The United States Congress approved the Cybersecurity Enhancement Act of 2014, which now goes to President Barack Obama to be signed into law.

The legislation is designed to strengthen and protect the nation’s economic and national security through public-private partnerships to improve cybersecurity and a greater reliance on cybersecurity standards; research and development; workforce development and education; and public awareness and preparedness.

Passage of the bill, which was sponsored by Senate Commerce, Science, and Transportation Committee Chairman John D. (Jay) Rockefeller IV (D-WV) and Ranking Member John Thune (R-SD), follows years of efforts to pass federal cybersecurity legislation. An earlier cybersecurity bill, The Cybersecurity Act of 2012, was defeated in the Senate. Its demise prompted President Obama to instruct the National Institute of Standards and Technology (NIST) to develop the U.S. Cybersecurity Framework, which was introduced in February 2014.

“The passage of this bill represents great progress toward better preparing government and private industry to meet the significant challenges and reduce the serious risks of industrial cyberattack,” says Michael Marlowe, managing director and director of Government Relations at the Automation Federation. “We know that safeguarding America and the world from cyberattack will require a comprehensive, multi-faceted effort—implementing standards that can prevent and mitigate security vulnerabilities; educating and training a skilled cybersecurity workforce; facilitating greater public-private collaboration; and pursuing ongoing research, development and awareness initiatives.”

The Automation Federation and its founding association, the International Society of Automation (ISA), have worked for years with lawmakers in Washington to build support for the passage of federal cybersecurity legislation.

At the federal government’s request, representatives of both the Automation Federation and ISA served as expert consultants to NIST as it coordinated the development of the U.S. Cybersecurity Framework.

IACS security standards developed by ISA (ISA99/IEC 62443) are integral components of the federal government’s plans to combat cyberattack because they’re designed to prevent and offset potentially devastating cyber damage to industrial plant systems and networks—commonly used in transportation grids, power plants, water treatment facilities and other industrial settings.

Marlowe said the Automation Federation is already in discussions with NIST officials about how to implement the key provisions of The Cybersecurity Enhancement Act of 2014 once it becomes law.

The Cybersecurity Enhancement Act of 2014:
• Authorizes NIST to facilitate and support the development of voluntary, industry-led cyber standards and best practices for critical infrastructure—drawing on many of the key recommendations outlined in the U.S. Cybersecurity Framework.
• Strengthens cyber research and development by building on existing research and development programs, and ensuring better coordination across the federal government.
• Improves the cyber workforce and cyber education by ensuring that the next generation of cyber experts are trained and prepared for the future.
• Increases the public’s awareness of cyber risks and cybersecurity.
• Advances cybersecurity technical standards.

“The bill and its language regarding the public-private sector partnerships using existing standards within the NIST Framework is a great testament to the hard work of the Automation Federation, the Automation Federation Government Relations Committee members and the ISA-99 Security Standards Committee members,” says Steve Huffman, chair of the Automation Federation’s Government Relations Committee and an ISA99 Security Standards Committee member. “Cybersecurity of industrial automation and control systems from the OT (operational technology) side was not a prominent issue in initial legislative discussions. By raising its importance among lawmakers, industrial cybersecurity became a more vital part of the legislation passed by Congress.”

More Resources:

IHS Standards Library