S. 2519, National Cybersecurity Protection Act of 2014

S. 2519

National Cybersecurity Protection Act of 2014

Sponsor
Sen. Thomas R. Carper

Committee
Homeland Security and Governmental Affairs

Date
December 11, 2014 (113th Congress, 2nd Session)

Staff Contact
Communications

Floor Situation

On Thursday, December 10, 2014, the House will consider S. 2519, the National Cybersecurity Protection Act of 2014, under suspension of the rules.  S. 2519 was introduced by Sen. Thomas Carper (D-DE) on June 24, 2014 and was referred to the Senate Committee on Homeland Security and Governmental Affairs.  S. 2519 passed the Senate on December 10, 2014 by voice vote.

Bill Summary

S. 2519 codifies the existing role of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) as a civilian interface for the cross-sector sharing of cybersecurity information.  The bill also codifies the NCCIC’s existing responsibilities to (1) conduct analysis of cybersecurity risks and incidents; (2) provide, upon request, incident response and technical assistance; and (3) recommend security and resilience measures to enhance cybersecurity.

S. 2519 directs NCCIC to ensure its activities are timely, actionable, and risk-based; coordinated across critical infrastructure sectors; and compliant with privacy and civil liberties laws. Under the bill, NCCIC would continue to be composed of representatives from federal and non-federal entities. The bill also requires DHS to work with federal and non-federal partners to develop and exercise cyber incident response plans to address cybersecurity risks to critical infrastructure.  S. 2519 puts greater management and oversight attention on cyber breaches by improving notification of breaches to the public and to Congress.

Background

Cyber attacks present significant threats to the U.S. economy and to national security.  Daily attacks by state and non-state actors seek to disrupt the nation’s critical infrastructure, steal intellectual property, and compromise sensitive personal information such as bank accounts and social security numbers.  “In 2013, Mandiant released a report . . . providing detailed evidence of hackers linked to the Chinese military hacking into major U.S. companies for intellectual property and for economic espionage purposes, defense systems to steal sensitive military information, and critical infrastructure to gain access to gas lines, power grids and water systems.  Additionally, Iranian-backed hackers are increasing the number of cyber attacks against U.S. companies, and in one example gained access to control system software that could allow the hackers to control, shut down, or damage oil and gas pipelines in the [U.S].”[1]  Director of National Intelligence James Clapper and FBI Director James Comey, respectively, recently emphasized the increasing risk to U.S. critical infrastructure and the corresponding increase in resources that will be needed to defend against these and other cybersecurity risks.[2]

NCCIC is “a federal civilian interface to facilitate real-time cyber threat information sharing across critical infrastructure sectors.”  S. 2519 codifies NCCIC’s existing role and increases oversight.

__________
[1] House Committee Report 113-550, Part I at 20.
[2] Id.

Cost

According to CBO estimates, implementing S. 2519 would not result in a significant cost.  In addition, the bill would not affect direct spending or revenues.

Additional Information

For questions or further information contact the GOP Conference at 5-5107.