President Obama Signs Five Cybersecurity-related Bills | Practical Law

President Obama Signs Five Cybersecurity-related Bills | Practical Law

President Obama has signed into law five cybersecurity-related bills that affect the US Department of Homeland Security (DHS) and federal cybersecurity policies and personnel. The laws enacted are the Federal Information Security Modernization Act of 2014, the Homeland Security Workforce Assessment Act and DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 (riders on the Border Patrol Agent Pay Reform Act), the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act of 2014 and the Cybersecurity Enhancement Act of 2014.

President Obama Signs Five Cybersecurity-related Bills

Practical Law Legal Update 6-593-6567 (Approx. 3 pages)

President Obama Signs Five Cybersecurity-related Bills

by Practical Law Intellectual Property & Technology
Published on 23 Dec 2014USA (National/Federal)
President Obama has signed into law five cybersecurity-related bills that affect the US Department of Homeland Security (DHS) and federal cybersecurity policies and personnel. The laws enacted are the Federal Information Security Modernization Act of 2014, the Homeland Security Workforce Assessment Act and DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 (riders on the Border Patrol Agent Pay Reform Act), the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act of 2014 and the Cybersecurity Enhancement Act of 2014.
On December 18, 2014, President Obama signed into law five cybersecurity-related bills:
  • The Federal Information Security Modernization Act of 2014, which:
    • updates the Federal Information Security Management Act;
    • codifies the Office of Management and Budget's current practice of overseeing the federal agencies' information systems;
    • eliminates the requirement for federal agencies to include the steps they have taken to secure their systems against cyber-risks in their annual reports;
    • grants the US Department of Homeland Security (DHS) authority to compile and analyze data on agency information security;
    • creates a requirement for agencies to continuously diagnose and limit cyber threats and vulnerabilities; and
    • requires agencies to notify Congress of security incidents within seven days of discovery.
  • The Homeland Security Workforce Assessment Act and DHS Cybersecurity Workforce Recruitment and Retention Act of 2014, attached to the Border Patrol Agent Pay Reform Act, enact measures to identify and fill important cybersecurity positions at the DHS and make compensation competitive.
  • The Cybersecurity Workforce Assessment Act requires the DHS to assess its cybersecurity workforce and implement a comprehensive strategy to enhance the readiness, capacity, training, recruitment and retention of its cybersecurity workforce.
  • The National Cybersecurity Protection Act of 2014 codifies the National Cybersecurity and Communications Integration Center, which:
    • is a situational awareness, incident response, and management center;
    • is designed to be a hub for sharing cybersecurity information among the public and private sectors; and
    • should include law enforcement, intelligence personnel, state and local governments, information-handling organizations, and critical information systems owners and operators.
  • The Cybersecurity Enhancement Act of 2014, which authorizes the US Department of Commerce's National Institute of Standards and Technology to continue its practice of supporting the development of voluntary industry standards and best practices to reduce cyber-risks to critical infrastructure.