New US Congressional Bills Are an Important Milestone for Cybersecurity Professionals

News over the past year has focused the world’s attention on issues surrounding cybersecurity—notably that cyber attacks emerged as a top technology risk in the World Economic Forum’s Global Risks 2015 report. In April, US President Barack Obama declared cybercrime a national emergency and signed an executive order authorizing new sanctions against individuals and groups deemed responsible for cyberattacks.

The attention resonated with consumers, business leaders and legislators alike.

Mixed together with news of the Sony Corporation breach and other retail hacking occurrences, awareness of the need for increased cybersecurity focus has been at a high level. Now there is even more—but this time the news is about the US House of Representatives passage of two cybersecurity information sharing bills: Protecting Cyber Networks Act (PCNA) and National Cybersecurity Protection Advancement (NCPA) Act.

• PCNA aims to defend against cyberattacks through the creation of a framework for the voluntary sharing of cyber threat information between private entities and the federal government. Importantly, it includes liability protection for those companies who choose to participate.
• NCPA is similar to PCNA, with the distinction being that it encourages voluntary information sharing about cyber threats between the private sector and the Department of Homeland Security.

To help cybersecurity professionals understand the importance of these two new acts, ISACA has added a new CSX Special Reportto its Cybersecurity Legislation Watch center as part of its Cybersecurity Nexus (CSX). I encourage you to take a look at the report to better understand the two acts and what this new legislation could mean for you in your role and for your enterprise.

For professionals in the cybersecurity profession the implication is crystal clear. The general business community is more aware of the challenges, and those charged with protecting their organizations from attack must be highly aware and trained, including being knowledgeable of evolving legislation, such as this.

Keeping current and positioning your organization to best take advantage of the evolving regulatory landscape is of utmost importance in today’s fast-moving cybersecurity environment. This is not a time to be caught flat-footed.

Douglas Rausch, CISSP
President, Aurora CyberSecurity Consultants, Inc.

[ISACA]