From the Trenches: Cybersecurity Legislation

The landscape of cyber threats is constantly evolving and critical cyber infrastructure, programs, operations and policy is increasingly important. In response, the Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security (DHS), was created through legislation in November 2018.

Legislation on both the federal and state levels is imperative in order to ensure data privacy and thwart cyber war. In light of the most recent presidential election and subsequent cyber threats, cybersecurity has become an increasing focus for lawmakers. Coupled with an expected rise in data breaches, leaks and exposures in 2019, cybersecurity is top of mind for the 116th Congress and policymakers across the nation. As legislative sessions are in full swing, an increase in cyber laws are expected to be introduced.

Federal Legislation

During the 115th Congress, 2017 – 2018, thirty-one cybersecurity related bills were given committee consideration or passed one or both chambers. Out of those, five became public law.

1. Department of Energy Research and Innovation Act: the law establishes a Department of Energy (DOE) policy for science and energy research and development programs, and reforms National Laboratory management and technology transfer programs, as well as directing DOE to report to Congress on integrated research programs in cybersecurity and national security, among others.

2. John S. McCain National Defense Authorization Act for Fiscal Year 2019: the bill authorizes appropriations and sets forth policies regarding military activities of the Department of Defense, including cybersecurity matters.

3. National Defense Authorization Act for Fiscal Year 2018: establishes several cybersecurity efforts and new rules and programs related to information security; allows the President to define what “cyberwar” means; the Pentagon will reexamine the department’s internal organizational structure surrounding its cybersecurity related missions (SEC. 1641, SEC. 1644, and others); the National Science Foundation and Office of Personnel Management will launch a joint pilot scholarship program aimed at educating and recruiting talent directly out of universities.

4. FITARA Enhancement Act of 2017: requires the Chief Information Officer of each covered agency to conduct a risk management review of those investments that have received a high-risk rating for four consecutive quarters, among other things.

5. Strengthening State and Local Cyber Crime Fighting Act of 2017: authorizes a National Computer Forensics Institute within the U.S. Secret Service, which will disseminate information related to the investigation and prevention of cyber and electronic crime and related threats.


State Legislation

In addition to federal legislation, in 2018, at least 35 states, D.C. and Puerto Rico introduced more than 265 bills or resolutions pertaining to cybersecurity. More than 52 of those bills were enacted. Legislation addresses:

• improving government security practices
• providing funding for cybersecurity programs and initiatives
• restricting public disclosure of sensitive government cybersecurity information and
• promoting workforce, training and economic development.

With legislative session in full swing across the county, additional cyber laws on the state level will be more apparent in the coming months.

Keeping up with new and ever changing cybersecurity legislation is challenging. Make Winquest your trusted advisor to keep you up-to-date so you don’t get blindsided by new laws and regulations. For more information contact us at

Call or submit this form for a live response