The ABA urged the Senate Committee on Homeland Security and Governmental Affairs this month to support H.R. 584, a bill passed by the House earlier this year that would foster the sharing of cyber threat information among federal, state and local agencies.
Provisions in the bipartisan legislation “will increase our ability to successfully protect our nation’s cyber infrastructure,” ABA Governmental Affairs Director Thomas M. Susman wrote in a June 13 letter to the committee.
He said the ABA’s Cybersecurity Legal Task Force, which represents 19 entities and divisions in the association with cyber expertise, is analyzing cyber reform proposals and is ready to help the committee as bills move through the legislative process.
Susman highlighted ABA policy adopted in 2012 that lays out the following five principles that the association is urging the executive and legislative branches to consider when making policy determinations for improving cybersecurity:
•public–private frameworks are essential to successfully protect U.S. assets, infrastructure, and economic interests from cybersecurity attacks;
•robust information sharing and collaboration between government agencies and private industry are necessary to manage global cyber risks;
•legal and policy environments must be modernized to stay ahead of or, at a minimum, keep pace with technological advancements;
•privacy and civil liberties must remain a priority when developing cybersecurity law and policy; and
•training, education, and workforce development of government and corporate senior leadership, technical operators, and lawyers require adequate investment and resourcing in cybersecurity to be successful.
H.R. 584, known as the Cyber Preparedness Act of 2017, builds on the Security Cyber Incident Response Plan issued in December 2016 by the Department of Homeland Security (DHS). The bill would require the DHS’s State, Local and Regional Fusion Center Initiative to coordinate with the National Cybersecurity and Communications Center to provide state, local and regional fusion centers with expertise on DHS cybersecurity resources.
In addition, the legislation would authorize state, local or tribal governments or high-risk urban areas to use specified grant funds to prepare for a response to cybersecurity risks and incidents and to develop statewide cyber threat information analysis and dissemination activities.
H.R. 584 also expresses the sense of Congress that DHS should share actionable cyber threat information in unclassified form to allow timely distribution to the states, local governments, and the private sector.
In a related action on May 11, President Trump signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Trump executive order, which is similar to President Obama’s February 2016 Cyber National Action Plan, requires agency heads, as an initial step, to immediately use the Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology and to issue risk management reports to the DHS secretary and the director of the Office of Management and Budget within 90 days of the order.