Congress passes bipartisan cybersecurity legislation

Protecting federal agencies from cybersecurity threats is a challenging, frustrating endeavor, as countless department leaders and decision-makers are well aware. These threats are becoming more sophisticated and numerous every day, and every governmental organization is a potential target. 

This state of affairs and the severity of the problem have not gone unnoticed by Washington's elected leaders. That is why Congress recently approved a new piece of cybersecurity legislation, one of the most significant bills in this area in the past decade. Assuming it is signed into law by President Obama, the National Cybersecurity Protection Act of 2014 will likely have a major impact on federal efforts to ward off cyberattacks.

Updated measures
The legislation cleared the Senate before being passed by the House unanimously on Thursday, along with a Senate amendment, the Cybersecurity Workforce Assessment Act. The legislation is intended to update a 12-year-old federal cybersecurity law by establishing the real-time monitoring of federal computer networks.

Additionally, the bill provides greater oversight of federal breaches and codifies the National Cybersecurity and Communication Integration Center, established previously at the Department of Homeland Security. Perhaps most importantly, though, the bill encourages the sharing of cybersecurity-related information between the public sector and private enterprises.

"With the passage of these bipartisan and bicameral bills, we can protect our vital digital private and government networks from daily attacks from foreign enemies across the globe by encouraging and supporting federal and private sector threat sharing," said Rep. Michael McCaul (R-Texas), Chairman of the House Committee on Homeland Security. "These bills are a significant step in the right direction, and my colleagues have shown that cybersecurity is a priority for this Congress. But there is more work to be done."

Tom Carper (D-Del), Chairman of the Senate Homeland Security and Governmental Affairs Committee, introduced the bill and pointed to the recent spate of federal cyberattacks against the White House, State Department and beyond as powerful evidence of the need for new cybersecurity efforts.

"It is more than clear that the federal government needs to address this 21st century threat with a 21st century response," said Carper. "This bill will modernize our outdated federal network security laws, provide the tools and authorities needed to improve security at our federal agencies and increase transparency and accountability for data breaches at federal agencies."

Carper's office also noted that the number of cyberattacks reported by federal agencies has increased by 680 percent over the past six years, according to the Government Accountability Office. 

In addition to public-private information sharing, the bill focuses on the issue of accountability. As Sen. Tom Coburn (R-Okla.), ranking member of the Senate Homeland Security and Governmental Affairs Committee, explained, the legislation ensures that agencies experiencing data breaches will be held to a higher standard when determining responsibility.

Positive steps
This legislation's emphasis on the importance of information sharing between the public and private sector highlights the interconnected nature of cybersecurity efforts. This concept is equally applicable to the federal government itself. For agencies to remain protected, they need to regularly collaborate, exchanging strategies, resources and insight about cybersecurity risks. And even within a given agency, communication and collaboration are essential. A single vulnerability is all it takes to cause a widespread, devastating breach.

Unfortunately, no federal agency, or any other organization, is completely invulnerable, thanks to the inevitable human element. Improved tools, accountability and collaboration can minimize, but not eliminate, risk.

To further reduce the threat of a cybersecurity breach, agencies should focus their efforts on employee education and training. By doing so, organizations can ensure that cybersecurity resources are used to the greatest possible effect, helping to protect the federal government and all its data.