WASHINGTON, D.C. – Today, the Cybersecurity Enhancement Act of 2011 passed the House Science, Space and Technology Committee, paving the way for consideration on the House floor. Introduced by Congressmen Dan Lipinski (D-IL) and Michael McCaul (R-TX), H.R. 2096 takes an essential step to secure our federal computer networks from espionage and our critical infrastructure from destruction. Senator Bob Menendez (D-NJ) has introduced companion legislation.
“Every passing day brings fresh evidence of the serious threat that cybercrime poses to individuals, families, businesses, government, and our national security,” said Congressman Lipinski, the Research and Science Education Subcommittee Ranking Member, who introduced the Cybersecurity Enhancement Act in the 111th Congress. “From breaches at financial, consumer, and computer security companies to the most damaging cyber attack on our military to date, this year has brought story after story that underlines the urgency of combating cybercrime. The Cybersecurity Enhancement Act will help ensure we have the highly skilled people and the cutting-edge research and technologies we need to protect not only our critical infrastructure and federal and military computer networks, but also the general public, which increasingly relies on the internet. It has been more than a year since the House passed this bill by an overwhelming margin, and in that time cybercrime has only gotten worse. I am hopeful that Congress will recognize that reality and pass this bill as soon as possible.”
The Act will help harden federal networks, spur research and development, build our American cyber workforce and enable the government, universities and private sector to collaborate more easily. In the 111th Congress, the bill passed the House by a vote of 422-5.
“The cyber threat is real and it’s here now. Domestic cyber threats are increasing at an alarming rate,” said Rep. McCaul, who co-chaired the Center for Strategic and International Studies’ (CSIS) Commission on Cybersecurity for the 44th President, which presented the report Securing Cyberspace for the 44th Presidency to President Obama detailing recommendations for securing the country’s government networks and critical infrastructure. “All of our critical infrastructure is tied to cyber networks, whether it be our utilities, power grids, financial institutions, or air traffic control system. Virtually every sector is vulnerable. I hope as with 9/11 we don’t turn a blind eye and have a denial of service attack before we address this issue.”
“Importantly, this bill seeks to enhance U.S. economic and national security without layering prescriptive regulations on U.S. businesses,” said R. Bruce Josten with the U.S. Chamber of Commerce, which urges passage of the legislation.
The Cybersecurity Enhancement Act incorporates several key recommendations of the CSIS Commission report.
Improves Coordination in government: Gives the National Institute of Standards and Technology the authority to set security standards for federal computer systems and develop checklists for agencies to follow.
Improves Coordination outside of government: Creates a federal-university-private-sector task force to coordinate research and development.
Improves R&D: Establishes Cybersecurity research and development grant programs.
Improves quality of cyber professionals: Creates scholarship programs at the National Science Foundation that can be repaid with federal service. Requires the President to conduct an assessment of cybersecurity workforce needs across the Federal government.
H.R. 2096 is fiscally responsible. It is intended to work within the boundaries of funds already authorized and appropriated to the National Science Foundation and the National Institute of Standards and Technology.
Congressional hearings on cybersecurity have revealed most federal agencies have been hacked into, and that the federal government is under threat of cyber attack on a daily basis. Many attacks are classified as espionage with foreign countries stealing government information. One data dump was equivalent in size to the Library of Congress. Other attacks are believed to have been attempts to shut down federal networks and cause harm.