Senate Homeland Security Committee Approves Federal Cybersecurity Enhancement Act
The Senate Homeland Security Committee unanimously cleared the Federal Cybersecurity Enhancement Act (S-1869) Wednesday with support from committee Chairman Ron Johnson, R-Wis., and ranking member Tom Carper, D-Del., the bill’s sponsors. S-1869, previously referred to as the Einstein Act, would authorize the Department of Homeland Security’s (DHS) Einstein intrusion detection and prevention system for federal networks and mandate that federal agencies use the system. The bill would require federal agencies to implement cybersecurity best practices like encryption of sensitive systems and two-factor authentication. S-1869 also would require DHS and the White House Office of Management and Budget (OMB) to do a comprehensive assessment to remove hackers from federal networks. Congress would need to reauthorize S-1869 seven years after it takes effect.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
“We’ve struck a pretty good balance here” by requiring federal agencies’ adoption of the Einstein system while also including privacy protections, Johnson said during the markup. Carper said he continues to anticipate that S-1869’s language will be offered as an amendment to the Cybersecurity Information Sharing Act (S-754). Language from a similar federal cybersecurity bill, the Federal Information Security Management Act (FISMA) Reform Act (see 1507220063), is also likely to be included as an amendment to S-754. Senate consideration of S-754 is likely to be delayed until after Congress’ August recess, with Carper saying during the S-1869 markup that the Senate’s ongoing consideration of the House-passed highway funding bill (HR-22) and other legislative priorities are likely to delay S-754. An aide to Senate Majority Whip John Cornyn, R-Texas, said Senate Republicans also believe they won’t be able to bring S-754 up for a vote before the August recess.
Senate Homeland Security cleared six amendments to S-1869 on unanimous voice votes, including two amendments co-sponsored by Carper, Johnson, Sen. Kelly Ayotte, R-N.H., and Sen. Claire McCaskill, D-Mo., that mirror provisions in the FISMA Reform Act. Ayotte and McCaskill are co-sponsors of that bill. One amendment would require the DHS secretary to ensure that the Einstein program retains only information about cyberthreats and would require the attorney general to review policies that govern access to information on the Einstein system. The second would give the DHS secretary additional authority to direct federal agencies to mitigate “substantial” cyberthreats and to implement those mitigation measures unilaterally if a threat is imminent. Two amendments from Sen. Ben Sasse, R-Neb., would require the director of national intelligence to do a damage assessment of the recent Office of Personnel Management data breach and identify unclassified information on government networks that when combined with other unclassified information could produce a piece of classified information.
Senate Homeland Security also cleared two amendments from Sen. Rand Paul, R-Ky., although Johnson said Paul had planned to offer additional, more controversial amendments if he were present at the markup. Paul’s office didn’t comment on when Paul would address those additional amendments. One of Paul’s amendments cleared Wednesday would clarify that liability protections DHS offers to ISPs that provide the Einstein program to federal agencies don’t allow ISPs to violate agreements with their customers. The other Paul amendment would require DHS to report the number of people whose information is captured via the Einstein system in situations that aren’t related to cybersecurity risks.