Cybersecurity Subcommittee Passes NCCIP

Yesterday the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies passed the “National Cybersecurity and Critical Infrastructure Protection Act of 2013” (H.R. 3696) (NCCIP), which was introduced last month by Committee Chairman Michael McCaul (R-TX), Ranking Member Bennie G. Thompson (D-MS), Subcommittee Chairman Patrick Meehan (R-PA), and Subcommittee Ranking Member Yvette D. Clarke (D-NY).  Here’s what those committee members had to say:

Today the Committee took a landmark step forward in securing the cybersecurity of our Nation’s critical infrastructure. The recent Target incident in which 110 million Americans’ personal information was compromised only underscores the very real and serious nature of the cyber threat today. H.R. 3696 strengthens our cyber defenses by bolstering and providing oversight of DHS’s cybersecurity mission, fostering collaborative public-private partnerships, while also ensuring privacy and civil liberties are protected. We are greatly encouraged by the strong bipartisan support of the NCCIP Act, as well as the many endorsements it has received from both industry and privacy advocates, and we look forward to moving this legislation to the House floor.

A statement of subcommittee action explains that H.R. 3696 seeks to amend the Homeland Security Act of 2002 in order to improve cybersecurity and critical infrastructure protection, namely.  A handy one-pager also published by the committee provides a digestible version of the 54-page bill.  Below are some key takeaways.

The NCCIP:

• “[e]stablishes an equal partnership between private industry and [the Department of Homeland Security (DHS)], and ensures that DHS properly recognizes industry-led entities to facilitate critical infrastructure protection and incident response.”
• codifies “successful aspects” of the National Infrastructure Protection Plan, as well as Cyber Incident Response Teams and DHS operational information security activities; and,
• “[a]mends the SAFETY Act to establish a threshold for qualifying cyber incidents so private entities can voluntarily submit their cyber security procedures to the SAFETY Act office to gain additional liability protections in the event of a qualifying cyber incident.”