A Closer Look at Cybersecurity Legislation

In 2011, President Obama issued the Cybersecurity Legislative Proposal to give the private sector and government the tools needed to combat cyber threats. Congress failed to pass cybersecurity legislation, but the administration issued an executive order to protect critical infrastructure by establishing baseline cybersecurity standards.

In 2014, President Obama announced a new Cybersecurity Legislative Proposal to address the challenges of information sharing that included revisions to the 2011 legislative proposal. The updated proposal includes:

  • Cybersecurity Legislative Proposal Enabling Cybersecurity Information Sharing
    These provisions promote cybersecurity information sharing between the private sector and government—and enhance information sharing within the private sector. The proposal encourages the private sector to share cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, which will then share it with relevant federal agencies and private-sector Information Sharing and Analysis Organizations.
  • Modernizing Law Enforcement Authorities to Combat Cybercrime
    These provisions allow prosecution for the sale of botnets, criminalize the overseas sale of stolen U.S. financial information, expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft and give courts the authority to shut down botnets engaged in distributed denial-of-service attacks and other criminal activity.
  • National Data Breach Reporting
    The provisions update security breach/identity theft reporting by simplifying and standardizing the current 46 state consumer protection laws into one federal statute for companies notifying their employees and customers about security breaches.

Cyberattacks on Sony Pictures, Home Depot, JPMorgan Chase, Target and Anthem have prompted the administration to support the passage of the National Cybersecurity Protection Act. This bill would increase legal liability protections for private-sector members who share cybersecurity threat information with the federal government. In an effort to reduce concerns about lawsuits for sharing consumers’ information and jeopardizing privacy rights, an amendment was proposed that stipulates only collected data may be used for addressing cybersecurity incidents and all collected data must be “scrubbed” of personal information that’s not related to a cybersecurity threat. Two rounds of personal information scrubbing would be required—one round by the company and another by a civilian agency that receives the data prior to submission to the government.

For more information about BKD’s cybersecurity solutions, please contact us.

The following two tabs change content below.
Karen Schultz

Karen Schultz

Karen has eight years of information technology (IT) audit experience. She has served as the in-charge accountant for financial and information systems audits at a national CPA and advisory firm and as the manager for information systems audits at an international financial services company. In addition, she has network and system administration experience.
Karen Schultz

Latest posts by Karen Schultz (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *