House Homeland Security Advances Bills on DHS Involvement in State, Local, Ports Cybersecurity
The House Homeland Security Committee voted Wednesday to advance the State and Local Cyber Protection Act (HR-3869) and the Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act (HR-3878), sending both bills to the full House on unanimous voice votes. The bills' markup came a week after the Senate passed the Cybersecurity Information Sharing Act (S-754) 74-21 (see 1510280057), setting up what is anticipated to be a lengthy conference to reconcile that bill with the House-passed Protecting Cyber Networks Act (HR-1560). An industry lobbyist told us language from both HR-3869 and HR-3878 could potentially make it into a conference information sharing bill.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
State and local governments “often do not have access to the same personnel or technical capabilities that the federal government does” for addressing cybersecurity threats, said House Oversight Committee IT Subcommittee Chairman Will Hurd, R-Texas, HR-3869's main sponsor. The bill “will help resolve this issue," he said. HR-3869 would direct the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) to provide state and local governments with cybersecurity tools and support. HR-3869 would also authorize NCCIC to provide training to state and local law enforcement on privacy and civil liberties that are consistent with DHS' Fair Information Practice Principles. NCCIC would be required to report back to House Homeland Security and the Senate Homeland Security Committee two years later on the effectiveness of its collaboration with state and local law enforcement agencies on cybersecurity.
House Homeland Security cleared HR-3869 without any amendments. House Cybersecurity Subcommittee ranking member Cedric Richmond, D-La., said he supports HR-3869 but noted concerns that its codification of some existing DHS programs might result in an unfunded mandate. Hurd said DHS had advised him that the department doesn't view HR-3869 as an unfunded mandate. He also said the National Association of Counties and the National Association of State Chief Information Officers are publicly supporting the bill. House Homeland Security and the House Judiciary Committee passed the Strengthening State and Local Cyber Crime Fighting Act (HR-3490) in September with language that would also expand state and local law enforcement agencies' access to federal cybersecurity resources (see 1509300042).
HR-3878 would require DHS to take “a more proactive approach to cybersecurity” at U.S. ports, said Rep. Norma Torres, D-Calif. The bill would require DHS to increase NCCIC's collaboration with maritime and ports security stakeholders, including creating a working group to develop plans to address port-specific cybersecurity vulnerabilities. House Homeland Security approved an amendment to HR-3878 from Rep. Dan Donovan, R-N.Y., that would require vessels and port facilities to conduct a cybersecurity assessment as part of their requirements under the 2002 Maritime Transportation Security Act.
House Homeland Security Chairman Michael McCaul, R-Texas, said before the committee's Wednesday markup that he is optimistic about conferencing HR-1560 and S-754. He said revision made S-754 “much better by the end of the process,” making it much more DHS-centric. The version of HR-1560 forwarded to the Senate includes the full language from the DHS-centric National Cybersecurity Protection Advancement Act (HR-1731). “You want a civilian portal as the face” of information sharing with the government, McCaul said during a Council on Foreign Relations event. He said he is only concerned about a provision in S-754 that would put DHS on an up to 90-day probationary period before it would be authorized to begin receiving cyberthreat information from the private sector, which would put a “red light on current operations.” The White House also believes “we're actually very close” to a final bill, said White House Cybersecurity Coordinator Michael Daniel.