The US Senate last week passed a bill requiring the Department of Homeland Security to maintain cyber-hunt and incident response teams, while the House passed one that instructs DHS to share protocols for mitigating cyber-vulnerabilities.
The Senate bill, S.315, aka the DHS Cyber Hunt and Incident Response Teams Act of 2019, passed by unanimous consent on Sept. 24. The legislation seeks to amend the Homeland Security Act of 2002, authorizing DHS’ National Cyber-security and Communications Integration Center (NCCIC) to permanently operate cyber-hunt and incident response teams that can aid federal and non-federal entities in the event of a cyber-attack, such as a ransomware infection.
Assistance may entail restoring services, identifying risk, detecting unauthorized cyber-activity, developing mitigation strategies and mkaing cyber-hygiene recommendations.
The bill also permits DHS to include private-sector experts on the cyber-hunt and incident response teams, so they can offer their own unique non-government perspectives.
Senators Margaret Wood Hassan and Rob Portman initially introduced the bill last January.
The US House of Representatives last June passed its own version of the proposed law, H.R.1158. That bill was originally introduced last February as companion legislation to S.315. It is possible the two chambers will at some point attempt to reconcile these two versions.
"Our cyber-response teams play an important role in protecting against cyber-threats, reducing cyber-security risks, and helping to get our cyber-infrastructure back up and running after an attack occurs," said Sen. Portman in a press release. "I am glad the Senate passed our bipartisan legislation and I hope we send it to the president’s desk soon so that we can strengthen our response efforts in the event of a cyber-attack."
"As cyber-threats become increasingly common, it is crucial that everyone from the federal government to local governments… have the resources and support that they need to strengthen their cyber-security," Sen. Hassan added in the same release. "This bipartisan legislation will allow the best minds in cyber-security to work together to better protect our digital infrastructure and to respond to attacks."
Two days after the Senate bill was passed, the House advanced a different proposed cyber-legislation: H.R.3710, aka the Cybersecurity Vulnerability Remediation Act.
This bill also would amend the Homeland Security Act of 2002, adding language empowering the director of DHS’ Cyber-security and Infrastructure Security Agency to "identify, develop and disseminate actionable protocols to mitigate cyber-security vulnerabilities, including in circumstances in which such vulnerabilities exist because software or hardware is no longer supported by a vendor."
Additionally, the director would be granted one year from the act’s enactment to submit a report detailing how the agency coordinates vulnerability disclosures and disseminates mitigation protocols. The director would submit this documentation to both the House’s Committee on Homeland Security and the Senate’s Committee on Homeland Security and Governmental Affairs.
Introduced by senaor Sheila Jackson Lee, the proposed act would also include a section stating that the DHS’ under secretary for science and technology and CISA’s director may establish a competitive incentives program to encourage the private sector, individuals, academic institutions and other key players to create remediation solutions for cyber-vulnerabilities.
This article was originally published on SC Media US.