"Cybersecurity Act of 2013"

In advanced of a July 25 Senate Commerce Committee hearing on “The Partnership Between NIST and the Private Sector: Improving Cybersecurity,” Chairman Jay Rockefeller (D-WV) and Ranking Member John Thune (R-SD) introduced the “Cybersecurity Act of 2013” (S. 1353).

The bill avoids controversial topics such as information sharing and regulation of critical infrastructure cybersecurity and specifically states that it does not confer regulatory authority on federal, state, tribal, or local governments.

The bill focuses instead on several key issues.  First, it extends the mandate Executive Order 13,636 gave to the National Institute for Standards and Technology (“NIST”) to develop cybersecurity standards. NIST is currently working to develop standards pursuant to the Executive Order, and the bill directs NIST to develop, on an ongoing basis, voluntary, industry-led standards and best practices to reduce risk to critical infrastructure.  In developing the standards, NIST is instructed to coordinate “closely and continuously” with the private sector, incorporate existing voluntary best practices and international standards, prevent duplication of and conflict with existing  regulatory requirements, and ensure that its standards are technology-neutral.  The bill further specifies that information provided to NIST for standards-development cannot be used for regulatory purposes.Continue Reading Senators Rockefeller and Thune Introduce “Cybersecurity Act of 2013”