memorandum presenting the responses his office received to his September 2012 letter regarding cybersecurity practices. The letter, which we discussed in a previous post, went to the CEOs of every Fortune 500 company and requested responses to eight questions […]
Michael Scheimer, an associate in the Government Contracts group, contributed to this entry. The National Defense Authorization Act for Fiscal Year 2013 (NDAA FY 13) has recently emerged from the congressional conference committee formed to reconcile the House and Senate versions of the bill. The compromise bill (HR 4310 – H Rept 112-705), which both […]