President Barack Obama on Dec. 18 signed five cybersecurity-related bills, the first time in 12 years that significant cybersecurity legislation has become law.

The cybersecurity measures include:

  • The Cybersecurity Enhancement Act, which authorizes the Department of Commerce, through its National Institute of Standards and Technology unit, to facilitate and support the development of voluntary standards to reduce cyber-risks to critical infrastructure. The law also requires the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan.
  • National Cybersecurity Protection Act, which codifies the National Cybersecurity and Communications Integration Center, a 24x7 cyber situational awareness, incident response and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community and law enforcement. The NCCIC shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, and mitigation and recovery actions.
  • Federal Information Security Modernization Act, which codifies an existing practice of having the Office of Management and Budget determine IT security policies for federal agencies.
  • Homeland Security Workforce Assessment Act, a rider on the Border Patrol Agent Pay Reform Act, which identifies and fills key cybersecurity positions at Department of Homeland Security (DHS).
  • Cybersecurity Workforce Assessment Act, which requires the DHS to assess its cybersecurity workforce and develop a strategy to enhance the readiness, capacity, training, recruitment and retention of its cybersecurity workforce.

Engineering360 reported earlier that the Automation Federation and its founding association, the International Society of Automation (ISA), have worked for years with federal lawmakers to build support for the passage of federal cybersecurity legislation.

At the federal government’s request, representatives of both the Automation Federation and ISA served as expert consultants to NIST as it coordinated the development of the U.S. Cybersecurity Framework.