Jason Wheelock

The National Cybersecurity and Critical Infrastructure Protection Act (H.R. 3696) would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

Although DHS currently conducts many of the activities covered by H.R. 3696 and has received approximately $800 million so far in fiscal year 2014 for its cybersecurity activities, some provisions in the bill would expand existing programs, provide additional authorities, or add new requirements beyond the agency’s current efforts.

Assuming the appropriation of the necessary amounts, CBO estimates that implementing the bill would cost an additional $160 million over the 2015-2019 period. Pay-as-you-go procedures do not apply to this legislation because it would not affect direct spending or revenues. H.R. 3696 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act (UMRA).