SAN FRANCISCO — Dozens of bills are filed in Congress relating to cybersecurity and data breaches but many if not most may never see a committee markup let alone a floor vote. But key congressional staffers speaking at the RSA Conference here predicted at least three bills are likely to get to the president’s desk this year.
A House-passed measure that would reorganize the Department of Homeland Security and create a new Cybersecurity and Infrastructure Security Agency has also cleared the Senate Homeland Security and Governmental Affairs Committee and is awaiting Senate floor passage.
Senate approval and the president’s signature, likely this year, would help DHS better address cybersecurity as well as how it relates to protecting critical infrastructure sectors, said Brendan Shields, staff director of the House Homeland Security committee.
A bipartisan bill called the Internet of Things Cybersecurity Improvement Act would set minimum security standards for all “internet of things” devices. Backed by Sens. Mark Warner, D-Va., Cory Gardner, R-Colo., Ron Wyden, D-Ore., Steve Daines, R-Mont., the bill would be another measure that could get some traction in Congress, said Rafi Martina, a senior policy advisor to Warner.
By 2020 as many as 20 billion such devices are expected to be in use around the world. Many of these devices such as internet-connected light bulbs, thermostats and TVs come with factory-set, hard-coded passwords that cannot be changed and present attackers with easy entry points into larger computer networks, according to the draft bill.
Government agencies are increasingly buying and installing such devices in offices, and that poses greater challenges for government computer networks, Martina said. The bill would require the Office of Management and Budget and the National Institute of Standards and Technology to specify security measures agencies must take to prevent such devices from becoming gateways to larger networks.
The fiscal 2018 Intelligence Authorization bill, which passed the House last year and has cleared the Senate Intelligence committee but has yet to be approved by the full Senate, would ease the way for state officials to get speedy security clearances so they can get briefings on threats to their computer networks. The bill could clear the Senate this year, said Tara McFeely, the budget director for the Senate Select Committee on Intelligence.