September 26, 2020

Volume X, Number 270

September 25, 2020

Subscribe to Latest Legal News and Analysis

September 24, 2020

Subscribe to Latest Legal News and Analysis

September 23, 2020

Subscribe to Latest Legal News and Analysis

US Senate Bill Passes, Seeking to Establish “Cyber Hunt and Incident Response Teams”

More than 500 United States schools (connected with 54 different education entities such as school districts and colleges) have been infected with ransomware during the first nine months of 2019, according to a recent report by cybersecurity firm Armor, making the education sector one of the leading ransomware targets, following only municipalities as the top ransomware target. We recently noted in this blog the NYS Education Department’s efforts to combat cyber threats against schools.

In a similar move — appearing to take notice of the continuing surge of cyber-attacks on schools, municipalities and other sectors — the US Senate recently approved the “Department of Homeland Security Cyber Hunt and Incident Response Teams Act of 2019”, bi-partisan legislation that directs the Department of Homeland Security (DHS) to maintain permanent “cyber hunt and incident response teams” to assist both government and private entities in their efforts to prevent and, when necessary, appropriately respond to cybersecurity attacks. To become law, the Act – introduced by Senators Maggie Hassan (D-NH) and Robert Portman (R-OH) — needs to pass the US House of Representatives and be signed by the president.

The Act requires DHS to maintain the cyber hunt and incident response teams for the following purposes:

  • Assisting asset owners and operators in restoring services following a cyber-incident;

  • Identifying potential cyber intrusions and cyber risks to partners;

  • Developing mitigation strategies to prevent, deter and protect against cyber threats; and

  • Providing recommendations to asset owners and operators for improving their network security.

“As cyber threats become increasingly common, it is crucial that everyone from the federal government to local governments … have the resources and support that they need to strengthen their cybersecurity,” Senator Hassan said. “This bipartisan legislation will allow the best minds in cybersecurity to work together to better protect our digital infrastructure and to respond to attacks.”

This is not the first time Senators Hassan and Portman worked together on cybersecurity legislation. In 2018, both the Hack Department of Homeland Security Act (Hack DHS Act) and Public-Private Cybersecurity Cooperation Act (PPCCA) were included in a package of bills that were signed into law.

The Hack DHS Act established a bug bounty pilot program that uses ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS information systems, while PPCCA requires DHS to establishes a disclosure program so that vulnerabilities in DHS’ information systems can be reported and fixed with greater efficiency.

In the coming months, we will watch the House to see how it addresses the Act, and will report in this blog as there is any further movement through the legislative process.

Jackson Lewis P.C. © 2020National Law Review, Volume IX, Number 315


About this Author

Frank J. Fanshawe, Jackson Lewis, Hospital Payment System Lawyer, public policy issues attorney

Frank J. Fanshawe is a Principal in the Albany, New York, office of Jackson Lewis P.C. His practice focuses on health care law and privacy and data security. He has 25 years of experience, including significant real-world legal and executive-level experience with a nationally recognized health insurer in the northeastern United States.

Mr. Fanshawe previously served as a senior adviser to the New York State Senate Health Committee chair on legislative and public policy issues in connection with New York's deregulation of the hospital payment...