HOUSE Democrats unveiled a bill on Thursday that would require states to conduct data collection and analysis on suspected hackers and cyberthreats, with the goal of combating the spread of cyberattacks on U.S. infrastructure and businesses.
The Cybersecurity Enhancement Act, which has been introduced by Reps.
Peter DeFazio (D-Ore.) and Ted Lieu (D, Calif.), would require state cyber intelligence systems to collect data from companies on suspected cybersecurity threats and submit those data to federal agencies for analysis.
The bill would also require states and private sector organizations to report cybersecurity threats to federal and state agencies, including the National Institute of Standards and Technology.
The bipartisan bill would require cyber intelligence agencies to conduct annual cyber security assessments of their respective systems and to submit those results to the National Cybersecurity and Communications Integration Center, which would also report any breaches to federal authorities.
The bill would allow states to submit cyber threat reports to federal officials, and the bill would provide a mechanism for states to report cyber threats to private entities, including businesses.
States would also be able to request federal assistance in combating cyberthreat, such as cyber infrastructure improvements, and provide cybersecurity assistance to private firms.
The measure also would provide funds to improve the information sharing and reporting process between federal agencies and states.
States could also use these funds to develop cyber threat indicators, which could then be shared with federal authorities to assist in cybersecurity planning and prevention.
It is also the first time the Senate has taken up the legislation.
The House voted on the bill last year and it was introduced in the wake of the massive breaches at the Democratic National Committee and the Democratic Congressional Campaign Committee, which occurred over the course of 2016.
The House also passed a bill in April that would have required companies to report data breaches to the federal government, with no amendments made.