Congressional Action Supports Improvement of Cybersecurity for Critical Infrastructure and Beyond

03 June 2015 Manufacturing Industry Advisor Blog

None of us in the United States – no family or individual, no industry or business, and no government agency – is immune from the potential devastation that cyber-attacks can wreak. No particular reminder is needed. Each day, our nation’s economic and national security must guard against attack or threat of cowardly villainy at home and increasingly abroad.  It is all too common that we receive reports of cyber criminals operating their virulent schemes, often securely outside the reach of U.S. authorities, either privately or with the veiled support of nation states seeking to do us and our assets and resources grave harm. The nation’s critical infrastructure remains an especially vulnerable target. Individually or collectively, our power, water, transportation, and communication systems have been characterized (by the Department of Homeland Security) as “the backbone of our nation’s economy, security and health.”

Recognizing their vital role and vulnerability, Congress has added support for the National Institute of Standards and Technology (“NIST”) to continue to lead the effort to help owners and operators effectively manage cybersecurity risks for their critical infrastructure. Congress acted by codifying NIST initiatives as part of a series of cyber security-related bills it passed last year. Under the Cybersecurity Enhancement Act of 2014 (the “Act”), NIST is required to further facilitate and support the Cybersecurity Framework, which seeks to implement efficient standards and procedures to reduce cyber risks to critical infrastructure. NIST already began the efforts in response to President Obama’s Executive Order 13636, and released the first version of the framework on February 12, 2014. The Act also supports cybersecurity research and improves public awareness of cybersecurity issues. As a result, cybersecurity vendors will benefit and be well-positioned to help critical infrastructure owners. For example, cybersecurity vendors will use their expertise to assess the maturity level of an organization’s current cybersecurity, such as employee training and incident response plans, and enact a plan of action. Under the Framework, manufacturers are expected to bolster their defenses against cyber threats in all industries.

Cybersecurity Framework

The Act directs NIST to continue to collaborate with industry and government to develop the Framework. It requires the Director of NIST to use a wide range of industry expertise and work with U.S. and international agencies to come up with the optimal approach. The Act’s Framework is intended to encourage owners and operators of critical infrastructure to capitalize on information security features to identify, assess, and manage cyber risks. Participation in the Framework continues to be voluntary, and there is no added regulation. To encourage private sector participation, the Act prohibits federal, state, tribal, and local agencies from regulating the activity of any entity or diverting information outside the program.

Research and Development, Cybersecurity Workforce and Public Awareness

To further prepare for future cybersecurity challenges, the Act also directs federal agencies to develop and, every four years, update a cybersecurity plan. Another key feature is to guide the overall direction of cybersecurity research, and the Act adds to the National Science Foundation’s research and development grant areas, including network communications protocols, software engineering, secure wireless networks, mobile devices, and cloud infrastructure.

Finally, the Act enlists people in the private sector to carry out IT security duties and encourages cybersecurity innovations. National cybersecurity awareness and education programs are mandated to continue under NIST. The target audience for these new cybersecurity best practices is intentionally broad:  individuals, small to medium-sized businesses, educational institutions, and state, local, and tribal governments. In light of the magnitude and commitment of the program, public awareness and understanding should improve, and, it is hoped, the harrowing threats and damage to our nation’s critical infrastructure will be significantly reduced.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Related Services

Insights

Cryptocurrency in China is like BIG BROTHER in 1984!
20 October 2019
Internet, IT & e-Discovery Blog
California Governor Signs New Telehealth Insurance Law
18 October 2019
Health Care Law Today
Continued Increase in E-Commerce and Online Ordering Changes Landscape of Urban Transportation
17 October 2019
Dashboard Insights
CMS Proposes Revisions to Stark Law
16 October 2019
Health Care Law Today
PATH Summit 2019
18-20 December 2019
Arlington, VA
MedTech Impact Expo & Conference
13-15 December 2019
Las Vegas, NV
Review of 2020 Medicare Changes for Telehealth
11 December 2019
Member Call
BRG Healthcare Leadership Conference
06 December 2019
Washington, D.C.