President Obama has signed into law five cybersecurity-related bills that affect the US Department of Homeland Security (DHS) and federal cybersecurity policies and personnel. The laws enacted are the Federal Information Security Modernization Act of 2014, the Homeland Security Workforce Assessment Act and DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 (riders on the Border Patrol Agent Pay Reform Act), the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act of 2014 and the Cybersecurity Enhancement Act of 2014.
On December 18, 2014, President Obama signed into law five cybersecurity-related bills:
updates the Federal Information Security Management Act;
codifies the Office of Management and Budget's current practice of overseeing the federal agencies' information systems;
eliminates the requirement for federal agencies to include the steps they have taken to secure their systems against cyber-risks in their annual reports;
grants the US Department of Homeland Security (DHS) authority to compile and analyze data on agency information security;
creates a requirement for agencies to continuously diagnose and limit cyber threats and vulnerabilities; and
requires agencies to notify Congress of security incidents within seven days of discovery.
The Homeland Security Workforce Assessment Act and DHS Cybersecurity Workforce Recruitment and Retention Act of 2014, attached to the Border Patrol Agent Pay Reform Act, enact measures to identify and fill important cybersecurity positions at the DHS and make compensation competitive.
The Cybersecurity Workforce Assessment Act requires the DHS to assess its cybersecurity workforce and implement a comprehensive strategy to enhance the readiness, capacity, training, recruitment and retention of its cybersecurity workforce.
is a situational awareness, incident response, and management center;
is designed to be a hub for sharing cybersecurity information among the public and private sectors; and
should include law enforcement, intelligence personnel, state and local governments, information-handling organizations, and critical information systems owners and operators.
The Cybersecurity Enhancement Act of 2014, which authorizes the US Department of Commerce's National Institute of Standards and Technology to continue its practice of supporting the development of voluntary industry standards and best practices to reduce cyber-risks to critical infrastructure.