We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
01 November 2019
In a legislative environment charitably described as challenging, the fact that the Senate recently passed cybersecurity legislation by unanimous consent is noteworthy and highlights the bipartisan nature of this issue. The DHS Cyber Hunt and Incident Response Act (H.R. 1158) responds to the recent spate of ransomware attacks against government agencies and private sector organizations.(1) It would require the Department of Homeland Security (DHS) to form "cyber hunt" and incident response teams that could be called upon to assist federal, state, and local entities to respond to a ransomware or other type of cybersecurity incident or to identify vulnerabilities in their systems that may increase the likelihood and success of a future attack. While continued government attention to the availability of cybersecurity capabilities should be welcomed by the private sector, the extent to which businesses will directly benefit from this legislation is unclear given its focus.
The bill would require the newly-formed DHS teams to provide assistance to public and private entities, upon request, on preparing for and responding to cyber-related incidents, including:
DHS is also required to report to Congress annually, for four years after the date of enactment, on the utilization and effectiveness of the new teams using metrics it creates for this purpose. These metrics are required to be quantifiable, actionable, and improve the teams' effectiveness and accountability.
While this legislation has the potential to offer additional resources to protect against ever-increasing ransomware and other cyber threats, significant questions remain unanswered. It is not clear how DHS' expanded role in cybersecurity incident planning and response will be coordinated with the existing authorities of the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS). Even before this legislation, the question of "who ya gonna call?" to help navigate the myriad challenges an organization may face before, during, and after a cyber incident was unclear, and some will view this Act as only adding to that confusion. In addition, on a practical level it is unclear how DHS would be able to marshal the necessary resources to rapidly respond to cyber incidents outside of the Washington, DC area, as it lacks the local presence and relationships that FBI and USSS have in jurisdictions across the country.
For further information on this topic please contact Peter M Marta or Asmaa Awad-Farid at Hogan Lovells by telephone (+1 212 918 3000) or email (firstname.lastname@example.org or email@example.com). The Hogan Lovells website can be accessed at www.hoganlovells.com.
(1) For instance, a ransomware attack infiltrated government computer systems in 22 Texas municipalities in August, and in another, Louisiana's Governor had to declare a state of emergency following the deployment of ransomware against three Louisiana school districts.
This article has been reproduced in its original format from Lexology – www.Lexology.com.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.