Earlier this week, both chambers on Capitol Hill took steps that would increase the Department of Homeland Security’s (DHS) role in the area of cybersecurity.  On the Senate side, the Senate Homeland Security and Governmental Affairs Committee approved a DHS reauthorization bill that included amendments to rename and reorganize the DHS National Protection and Programs Directorate (NPPD), to increase protections for certain personally identifiable information (PII), and to emphasize the need for cybersecurity research.  On the House side, the House Homeland Security Committee approved the Cyber Incident Response Teams Act, which would establish teams within DHS devoted to cyber incident response.

Department of Homeland Security Reauthorization Bill

On March 7, the Senate Homeland Security and Governmental Affairs Committee approved H.R. 2825, which, if enacted into law, would be the first reauthorization of DHS since it was created in response to the September 11 attacks.  The Senate version of the bill added a number of cybersecurity related amendments.  Under one amendment, the NPPD would be renamed and reorganized as the Cybersecurity and Infrastructure Security Agency.  Among its enumerated responsibilities, this Agency would “lead cybersecurity and critical infrastructure security programs, operations, and associated policy for the Agency, including national cybersecurity asset response activities” and carry out its “cybersecurity and critical infrastructure activities” in coordination with Federal and private entities.  On the Senate Committee’s website, Senator Ron Johnson (R-WI), Chairman of the Committee, is quoted as stating, “Establishing an agency within DHS to focus on cyber and infrastructure security will help DHS achieve its missions.” A second amendment would require U.S. Customs and Border Protection (CBP) to remove personally identifiable information, including social security numbers, passport numbers, and residential addresses, from any manifest signed and transmitted to the CBP before it is disclosed to the public.  Finally, a third amendment, requires the Under Secretary for Science and Technology to support “research, development, testing, evaluation, and transition of new cybersecurity technologies” and to coordinate those activities with other Federal agencies, industry, and academia.  To help spur this development, the bill also extends DHS’ authority to  award other transaction authority agreements consistent with the Department of Defense’s recent push for quicker and more flexible agreements with non-traditional contractors.

Two proposed amendments were not included in the bill but it is possible that these amendments could still find their way into the final bill.  The first amendment would have increased DHS’ role in assisting states with monitoring and addressing cybersecurity threats and vulnerabilities during their elections.  The second amendment would have clarified liability protections for cybersecurity technology developers under the SAFETY Act.  Currently, the SAFETY Act offers liability protection to sellers and users of approved anti-terrorism technologies in the event of litigation stemming from acts of terrorism.  This amendment would have extended the SAFETY Act program to cybersecurity technologies and services by granting liability protections to industry for a terrorist act or a “declared cyber incident” that is caused by malicious cyber actors.  A date has yet to be set for the full Senate to vote on the DHS reauthorization bill.  The House passed its version of the bill last July.

Cyber Incident Response Teams Act

Also on March 7, the House Homeland Security Committee unanimously approved H.R. 5074, the Cyber Incident Response Teams Act.  This Act would authorize the National Cybersecurity and Communications Integration Center within DHS to establish “cyber hunt and incident response teams.”  Such teams would be responsible for assisting “asset owners and operators in restoring services following a cyber incident,” identifying any “cybersecurity risk and unauthorized cyber activity,” and offering both “mitigation strategies to prevent, deter, and protect against cybersecurity risks” and “recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks.”  Some members of the House Committee on Homeland Security have suggested that the Cyber Incident Response Teams’ scope of assistance would also include recommendations regarding the cybersecurity of election infrastructure.

The composition of these Cyber Incident Response Teams would not be limited to just governmental employees.  Rather, the Act expressly authorizes the inclusion of “cybersecurity specialists from the private sector,” enabling DHS to rely on specialist expertise outside of the government when addressing threats and attacks.  Although the assistance is “upon request,” private companies may be reluctant to permit private sector specialists access to very sensitive information about their networks and/or a potential breach.  The Act also would require the National Cybersecurity and Communications Integration Center report every four years to the House Committee on Homeland Security and the Senate Homeland Security and Governmental Affairs Committee.  Their report will include the “total number of incident response requests received,” the “number of incident response tickets opened,” and “all interagency staffing of incident response teams,” as well as provide information regarding “interagency collaborations established to support incident response teams.”  A date has yet to be set for the full House to vote on the Cyber Incident Response Teams Act.

Tags: Congress, Cybersecurity, Department of Homeland Security, DHS
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Raymond Biagini Raymond Biagini

A distinguished counselor and litigator, Raymond Biagini has risen to national prominence in a number of high-profile tort cases, defending commercial and government contractors in:

“Contractor on the Battlefield” tort litigation;
the Exxon Valdez litigation;
the Cell Phone Radiation Hazards lawsuits;
the “Fen-Phen”…

A distinguished counselor and litigator, Raymond Biagini has risen to national prominence in a number of high-profile tort cases, defending commercial and government contractors in:

“Contractor on the Battlefield” tort litigation;
the Exxon Valdez litigation;
the Cell Phone Radiation Hazards lawsuits;
the “Fen-Phen” litigation;
the nationwide Repetitive Stress Injury suits;
claims arising out of “friendly fire” accidents during Operation Desert Storm; and
“war crimes” allegations filed against manufacturers of military weapons systems sold to Israel.

Ray is widely recognized for his expertise in defending “contractors on the battlefield” in tort litigation, and he has established ground-breaking legal principles at the federal appellate level which immunize defense contractors from tort liability arising out of combatant scenarios.

Ray also has an extensive product liability prevention practice, counseling companies on mechanisms for reducing their tort exposure for products and services sold to government and commercial entities. He is significantly involved in counseling companies selling “homeland security” products and services, such as chemical/biological detection devices, perimeter security systems, biometric identity products, and airport security systems. Ray conceptualized and authored key provisions of the SAFETY Act, a new federal statute that is part of the Homeland Security Act of 2002. The SAFETY Act protects companies from tort lawsuits arising out of the sale of homeland security products and services. 

Ray has represented some of the world’s largest aerospace, defense and pharmaceutical companies, including Kellogg Brown & Root, Lockheed Martin, BAE SYSTEMS, Boeing, Textron, SAIC, Teledyne, Eon Labs, Unisys, and Philips Electronics. He is a frequent public speaker on risk mitigation techniques.

Read more about Raymond BiaginiEmail
Show more Show less
Photo of Susan B. Cassidy Susan B. Cassidy

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply…

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply chain risk management for companies that sell products and services to the U.S. Government. Susan advises contractors at all phases of the procurement cycle, and regularly:

advises clients on compliance obligations imposed by the FAR, DFARS, and other agency regulatory requirements;
leads internal and government False Claims Act (FCA) investigations addressing allegations of violations of government cybersecurity, national security, supply chain, quality, and MIL-SPEC requirements; and
advises clients who have suffered a cyber breach where U.S. government information may have been impacted.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 252.204-7012, FedRAMP, controlled unclassified information (CUI), and NIST SP 800-171 requirements;
Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 semiconductor product and service restrictions, and limitations on sourcing a variety of products from China; and
Federal Acquisition Security Council (FASC) regulations and product exclusions.

 

Susan previously served as senior in-house counsel for two major defense contractors (Northrop Grumman Corporation and Motorola Incorporated) and is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. Chambers USA has quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Susan’s pro-bono work extends to assisting veterans in a variety of matters, as well as providing advice to elderly clients on their wills and other end-of-life planning documents.

Read more about Susan B. CassidyEmail
Show more Show less