New Cybersecurity and Infrastructure Protection Agency?
As far as hot topics go, cybersecurity seems to be at the forefront of U.S. governmental concerns. 2016 has brought to center a range of cybersecurity issues and legislation. Spurred on by cyber-attacks such as the large data breach of the Office of Personnel Management in 2015, lawmakers are attempting to make great strides in order to input a structure that is able to compensate for the diverse systems and needs of federal agencies. On June 7, 2016, a bill sponsored by House Representative Michael T. McCaul was introduced to the House. This bill seeks to amend the Homeland Security Act of 2002 by proposing the redesignation of the National Protection and Programs Directorate as the Cybersecurity and Infrastructure Protection Agency. According to the bill, “…the mission of this new Agency shall be to lead national efforts to protect and enhance the security and resilience of the cyber and critical infrastructure of the United States.” As outlined within the bill, the new agency would include the following four divisions:
- The Cybersecurity Division
- The Infrastructure Protection Division
- The Emergency Communication Division
- Federal Protective Service
Individually, each of the above divisions would carry out various functions, and have its own Deputy Director, all under the common goal of imparting a cohesive systematic structure for how cyber threats are handled in the future. This bill would also create the new position of director of National Cybersecurity. This legislation is now heading to the full House for consideration after having garnered a full approval by the Committee. The House Homeland Security Committee voted by voice to approve the bill that would form a new agency under DHS. With the addition of a few amendments to clarify certain language included in the bill, it successfully made It out of committee.
Feds release Final Guidance on CISA
In December of 2015, The Cybersecurity Act of 2015 (CISA) was signed into law. According to Congress’ Joint Explanatory Statement to Accompany the Cybersecurity Act of 2015, “This legislation is designed to create a voluntary cybersecurity information sharing process that will encourage public and private sector entities to share cyber threat information, without legal barriers and the threat of unfounded litigation—while protecting private information. This in turn should foster greater cooperation and collaboration in the face of growing cybersecurity threats to national and economic security.”
As of June 17, 2016 DHS has released the final guidance required by Title 1 of the Cybersecurity Act of 2015. This guidance “document establishes procedures relating to the receipt of cyber threat indicators and defensive measures by all federal entities under CISA. It describes the processes for receiving, handling, and disseminating information that is shared with DHS pursuant to section 104(c) of CISA, including through operation of the DHS Automated Indicator Sharing capability under section 105(c) of CISA. It also states and interprets the statutory requirements for all federal entities that receive cyber threat indicators and defensive measures under CISA to share them with other appropriate federal entities.”
New FAR Amendment
Effective June 15, 2016, the DOD, GSA, and NASA have issued a final rule that amends the Federal Acquisition Regulation (FAR) with addition of a new subpart and contract clause. These amendments have been imparted in order to ensure the safeguarding of contractor information systems that process, store, or transmit Federal contract information. This clause does not release contractors from abiding to the safeguarding requirements as outlined by Federal agencies and departments themselves. The an excerpt of Summary of Significant Changes From the Proposed Rule as outlined in the Federal Registar follows:
Safeguarding of Covered Contractor Information System
• Provides for safeguarding the contractor information system, rather than specific information contained in the system.
• Revises the title of the case and throughout the final rule to add the term ‘‘covered’’ to ‘‘contractor information system,’’ thus indicating that the policy applies only to contractor information systems that contain Federal contract information.
Safeguarding Requirements
• Deletes the safeguarding requirements and procedures in the clause that relate to transmitting.
electronic information, transmitting voice and fax information, and information transfer limitations. Replaces the other safeguarding requirements with comparable security requirements from NIST SP 800–171.
Definitions
• Adds definitions of ‘‘covered contractor information system’’ and ‘‘Federal contract information.’’
• Deletes definitions of ‘‘public information’’ and all other proposed definitions in the clause, except
‘‘information,’’ ‘‘information system,’’ and ‘‘safeguarding.’
The Improving Small Business Cyber Security Act
The Improving Small Business Cyber Security Act was Introduced on April, 26, 2016 to amend the Small Business Act and allow small business development centers to assist and advise small business concerns on relevant cyber security matters, and for other purposes. This act would give DHS the ability to provide more support to small businesses, and allow for coordination with small businesses and small-business development centers for the development of a stronger cybersecurity infrastructure, and improved education of employee on cybersecurity risks.
The Support for Rapid Innovation Act & The Leveraging Emerging Technologies Act of 2016
On June 8, 2016, the House Committee on Homeland Security approved the Support for Rapid Innovation Act & the Leveraging Emerging Technologies Act of 2016. This two-part legislation is a push from lawmakers to make it easier for cybersecurity startups to do business with federal agencies. This legislation would enable startups to combat the sometimes thorny procurement process. The Leveraging Emerging Technologies Act in particular should be of great interest to new technology firms as this specific act calls for the Homeland Security Secretary to “engage with innovative and emerging technology developers and firms, including technology-based small businesses and startup ventures, to address homeland security needs.” Market intelligence can be a great asset to government contractors as it provides the necessary intel on government opportunities that can give them the upper edge on their competitors.
Don’t forget to view our full GovCon News section for more intel.