Articles

U.S. cybersecurity congressional outlook for the rest of 2022

The U.S. federal government has enacted important cybersecurity laws in 2022 and will likely move forward with many of these bills before the year’s end.

As the 117th Congress moves into summer, typically the time for legislative doldrums, it’s helpful to look back at recently enacted cybersecurity-related legislation and peer ahead to see what bills could become law before the end of the year. Since the beginning of the current Congress on January 3, 2021, at least 498 pieces of legislation have been introduced that deal in whole or part with cybersecurity.

Of these, only 13 have passed both chambers, and even fewer, nine so far, have become law with a presidential signature. However, many of the most meaningful cybersecurity government actions since this Congress began have stemmed not from legislation but from executive branch actions, most notably through President Biden’s sprawling cybersecurity executive order signed in May 2021.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

 

 

Articles

U.S. Rep Lieu hopeful for election security bill prospects

lead centered=”no”
Congressman sees Republican softening on gun legislation as a sign they might be willing to consider election security. Calls on the security community to expose election system weaknesses.
/lead

U.S. Representative Ted Lieu (D-CA) thinks that Senate Majority Leader Mitch McConnell’s weakening opposition to gun legislation bodes well for the prospects of passing an election security bill. Several election security measures have stalled in Congress since the 2016 presidential election because McConnell has refused to take them up on the Senate side.

“I know that public sentiment has shifted on the gun issue so that Mitch McConnell is now willing to consider background checks on guns and red flag laws,” Lieu tells CSO Online. “That wasn’t something he had been saying a few weeks ago. So, you never know when something can happen that will shift public sentiment in such a way that will force him to take up a vote for election security.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

11 new state privacy and security laws explained: Is…

lead centered=”no”
States from Maine to California have recently enacted privacy, data security, cybersecurity, and data breach notification laws. We break down what each of these laws entails.
/lead

While at the federal level security and privacy legislation are lost in a morass of partisan politics and corporate lobbying delays, states have been moving ahead to push through an impressive number of important bills that help fill in the gaps. A search of the Legiscan database reveals that hundreds of bills that address privacy, cybersecurity and data breaches are pending across the 50 states, territories and the District of Columbia.

The most comprehensive piece of state-level legislation across these often-intertwined categories that has been enacted over the past two years is the sweeping California Consumer Privacy Act (CCPA), enacted and signed into law on June 28, 2018. Inspired by the EU’s groundbreaking General Privacy Data Protection Regulation (GDPR), the legislation aims to give the state’s consumers greater control over how businesses collect and use their personal data.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Congress steers clear of industrial control systems cybersecurity

lead centered=”no”
Industry resistance to regulation, complexity of securing ICS systems are roadblocks to passage of critical infrastructure cybersecurity legislation.
/lead

Rule number one about legislation affecting the cybersecurity of industrial control systems (ICS) is that no one talks about legislation affecting the cybersecurity of ICS. At least it seems that way based on a number of attempts to get industry stakeholders to talk on the record about the prospects in the 116th Congress for any legislation that affects critical infrastructure, specifically as it relates to industrial control systems.

Although a number of cybersecurity-related bills have been introduced in the new Congress, only a handful of relatively non-controversial pieces of legislation, most reintroduced from the last Congress, deal primarily with critical infrastructure industrial control systems, a surprise given the stepped-up concerns over threats to the nation’s electric grids, gas and oil pipelines, transportation systems and dams and the rise of industrial supply chain issues that have grabbed headlines over the past few years.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

The cybersecurity legislation agenda: 5 areas to watch

lead centered=”no”The 116th Congress is only a few months old, but far-reaching cybersecurity bills to protect infrastructure and the supply chain, ensure election integrity, and build a security workforce are now being considered. Here’s the list. /lead

New digital threats that could topple business, government, military and political institutions is moving cybersecurity to the top of the congressional agenda. The newly seated 116th Congress has so far seen 30 bills introduced in the House of Representatives and seven bills introduced in the Senate that directly deal with cybersecurity issues. That does not include other pieces of legislation that have at least some provisions that deal with information and digital security.

A key problem in grappling with such a complex issue as cybersecurity in Congress — and in Washington in general — is the diffused responsibility spawned by the wide-ranging, interconnected nature of the topic. Representative Jim Langevin (D-RI), a member of the Armed Services and Homeland Security Committees, and one of the founders of the Congressional Cybersecurity Caucus, flagged this stumbling block at the 2019 State of the Net conference in January by calling for consolidation in Congress over cybersecurity.

Noting that around 80 groups within the legislative branch claim some jurisdiction over cybersecurity matters, Langevin said, “We as a Congress are going to have to move with greater agility to respond to the cybersecurity threats we face going forward, and we can’t do it under the current construct.” Langevin wants the House Homeland Security issue to take the lead on all matters related to cybersecurity.

This article appeared in CSO Online. To read the rest of the article please visit here.