House wraps up Cyber Week by passing two more security bills
The House of Representatives finished off Cyber Week by passing two more cybersecurity bills without serious opposition.
The Cybersecurity Enhancement Act of 2011, H.R. 2096 passed April 27 by a vote of 395 to 10, and the Advancing America’s Networking and Information Technology Research and Development Act of 2012, H.R. 3834 by voice vote.
The votes followed the April 26 passage of the more controversial Cyber Intelligence Sharing and Protection Act despite privacy concerns and a White House veto threat, as well as the Federal Information Security Amendments Act.
House passes CISPA, despite veto threat
The next step for the bills would be to move to the Senate, but they have not been introduced there yet, and the Senate is considering several cybersecurity bills of its own.
The Cybersecurity Enhancement Act would mandate the creation of security automation standards and checklists by the National Institute of Standards and Technology, which would be guidelines for agencies rather than requirements. NIST also would cooperate on the development of international security standards, as well as the standards for cloud computing.
Research provisions of the bills passed April 27 cover much of the same ground by amending the High Performance Computing Act of 1991.
The Cybersecurity Enhancement Act would create a risk-based strategic cybersecurity R&D plan to guide the overall direction of federal cybersecurity and information assurance research, and would provide grant funding for a number of research programs. It would provide $90 million in grants through the National Science Foundation for each of the next three fiscal years.
It also would extend the cyber scholarship for service program with up to three years of funding for graduate students in exchange for a commitment to work in government upon completion of degrees.
The plan would specify and prioritize near-, mid- and long-term objectives and focus on transformational technologies “with the potential to enhance the security, reliability, resilience and trustworthiness of the digital infrastructure, and to protect consumer privacy.” It also would encourage rapid technology transfer to the private sector.
The Advancing R&D Act would support large-scale, long-term, interdisciplinary research and development activities in networking and information technology with the potential for significant contributions to national economic competitiveness. Areas of focus in the research would include the interaction of cyber and physical systems and effective cloud computing.
CISPA, passed April 26, drew criticism not so much for what it did as for what it did not do. It would encourage the sharing of security information between government and industry in part by shielding companies from liability in the handling of that information. Opponents said it contained inadequate privacy and civil liberties protections. There also was criticism that it fails to address critical infrastructure protection.
“We are troubled House leaders blocked consideration of protections for critical infrastructure systems, ignoring the advice of our military and intelligence leaders as well as most cybersecurity experts,” Sens. Joe Lieberman, (ID-Conn.), Susan Collins, (R-Maine), Jay Rockefeller, (D-W.Va.) and Dianne Feinstein, (D-Calif.) said in a prepared statement. “These systems are at risk, which means the American people are at risk.”
A cybersecurity bill introduced in the Senate would address protection for these systems.