Senate passes DHS cyber bill

The Senate has approved a cyber bill to codify much of the Department of Homeland Security’s cybersecurity role.

The National Cybersecurity Protection Act is the Senate’s version of a House-passed bill, the National Cybersecurity and Critical Infrastructure Protection Act (NCCIP).


The measure “bolsters our nation’s cybersecurity while providing the department with clear authority to more effectively carry out its mission and partner with private and public entities,” said Senate Homeland Security and Governmental Affairs Committee Chairman Tom CarperThomas (Tom) Richard CarperProgressive groups ramp up pressure on Feinstein Senate confirms Radhika Fox to lead EPA's water office Rick Scott threatens to delay national security nominees until Biden visits border MORE (D-Del.), who backed the bill.

Critically, the bill officially authorizes the already-existing cybersecurity information sharing hub at the DHS.

Known as the NCCIC — or National Cybersecurity and Communications Integration Center — the hub draws in cyber information from myriad government and industry sources, then disseminates information on specific cyber threats back to those partners.

"It is critical that the department continues to build strong relationships with businesses, state and local governments, and other entities across the country so that we can all be better prepared to stop cyber attacks," Carper said.

The Senate quickly passed the bill late last week, without any objections. It now returns to the House, where significant opposition isn’t anticipated.

The Senate’s measure is a slimmed-down version of the House bill, leaving out many of the specifics on the information exchange between the public and private sector.

Industry groups have been clamoring for Congress to delineate specific legal protections for companies sharing cyber information with agencies such as the DHS or the National Security Agency.

A bill that would have provided such a safe harbor, the Cybersecurity Information Sharing Act, was not able to get a lame-duck vote.

"This bill sets the stage for future legislation for cyber security information sharing that includes liability protections for the private sector," assured Homeland Security Ranking Member Tom CoburnThomas (Tom) Allen CoburnNSF funding choice: Move forward or fall behind DHS establishes domestic terror unit within its intelligence office Wasteful 'Endless Frontiers Act' won't counter China's rising influence MORE (R-Okla.). 

The National Cybersecurity Protection Act is the second cyber bill the Senate has passed in the lame-duck’s final week — an unexpected cyber flurry.

On Monday night, the Upper Chamber unanimously approved the Federal Information Security Modernization Act, which updates the 12-year-old federal information security laws.  

However, with only two official days remaining in Congress, the clock is ticking for the House to move on either measure.