A House Homeland Security panel has approved the National Cybersecurity and Critical Infrastructure Protection Act of 2013, which would amend the Homeland Security Act of 2002 to, according to a bill summary, require DHS to conduct cybersecurity activities, including the provision of shared situational awareness among federal entities to enable real-time, integrated, and operational actions to protect from, prevent, mitigate, respond to, and recover from cyber incidents.
The bill has a broad definition of what constitutes a “cyber incident” and calls on DHS to coordinate with federal, state, and local governments, critical infrastructure owners and operators, and other cross-sector coordinating entities to facilitate a national effort to strengthen and maintain critical infrastructure from cyber threats.
It also calls on DHS to ensure that departmental policies and procedures enable critical infrastructure owners and operators to receive appropriate and timely cyber threat information; Seek industry sector-specific expertise to develop voluntary security and resiliency strategies and to ensure that the allocation of federal resources is cost effective and reduces burdens on critical infrastructure owners and operators; Provide risk management assistance – as requested – to entities and education to critical infrastructure owners and operators; and, Coordinate a research and development strategy for cybersecurity technologies.