House Passes Cybersecurity Enhancement Act

April 27, 2012. The House passed HR 2096 [LOC | WW], the "Cybersecurity Enhancement Act of 2012" by a vote of 395-10. See, Roll Call No. 193. The Senate has not passed this bill, or the companion bill in the Senate.

Rep. Michael McCaul (R-TX) and Rep. Dan Lipinski (D-IL) introduced this bill in the House on June 2, 2011.

The House Science Committee (HSC) amended and approved the bill on July 21, 2011. See, story titled "House Science Committee Approves Cyber Security Bill" in TLJ Daily E-Mail Alert No. 2,268, July 24, 2011.

Title I of the bill pertains to cyber security research and development, and education.

Title II of the bill pertains to federal cyber security standards. It requires that the National Institute of Standards and Technology (NIST) shall "ensure coordination of Federal agencies engaged in the development of international technical standards related to information system security" and write for the Congress "a plan for ensuring such Federal agency coordination".

Rep. McCaul stated in the House that "China has already successfully stolen some of our biggest military secrets, such as information about the F 35 Joint Strike Fighter, the Department of Defense's biggest weapons program ever. Now they know the program well enough not only to copy it, but to guard against it. Similar attacks continue unabated on our military's computer systems. Hackers trick soldiers into downloading viruses onto their computers, after which every keystroke is recorded. Mr. Speaker, our military secrets are being stolen every day."

He continued that "it is part of China and Russia's national policy to try to identify and take sensitive technology which they need for their own development. In fact, they train and have a cyberwarfare college. The degradation of our national security and intellectual property from cybertheft threatens to weaken us where we have historically been strong. The NSA calculates that Russia and China have stolen $1 trillion in American intellectual property, the biggest transfer of wealth in history. Their philosophy is: Why invent when you can steal it?"

He stated that this bill gives the NIST "authority to set security standards for Federal computer systems and develop checklists for agencies to follow." He asserted that this "hardens our Federal networks ... and make them less vulnerable to such an attack".

He stated that this bill also "creates a Federal/university/private sector task force to coordinate research and development. It establishes cybersecurity research and development grant programs and improves the quality of our cyber workforce by creating a scholarship program."

Rep. McCaul also said that "it creates an education and awareness program for computer hygiene".

And, "it sets forth procurement standards for hardware and software that will minimize security risks. This will also have a ripple effect in the private sector so that they will also adopt such procurement standards".

Rep. Lipinski added that this bill "requires relevant Federal agencies to work with the National Science and Technology Council to develop a national strategic plan for cybersecurity R&D that sets priorities based on risk assessments, focuses on transformational technology, and strengthens technology transfer programs. It will build on infrastructure that we need to get the best ideas out of the lab and into the marketplace. And because people are perhaps the weakest link in many IT systems, the research strategy will include the social sciences to help us better understand how humans interact with technology."

Sen. Robert Menendez (D-NJ) introduced the companion bill in the Senate, S 1152 [LOC | WW], also titled the "Cybersecurity Enhancement Act of 2011", on June 7, 2011. It was referred to the Senate Commerce Committee (SCC), which has taken no action on this bill.