Senate passes DHS cyber bill

The Senate has approved a cyber bill to codify much of the Department of Homeland Security’s cybersecurity role.

The National Cybersecurity Protection Act is the Senate’s version of a House-passed bill, the National Cybersecurity and Critical Infrastructure Protection Act (NCCIP).


The measure “bolsters our nation’s cybersecurity while providing the department with clear authority to more effectively carry out its mission and partner with private and public entities,” said Senate Homeland Security and Governmental Affairs Committee Chairman Tom CarperThomas (Tom) Richard CarperWhere do we go from here? Conservation can show the way Overnight Energy: EPA to regulate 'forever chemicals' in drinking water | Trump budget calls for slashing funds for climate science centers | House Dems urge banks not to fund drilling in Arctic refuge EPA will regulate 'forever chemicals' in drinking water MORE (D-Del.), who backed the bill.

Critically, the bill officially authorizes the already-existing cybersecurity information sharing hub at the DHS.

Known as the NCCIC — or National Cybersecurity and Communications Integration Center — the hub draws in cyber information from myriad government and industry sources, then disseminates information on specific cyber threats back to those partners.

"It is critical that the department continues to build strong relationships with businesses, state and local governments, and other entities across the country so that we can all be better prepared to stop cyber attacks," Carper said.

The Senate quickly passed the bill late last week, without any objections. It now returns to the House, where significant opposition isn’t anticipated.

The Senate’s measure is a slimmed-down version of the House bill, leaving out many of the specifics on the information exchange between the public and private sector.

Industry groups have been clamoring for Congress to delineate specific legal protections for companies sharing cyber information with agencies such as the DHS or the National Security Agency.

A bill that would have provided such a safe harbor, the Cybersecurity Information Sharing Act, was not able to get a lame-duck vote.

"This bill sets the stage for future legislation for cyber security information sharing that includes liability protections for the private sector," assured Homeland Security Ranking Member Tom CoburnThomas (Tom) Allen CoburnOvernight Energy: Experts criticize changes to EPA lead, copper rule | House panel looks into plan to limit powers of EPA science advisers | Senate bill aims for net-zero carbon emissions by 2050 Trump budget proposal funds financially struggling museum in Reagan's childhood home The Hill's Morning Report — Presented by PhRMA — Worries grow about political violence as midterms approach MORE (R-Okla.). 

The National Cybersecurity Protection Act is the second cyber bill the Senate has passed in the lame-duck’s final week — an unexpected cyber flurry.

On Monday night, the Upper Chamber unanimously approved the Federal Information Security Modernization Act, which updates the 12-year-old federal information security laws.  

However, with only two official days remaining in Congress, the clock is ticking for the House to move on either measure.