Week ahead: Lawmakers revisit major cyber law

by Joe Uchill - 06/13/16 6:00 AM ET

Lawmakers in the coming week will review the impact of the landmark Cybersecurity Act of 2015, as federal agencies scramble to meet its requirements.

On Wednesday, The House Homeland Security Committee will hold a hearing with testimony from industry representatives on how the bill is working. Representatives from the Chamber of Commerce, the United States Telecom Association and security firms are expected to testify.

{mosads}The legislation passed Congress as part of a major end of year spending bill in December 2015 and was signed by President Obama shortly after.

The reforms were the first major cybersecurity bill passed by Congress in years and came on the heels of a number of high-profile hacks that raised public concerns about data security.

The law provided incentives for businesses to share cyber threat information with the government and with each other. It also included liability protections for the potential monitoring or sharing of private user data. The bill also gave the Department of Homeland Security a key role in helping share threat information.

The act was the result of a long fight. Advocates, including some in industry, described it as a critical step in defending businesses in a new age of threats.

Privacy advocates objected, believing that sharing user information with the government might become a backdoor form of surveillance, and that the liability protections for the handling of user data were overly permissive.

The hearing also comes as federal agencies face a number of deadlines to update Congress on implementing key cyber policies.

The House and Senate Intelligence Committees are slated to receive reports on Wednesday from the Department of Homeland Security, the Department of Justice, the Office of the Director of National Intelligence and the Office of Management and Budget.

OMB and ODNI are expected to report on ways attackers might leverage unclassified systems to gain access to classified information. Homeland Security and the DOJ are expected to finalize frameworks to protect privacy rights while promoting cyber threat sharing. DHS released an interim guidance in February.

Lawmakers are also exploring whether the law could have been used to help prevent a recent series of digital bank heists which have grabbed headlines.

On Thursday, Sen. Tom Carper (D-Del.), the ranking member of the Homeland Security Committee, asked DHS to outline how it was “using the authorities under the Cybersecurity Act of 2015 to help secure companies and organizations.”

The international bank burglaries took place over the SWIFT transaction communications network used by financial institutions. The thefts totaled at least $93 million, $81 million of which was taken from the central bank of Bangladesh.

Recent stories:

— Wendy’s hack bigger than believed

— House panel approves $1.8 billion for DHS cyber spending

— Email privacy update at impasse in Senate

— Hacked computer network behind major malware attacks online

— Morgan Stanley to pay $1M SEC fine for data breach

— DHS cyber reorganization bill advances in House

— California county first to restrict surveillance tech

— Regulators ask banks to double check their cybersecurity

— Canadian university pays $15M in ransomware attack

— FBI: Everything on Clinton is ‘evidence’ or ‘potential evidence’

— Clinton IT aide looks to keep immunity deal secret