The House Committee on Homeland Security unanimously approved on Wednesday H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act of 2013.
The bill was sent to the full House for consideration.
The committee said in a statement that the Act “addresses the cyber threat by giving the Department of Homeland Security (DHS) the tools to secure our nation in cyberspace, while protecting privacy and civil liberties and prohibiting any new regulations at DHS.”
The bill codifies several cybersecurity efforts already in progress; beefs up others, like the National Cybersecurity and Communications Integration Center; and focuses on partnerships with the private sector. It is intended to be budget neutral.
H.R. 3696 was introduced in December by Committee Chairman Michael McCaul, R-Texas, and Ranking Member Bennie Thompson, D-Miss., as well as Subcommittee Chairman Patrick Meehan R-Pa., and Subcommittee Ranking Member Yvette Clarke, D-N.Y.
“Cyber attacks on our oil and gas facilities, electric grids, water systems, banks and transportation systems threaten our national security and economy every day,” McCaul said in a statement. “We cannot wait for a major attack to take action, and I am pleased that the committee today unanimously passed legislation that improves DHS’ ability to defend against the many threats to our critical infrastructure.”
Meehan added that with the cyber attacks at Target, Nieman Marcus and the hotel franchise manager White Lodging, “it seems that almost every day we hear news of more American consumers victimized by cyber attack. It’s only a matter of time before our power grids or financial networks are the latest victims of hackers.”
The federal government’s response to the cyber threat, Meehan added, “has so far been haphazard.”
Ken Bentsen, president and CEO of the Securities Industry and Financial Markets Association, said in a statement that “cybersecurity is increasingly a major threat to our financial system. SIFMA members are dedicating significant resources to protect the millions of Americans who use financial services every day and rely on the integrity of our markets.”
The Securities and Exchange Commission is now assessing advisors’ cybersecurity policies during exams.
“Examiners will be looking at resources going into information security, policies on cybersecurity risk, what policies are in place to prevent and respond to cyberattacks, lost information and identity threft,” Jane Jarcho, a national associate director at the SEC’s compliance exam office, said last Friday at an SEC seminar.
Examiners will also ask about internal and external cyberattacks that may have occurred at advisory firms as well, and will look at a firm’s policies on IT training, vendor access and vendor due diligence, she said.
Check out SEC to CCOs: Don’t Ignore These Issues on ThinkAdvisor.