Congress has proposed dozens of bills related to cybersecurity topics over the last decade, all of which went nowhere. That is, until recently. In December of last year, lawmakers and the President put some of their disagreements over cybersecurity reform to the side and passed the following into law: 1) National Cybersecurity Protection Act (NCPA); 2) Cybersecurity Enhancement Act of 2014 (CEA); 3) Federal Information System Modernization Act of 2014 (FISMA 2014); 4) Cybersecurity Workforce Assessment Act (CWWA); and, 5) Border Patrol Agent Pay Reform Act (BPAPRA).
For the most part, these bills address federal government functions with respect to cybersecurity. FISMA 2014 is an overhaul of the Federal Information Security Management Act of 2002 (FISMA) and is meant to provide a framework for the federal government to assess and ensure its information security controls. The CWWA and BPAPRA deal with cybersecurity workforce issues at the Department of Homeland Security (DHS). The NCPA focuses solely on promoting information sharing between the government and the private sector via DHS. Finally, the CEA is a bill that, on its face, is also government-focused; however, of all the bills passed in December, it is the one that may have the biggest chance of causing unintended effects on private sector organizations.