We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

US Executive Branch to Ramp Up Cybersecurity Actions as Federal Legislation Stalls

HL Chronicle of Data Protection

03 August 2012
Widely reported efforts to craft compromise cybersecurity legislation failed 52-46 in a key Senate vote on August 2 despite bipartisan engagement and the Obama Administration’s vocal support.
US Executive Branch to Ramp Up Cybersecurity Actions as Federal Legislation Stalls

The Cybersecurity Act of 2012 (CSA) as amended is significantly more complex than cybersecurity legislation passed in April by the House of Representatives. In its most recent version, the CSA would mobilize the federal government to, among other things:

  • Form a multi-agency Council to inventory and conduct “cyber risk assessments” of industry sectors considered vulnerable to cyber-based attack.
  • Categorize certain types of industries as “critical cyber infrastructure” based on such assessments and a list of enumerated criteria.
  • Require reporting of all significant “cyber incidents” by the owners of such critical cyber infrastructure; such requirements would go beyond the requirements of existing data breach notification laws.
  • Develop new security standards and use significant incentives to promote adoption by industry—incentives that some have described as inevitably leading to mandates.

Other parts of the Senate legislation would have amended FISMA (the framework law that guides information security efforts of the federal civilian agencies); promote and protect information sharing between government and industry; and support enhanced R&D and education efforts on cybersecurity.

Congressional efforts to address cybersecurity risk are certain to continue, so these and other proposals bear watching. Perhaps even more significant in the near term is the Administration’s reported intention to use its existing authority to enhance industry and government practices in this area.

This blog entry was contributed by Harriet Pearson, a Partner in the Privacy and Information Management group in Hogan Lovells' Washington, DC office.

HL Chronicle of Data Protection

Cybersecurity in the Health Sector

The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...

02 May 2016
Loading data