What to watch for in the new cybersecurity rules
As Congress debates new cybersecurity legislation, lawmakers are working to create a federal cybersecurity agency that will oversee cybersecurity on both sides of the Atlantic.
The agency will have the authority to make recommendations to Congress and could include the FBI as well as the Department of Homeland Security, the Commerce Department and other agencies, according to a report from the Center for Strategic and International Studies.
The DHS, Commerce Department, Treasury Department and the Office of Management and Budget will all be required to report to the cybersecurity agency, which will also be subject to a review by the Federal Communications Commission, which would have to approve or reject its recommendations.
But the cybersecurity group’s recommendations could be significantly less stringent than those of other government agencies.
They could include fewer requirements for companies to install software on their networks, as well potentially requiring companies to share more personal data, the report said.
And they could also be a much narrower approach than other proposals put forward by congressional leaders, including a bill sponsored by Sens.
Ron Wyden (D-Ore.) and Mike Lee (R-Utah) that would establish a Cybersecurity Advisory Council to oversee the creation of the agency.
The proposal would create a bipartisan advisory body for the creation and operation of the cyber security agencies, and would provide a $10 million annual budget for the agency to be managed by the White House Office of the Director of National Intelligence, according the report.
The Cybersecurity Act of 2015 would also expand the definition of a cyber threat to include non-cyber security threats.
The bill would expand the scope of the cybersecurity threat so it includes not only the threat of cyber attacks on critical infrastructure, but also financial, energy, and health systems, the researchers said.
But as the new rules move forward, the legislation will also give Congress more power to approve cybersecurity recommendations that it doesn’t have authority to act on.
The White House’s cybersecurity team is currently looking for potential partners in other nations and territories to share their cybersecurity capabilities and resources, according an official familiar with the process, according for Politico.
If a nation or country is chosen, the government will have to notify Congress that it wants the help.