Two provisions of the Cybersecurity Act of 2015—the Federal Cybersecurity Enhancement Act and the Federal Cybersecurity Workforce Assessment Act―task the Department of Homeland Security (“DHS”) and the Office of Management and Budget (“OMB”) with new cybersecurity responsibilities.
The Federal Cybersecurity Enhancement Act of 2015 (“Enhancement Act”), located at Title II, Subsection B of the Cybersecurity Act, requires federal agencies to secure government information systems. Specifically, the Enhancement Act directs DHS to implement an “intrusion assessment plan” to routinely detect, identify, and remove intruders in agency information systems. DHS must also develop a plan to ensure that agencies utilize advanced networking security tools to bolster internal defenses. Moreover, the Enhancement Act requires DHS, in consultation with OMB, to issue binding operational directives mandating that federal agencies evaluate access to sensitive agency data, as well as encrypt or otherwise render indecipherable that data to unauthorized users. The Department of Defense, certain national security systems, and elements of the intelligence community are exempt from the Enhancement Act.
The Federal Cybersecurity Workforce Assessment Act of 2015 (“Assessment Act”) also affects federal agencies’ cyber requirements. The Assessment Act is located at Title III of the larger Cybersecurity Act and provides a mechanism to appraise the cyber-readiness of the federal workforce. In particular, each federal agency head must identify all positions within its respective agency, both civilian and non-civilian, that require the performance of cybersecurity or other cyber-related functions. The agency heads must then report the percentage of personnel who hold appropriate industry-recognized certifications and identify a strategy for mitigating any identified gaps in employees’ credentialing. After this baseline assessment, the Assessment Act calls for OMB and DHS to produce a report identifying and substantiating particular cyber-related work roles in critical need of additional personnel.
Reporter, Bailey J. Langner, San Francisco, +1 415 318 1214, blangner@kslaw.com.