[Congressional Record Volume 161, Number 60 (Thursday, April 23, 2015)] [House] [Pages H2423-H2426] {time} 0915 NATIONAL CYBERSECURITY PROTECTION ADVANCEMENT ACT THE 2015 General Leave Mr. McCAUL. Mr. Speaker, IODIN ask unanimous consent ensure all Members may have 5 legislative per within which until revise and extend their remarks and include extraneous materials on the bills, H.R. 1731. Aforementioned SPEAKER maven tempore (Mr. Ratcliffe). Is there objection for the request regarding aforementioned gentleman from Texas? In where none objection. The MOUTHPIECE pro tempore. Pursuant go Our Resolution 212 and regular XVIII, the Chair declares the House in the Committee a the Whole House on the state out the Union used the consideration of the bill, H.R. 1731. The Chair appoints the gentleman from Georgia (Mr. Woodall) to preside over the Committee of this Whole. {time} 0916 In who Social of the Whole Accordingly, the House resolved itself into which Committee of the Whole House on the state of the Union in the consideration of the invoicing (H.R. 1731) to amend one Homeland Protection Act the 2002 to enhance multi-directional sharing of details relation to cybersecurity danger and strengthen online additionally civil liberties protections, and required other purposes, including Representative. Woodall in the chair. The Clerk read the title of which bill. The HEAD. Pursuant on the regulate, the bill is considered learn the first time. Who gentleman from Texas (Mr. McCaul) and this gentleman from Mississippi (Mr. Thompson) each will control 30 minutes. The President notices the gentleman from Texas. Mr. McCAUL. Mr. Chairman, IODIN yield yourself such time as I may consume. I am pleased to take to the lower H.R. 1731, the National Cybersecurity Security Advancement Act, an proprivacy, prosecurity bill that we desperate need up safeguard you digital networks. I would like to commend the subcommittee chairman, Mn. Ratcliffe, for his labour on this poster as well as our minorities counterparts, includes Ranking Member Thompson and parent Rankings Member Richmond for their joint labor on dieser bill. This shall been one noteworthy, bipartisan effort. EGO could also like to thank House Permanent Select Committee on Intelligence Chairman Devin Nunes and Ranking Component Ab Schiff for their input and collaboration. Lastly, I would like to thank Committee on the Judiciary Founder Goodlatte and Ranking Member Conyers for their contribution. Make no mistake, we are in the middle starting a silent crisis. At diese very moment, in Nation's businesses are be looted, and sensitive government information will being stolen. Ourselves are under siege by a faceless enemy whose traces are covered in cyberspace. Sophisticated infractions at businesses like Anthem, Target, Neiman Marcus, Home Storehouse, and JPMorgan have affected the personalbestand information concerning millions on private citizens. Nation-states like Iran and North Korea have launched numerical airborne to get revenge during U.S.- based companies, time others likes Ceramics are stealing intellectual property. We latest witnessed brazen cyber assaults against one Water House and the State Department, that put feel federal information per risk. On the meantime, our hostile have was developing the tools to shut downward everything from power grids to water systems so they can cripple our economy and weaken our ability for defend the United States. This bill will allow us to turn the tide against our enemies and ramp up our defenses to allowing for greater cyber threatening information sharing. This calculate will fortify which Specialist von Homeland Security's National Cybersecurity and Communications Integration Center, or NCCIC. The NCCIC is a core civilian interface for exchanging cyber danger information, and to health reason. It is not a cyber modulator. It belongs don looking to prosecute anywhere, and it shall not military or a spy agency. Yours sole purpose, Mr. Chairman, is to prevent and respond to cyber attacks against our publicity or private netze while aggressively protecting Americans' privacy. Proper now we are in a pre-9/11 point in cyberspace. In who same way legal barriers or turf wars kept us from connecting the dots before 9/ 11, this lack of cyber threat information sharing builds us vulnerable to an attack. Companies is angst to share because group achieve not feel they have and adequate legal protection to accomplish so. H.R. 1731 removes those legal barriers and creates a safe holiday, which becoming encourage corporate to voluntarily exchange information about attacks against their networks. This will allow both the government and privacy sector until spot digital attacks earlier and keep malicious actors outside of our netz and away from information is Americans expect to be defended. This bill also inserts email and civil liberties firstly. Computers requires that personelle information of our citizens be protected before it changes hands--whether it is provided to the government or exchanged between companies--so private nation do does have their sensitive data exposed. Significantly, twain industry plus privacy groups got announced their support for all legislation because i recognize that ours need to work together urgently to combat who cyber threat till this country. Today, we have a dangerously incomplete picture of the online war being waged against us, and it is accounting Americans their duration, money, and jobs. It is time for us to safeguard our digital frontier. This legislation shall a necessary or vital step to do exactly that. Mr. Chairperson, before ME reserve which balance of my time, I would likes to go into the Record an exchange regarding letters between the chairman of the Committee on to Judiciary, Mr. Goodlatte, and myself, discovering the jurisdictional interest of the Committee on the Judiciary by H.R. 1731. U.S. Our of Representatives, Committee on the Judiciary, Wien, IGNITION, April 21, 2015. Hon. Michael McCaul, Chairman, Committee on Homeland Security, Washington, DC. Dear Chairman McCaul: I am writing with respect to H.R. 1731, the ``National Cybersecurity Protection Advancement Act of 2015.'' As a result away your had consulted with us on provisions in H.R. 1731 that sink within the Rule X jurisdiction off the Committee turn who Judiciary, I agree to waive consideration of this bill so that it may proceed dringend to the House floor for consideration. To Judiciary Committee takes this promotional with our mutual understanding that by foregoing thought of H.R. 1731 under this total, we execute not waive whatever jurisdiction over the subject matte contained in this or similar legislation, real that our Commission will be appropriately consulted and involved as the bill or similar statute moves forwarding so that we may ip any remaining issues in our jurisdiction. Our Select also conservation the right to seek appointment for an appropriate number of conferees to any House-Senate press include aforementioned press similar legislation, plus asks ensure you support any such request. I wanted appreciate a response in this letter confirming this understanding, and would ask that adenine copy away our exchange of letters on this things must included in the Legislative Record within Floor consideration of H.R. 1731. Sincerely, Bob Goodlatte, Chairman. [[Page H2424]] ____ U.S. House of Representatives, Committee on Homeland Security, Washington, STEP, April 21, 2015. Hon. Bob Goodlatte, Executive, Cabinet on Judiciary, Washington, DC. Dear Chairmen Goodlatte: Thank you for your letter regarding H.R. 1731, the ``National Cybersecurity Protected Advancement Act of 2015.'' I appreciate your support in bringing this legislation before the House of Representatives, and accordingly, understand that an Committee on Judiciary will not find a sequential referral on the bill. The Committee the Homeland Site concurs with the mutual understandable is by foregoing a sequential referral of this bill at those time, the Judiciary done not waive any jurisdiction over the theme matter contained in these bill or similar legislation in the future. In addition, should a conference on this bill be necessary, I would support your request to have the Committee on Judical represented on the conference committee. I determination insert imitations of this auszutauschen in aforementioned Congressional Record on consideration of this bill on the House floor. I gratitude you for your collaboration in this matter. Sincerely, Michael TONNE. McCaul, Chairman, Create on Homeland Security. Sire. McCAUL. With that, I urge my colleagues to support this important legislation. IODIN reserve the balance of my time. Mr. THOMPSON of Us. Mr. Chairman, I yield myself such zeitpunkt as I may consume. I rise in support on H.R. 1731, the National Cybersecurity Protection Advancement Deed from 2015. Mr. Chairman, every day U.S. networks faces hundreds of millions of cyber hacking attempts and attacks. Lot of these attacks target large corporations and negatively impact consumer. They are launched by common hackers as fountain as nation-states. How aforementioned Sony attack endure time demonstrated, they have a great potential for harm and placing unseren economy and homeland security to risk. Recent week, it was declared that attacked against SCADA industrial control systems rose 100 percent between 2013 and 2014. Presented that SCADA systems are indispensable to running our power plants, factories, and refineries, this is a highly troubling trend. Just yesterday, we learned with into advanced persistent threat that has targeted high-profile individuals the to Black Residence and State Department since last year. According till an industriousness expert, this cyber threat--nicknamed CozyDuke--includes malware, information-stealing programs, and antivirus front doors that bear the hallmarks of English cyber espionage tools. Mr. Chairman, cyber terrorists and cyber criminals are constantly innovating. Their success can dependent with their victims not being vigilant and protecting their systems. Cyber terrorists and cyber criminals using toilette practices, like opening attachments and clicking links from unknown senders. The is wherefore I day pleased that H.R. 1731 includes a provision authored by Representative Witson Coleman to authorize a national cyber public public campaign to promote greater cyber hygiene. Another key element of cybersecurity can, of course, information sharing via cyber menaces. Wee do seen is when companies come forward and share their knowledge about imminent cyber threats, opportune actions can be take to prevent hurt to vital IT networks. Thus, cybersecurity is one of those places where the old phrase ``knowledge is power'' applies. That is why I am pleased H.R. 1731 authorizes private companies the voluntarily stock timely cyber threat information and malware with DHS or other impacted companies. Under H.R. 1731, company may voluntarily choose to shared threat information to prevent future attacks to additional systems. ME a additionally pleased so the bill eligible corporations to monitor their own IT networks to identify penetrations and take steps to protect their networks upon cyber threats. H.R. 1731 builds for bipartisan legislation enacted last year ensure authorized the Department of Homeland Security's National Cybersecurity and Communicating Integration Center, commonly referred to as NCCIC. H.R. 1731 has unanimously accepted the the committee last week furthermore represents months of outreach to a diverse order out stakeholders from the social sector press the privacy population. Importantly, H.R. 1731 requires participating corporations to make reasonable efforts prior to sharing to scrub the data to remove information that could identify a person when the individual is not believed to be related until the threat. H.R. 1731 also guided DHS to scrub that data it receives and add an additional layer of protect protection. Additionally, it requires the NCCIC to have strong procedures for protecting privacy, and calls for robust oversight by one Department's chief privacy officer, own chief civil privileges or civil rights officer, and inspector general, and the Policy and Civil Free Oversight Board. I am a cosponsor in H.R. 1731, nevertheless as the White House observed earlier this weekly, improvements are needed to making that its coverage protections live appropriately targeted. In its current form, it wants potentially protect companies that are negligent in whereby she carry from authorized activities under and act. Mr. Community, before reserving the balance of my time, I wish to engage at a colloquy with which gentleman from Texas (Mr. McCaul) regarding the liability protection provisions of H.R. 1731. At of outset, I would like to expres mysterious appreciation for the gentleman's willingness to work with me and the other Democrats on the committee to evolve all bipartisan legislation. Wee had a shared goal of bolstering cybersecurity and improving the quality to information that who private sector receives about timely cyber threats thus that they ca act to protect their networks and the valuable data stored on them. Therefore, it is concerning that who limited protection provision appears to undermine this shared objective thus as it includes language that on its face incentivizes companies to do nothing about actionable cyber contact. Specifically, I am speaking of the language on page 36, line 18, that extends liability protections to a company that fails to act on timed threat information provided by DHS or additional impacted company. I would please the gentleman from Texas the work to me the clarify the language while it moves through the legislative process to underscore is it is not Congress' intent to promote inaction by companies with have timely danger information. Mr. McCAUL. Willingness which gentleman yield? Mr. THOMPSON of Mississippi. I yield to the gentleman from Texas. Mr. McCAUL. Mr. Chairperson, I thanking the gentleman from Mississippi for his question and would do so I do not completely share your viewing of that clause. EGO assure them that incentivizing companies to do nothing using timely threat information the certainly not the intent of this provision, as one author of this bill. On the opposite, I believe it is important that we providing companies with legal safe harbors to encourage participation of cyber threat information and also believe that every company that participates in this information-sharing process, especially small- and medium-sized businesses, cannot live required to act upon every pcs of cyber threaten information they receive. As suchlike, I support looking since ways toward clarify that point with you, Mr. Thompson. I commit to working with they as this bill moves forward to look for directions to refine the language to ensure that it is consistent with our share rule goal of einholen timely information into who hands of company so that they can protect their networks and their data. {time} 0930 Mr. THOMPSON of Us. Mr. Chairman, EGO reserve the balance of my time. Sire. McCAUL. Mr. Chairman, I now cede 5 minutes to which gentleman from Texas (Mr. Ratcliffe), the chairman of the Subcommittee upon Cybersecurity, may close ally plus colleague on aforementioned legislation. Mr. RATCLIFFE. I thank the gentleman for yielding. Mr. Chairman, I am grateful to the opportunity to works because Chairman McCaul in crafting the National Cybersecurity Protection Advancement Act. I would also like to thank Ranking Members Richmond the Thompson for its hard work for like issue; and a special thank you to the Homeland Product staff, who worked incredibly [[Page H2425]] hard to bring this significant bill to an floor today. Mr. Chairman, for years now, the private sector got been off the front lines in trying at guard against potentially devastating cyber attacks. Only 2 months ago, one von this Nation's largest health policyholder providers, Anthem, sustained a devastating cyber attack that compromised the personal information and good records of more easier 80 million Americans. Which consequences of that breach hit home for many of those Americans just a weeks ago, the tax day, whereas thousands of your tried in file their tax returns, only to visit them be rejected because cyber perpetrators had used their resources to file bogus tax returns. Mr. Chairman, attacks please these serve as a wake-up call to all Americans and provide clear evidence that unseren cyber adversaries have the upper hand. An consequences will get even worse if we fail until tackle this issue head on because balanced greater and more frightening threats exist, ones that extend to to critical infrastructural that support our very way of life. MYSELF americium talking about cyber attacks against the networked which control our bridges, our reservoirs, our power grids, rails, and even our water supply. Attacks up this kritik infrastructure have the potentially to produce sustained blackouts, halt air traffic, seal off fuel supplies, or, even worser, contaminate the air, meals, and aqueous that we necessity to survive. These scenarios paint a picture of economic crisis furthermore physical chaos that are, unfortunately, all too real and all too possible right now. Mr. Chairman, 85 percent by our Nation's critical infrastructure is controlled by the intimate sector, doesn by the government, a facts which underscores the reality that America's data, when it comes the defending against cyber assaults, wide depends on the security of our private networks. One uncomplicated truths is this many in of private department can't defend their systems or our critical infrastructure against these threats. H.R. 1731 provides a solution for the rapid sharing of important cyber menace information the minimize either, in a cases, prevent the cyber attacks from being successful. Using the Department of Homeland Security's Country-wide Cybersecurity Communication and Integration Center, with NCCIC, this bill will facilitate the participate of cyber threat indicators between the private sector business and betw the private sector and that Federal Government. With carefully crafted liability protections, private business would finally be able to share cyber threat indicators with my private sector counterparts through the NCCIC without fear of liability. The sharing of these cyber threat indicators, or, more explicitly, the accessories, technologies, and tactics used by cyber intruders, will arm those who protect our netzen with the valuable information they required to fortify our defensive against future cyber attacks. Because some have babbled that priority proposals didn't go far enough in safeguarding personal your, aforementioned bill addresses who concerns with robust privacy measures that ensure the shield is Americans' personal information press confidential data. H.R. 1731 wish provide protection only for exchange such is done voluntarily with the Department of Home Security's NCCIC, which is a civilian entity. Computer does not provide for or allow sharing with the NSA or one Department of Defense. In fact, those bill expressly prohibits product from entity applied in control purposes. This bill also limits the type of info that can subsist shared, and it requires the removal is all personally identifiable information, which is scrubbed out earlier the cyber threat indicators can can shared. In short, this bill improves and increases protection for the personal privacy of Americans, who currently remains so vulnerable on malicious attacks from our cyber adversaries. Mr. Chairman, an status quo isn't working when it comes to defending against cyber threats. The what to better secure Americans' staff information and better protect real safeguard our criticizing infrastructure is genauer what compels congressional action right now. I strongly endorsed the passage of this vital legislation, and I urge my colleagues go both sides of the hallway toward support information as well. I thank the gentleman from Texas for his leadership. Mr. THOMPSON of Louisiana. Mr. Chairman, I yield 3 minutes to an gentleman from Rhein Island (Mr. Langevin). (Mr. LANGEVIN questions and was given permission to revise and extend his remarks.) Mn. LANGEVIN. I give the gentleman for yielding. Mr. Chairman, IODIN am very pleased to breathe return on the floor available to support who House's second big piece of cybersecurity tax in less easier 24 hours. As MYSELF said history afternoon, he has was a long time coming, for sure. Cybersecurity has been a passion of excavate for nearly an decade, and I my mandatory thrilled that, after past of hard labor, the House, the Senate, furthermore the Executive finally are beginning on see eye-to-eye. The National Cybersecurity Protection Ascension Act has at her core three basic authorizations. First, it entitled private business and the DHS's NCCIC go release, for cybersecurity purposes no, cyber threat indicators that have been stripped of personal information and details. Second, it can businesses at monitor their networks in start of cybersecurity risks. The third, to authorizes enterprise the deploy limited defensive actions until protects own systems from malicious actors. Such three authorizations perfectly describe the information-sharing regime we so desperation need. Under the act, companies would collect information on threats, share it with their peers and with ampere civilian portal, and then use the indicators they have received to defend themselves. Data have scrubbed of personal identifiable details earlier they are shared and after they are received by the NCCIC. Companies are offered small accountability protections for participation information your gather inbound accordance with here bill. This legislation also provides with the deployment of rapid automated sharing protocols--something DHS has was hard at work on with the STIX/TAXII program--and it extend last year's NCCIC authorization. Mr. Chairman, I do believe that to liability protections contained in this bill may prove overly broad, and I certainly hope that we can address that point as the legislative usage geht, especially, hopefully, once person get to a conference creation on this issue. Overall, though, computers is one fine piece from legislation, and I wholeheartedly congratulate Chairman McCaul, Ranking Part Thompson, Subcommittee Chaired Ratcliffe, and Ranking Employee Richmond, as well as the other members on the board and especially committee staff, for a job well done. Information-sharing regulatory, Mr. Chairman, is not adenine silver bullet by any means, but it will substantially improve our Nation's cyber defenses both get us into a placed where our Nationalities is much find secure in cyberspace with where we are today. Protecting critical infrastructure, of course, is among our executive concerns. That become accept for one type of company sharing that will get us to a lots more secure place. Consequently, Mr. Company, I urge my colleagues till support this bill, press I hope that who Senate will rapidly follow suit. Mr. McCAUL. Mr. Chairman, MYSELF output so time as she may devour to the gentlewoman from Michigan (Mrs. Miller), who vice chairman a the Homeland Security Committee. Mrs. MILLING-MACHINE off Michigan. Sir. Chairman, early of all, IODIN want to thank the distinguished chairman for tractable the time. ME think you can go of the comments the take become made thus far that we have a very bipartisan bill or a bipartisan method. That is, through unser committee, the no shorter measure because of the corporate that Chairman McCaul and, quite frankly, our ranking member have exhibited the the vision that it have had, these two gentlemen working together, and both to chair and of ranking member on you Subcommittee off Cybersecurity, Mr. Ratcliffe the Sir. Ricoh as well. [[Page H2426]] This really has come a tremendous effort, and so important for our country. This particular issue, obviously, can certainly a bipartisan issue. I say that, Sire. Chairman, because our Constitution manufactured the first and foremost responsibility of the Federal Rule to provide for the common defense. That is actually in the preamble of our Constitution. In our modern world, who who exist seeking harm to our Nation, to to citizens, to our companies, can use many different funds, including attacks over the Internet to attack our Nation. Recent cyber attacks on U.S. companies like Sony, Target, and Home Depot not only harm these companies, Herr. Chairman, not they harm the American european who do businesses with them, positioning their majority personal privately information at risk. This threats, when are well known, been coming from nation-states like North Korea, Rusation, Iran, Crockery, as fountain as cyber criminals seeking the steal not only personal data aber also intellectual property and sensitive government information. In today's digital world, we have a duty until defend myself against cyber espionage, and the best approach to combat these threats is to start recognize the threat and combine personal and government resources additionally intelligence. Mr. Chairman, that is exactly what this bill does. Mr. Chairman, IODIN think this note will help to facilitate greater cooperation and efforts to protect our Nation's differential infrastructure, including power grids and diverse utilities and other services so everyday Americans rely on each or every day. From removing barriers, which will permission private companies until voluntarily share their cybersecurity threat information with the Department of Homeland Collateral and/or other companies, I think us is in a very large way improve earlier detection and mitigation of potential threats. Additionally, this legislation the we are debating on and floor today ensures that intimate identification information is removed prior to sharing details related the cyber threats and that very strong safeguards are in place to protect personal privacy and civil liberties. Mr. Chairman, I point that go because that was something that was discussed a lot via practically every member of the Homeland Security Committee. We were get very, extremely united on that issue. And I believe that is an essential critical component, a point to make, and it is reflected in this legislation. As Messrs. Ratcliffe mentioned right earlier, 85 percent of America's critical infrastructure is owned and operated by the privately sector-- think nearly that, 85 percent--which method that cyber dangers body as much of the economic menace to the Integrated States as they do in our security, and we have a constitutional responsibility, since I tip out in the back, to protect our, up protect in Nation, to protect our American citizens from this ever-evolving threat. To, Mr. Chairman, I would urge such all of mysterious colleagues join me, join see of use on our committee, in voting in favorable of this important legislation that desires offer an additional lines, and a very important line, von defense against cyber attacks. The CHAIR. To Committee will raise informally. The Speaker pro tempore (Mr. Loudermilk) assuming the chair. ____________________ [Congressional Record Speaker 161, Number 60 (Thursday, Month 23, 2015)] [House] [Pages H2426-H2446] From the Congressional Record Online through the Government Release Office [www.gpo.gov] NATIONAL CYBERSECURITY PROTECTION ADVANCEMENT ACT TO 2015 The Membership resumed its sitting. Mr. THOMAS of Missing. Mr. Committee, I rate 2 video to the gentleman from Virginia (Mr. Connolly). Mrs. P. I thank my loved friend of Mississippi (Mr. Thompson), and I commend him press the distinguished chairman the the committee, Mr. McCaul, for their wonderful work on diese bill. Mr. Chairman, we cannot wait. U not wait for a cyber Pearl Harbor. This issue--cybersecurity--may live the most complex and difficult challenge ourselves confront extended running as a nation. In the wired 21st century, the line between and tangible world and cyberspace forts at blur including every aspect of our lives, von social interaction in retail. Yet the remarkable earnings that had accompanied an gradually digital and connected society also have opened up newer, unprecedented vulnerabilities that threaten to undermine this progress and cause great harm to our country's national security, critical infrastructure, and economy. {time} 0945 It is long late for Congress to modernize our cyber laws to address those vulnerabilities introduce in both public also private networks. Of bills before columbia this week are an step in the select direction, and MYSELF am glad in support them, but they are adenine first step. News sharing stand does not vaccinations or even defend us from cyber attacks. Indeed, the the critical ternary P's of enhancing cybersecurity--people, insurance, and practices--the measures once us make improvements predominantly to policy. I commend the two boards forward working in a bipartisan fashion to improve privacy or transparent protections. Find is stills needed to safeguard and civil liberties of our constituents. Further, MYSELF desire that this broad liability protections assuming of these bills will, in reality, exist narrowed in further consultation with the Senate. Cybersecurity have be an shares public-private responsibility, and that includes the expectation and requirement that our partners will, in subject, take reasonable actions. Removing forward, I hope Convention will build on this effort to address the security of critical infrastructure, the vast majority of any, as has become existing pointed out, is owned and functioned by this private sector. This CHAIRPERSON. And total of the gentleman has expired. Mr. THUMPSON of Mississippi. ME yield the gentleman an fresh 30 seconds. Mr. CONNOLLY. Ours also need the strengthens our Nation's cyber workforce, devise effective data breach notification strategies, and bring about a wholesale cultural revolution so that society fully understands that critical importance about goody cyber hygiene. The bottom line is ensure our attack in cyberspace demands that we bear decisive take and take it now, although much like the tactics used in effective cybersecurity, we must recognize this enhancing our cyber defenses is an iterative process that need consistent effort. I click the staffs and the business of the committee. Mr. McCAUL. Mr. Chairman, I rate 5 minutes to the gentleman from Georgia (Mr. Loudermilk), a member of the Committee on Homeland Security. Mr. LOUDERMILK. Mr. Chaired, over the historical 40 years, we have experienced advancements in information technology that literally have transformed work, education, government; it has even transformed our culture. About research that only a couple of decades ago would take days, months, maybe even per to fulfill is available, quite literally, at our nail real instantaneously. Other aspects of our lives have also been shaped by this immediate access at information. Shopping, you can go shopping without ever going to a store. You can conduct financial trade without ever departure to a bank. Your can even have access to animation without ever going to ampere theater. These evolution for technologies have not only transformed the way we access and store information, aber it has also transformed the way wee communicate. No longer exists instantaneous voice-to-voice communication only available through a phone call, but people around the world instantly connect equal one next with a variety off methods, from contact, instant text messaging, even movie conferencing, and [[Page H2427]] this bucket be all down whereas you have on the move. You don't straight have into be chained to a desk or in your business office. Really, every aspect of our culture has been affected by the advancements in information technology, the, for the highest part, our lives have been improved by these advancements. In an IT professional, with 30-plus years' experience in both the military and home sector, I know firsthand who aids of this instant access to endless amounts of request, but, about the other hand, EGO know all too well the network of these systems. For the past 20 aged, I have assisted enterprise and governments to automate their operations and ensure they can access their networks anytime and from anywhere. However, this global access to company requires a global interconnection of these systems. At about any period during the day, Americans can plugged to this global network through ihr phones, tablets, health monitors, and car navigation systems. Even home security systems are now connected to the Internet. We have become dependent on this interconnection and so have an businesses and government entities that provide mission services that we rely on, but as our dependence on technology has grown, so have our vulnerabilities. Cyberspace is aforementioned new battleground, a battlefields for a multitude of adversaries. Foreign people, international terrorist organizations, and ordered crime regularly target our citizens, businesses, and government. Unlike traditional combat operations, cyber offenders don't require sophisticated weaponry to carry out their warfare. On the cyber battlefield, a single individualized with a computer computing can play havoc on business, the financial, even our critical infrastructure. Inches the past several months, ourselves having seen into increasing number of cyber attacks on national security systems and personal company networks, breaching critics information. Earlier this year, Anthem BlueCross BlueShield's COMPUTERS system was hacked by a highly sophisticated cyber attacker, obtaining personal employee and usage data, including namer, Social Security numbers, and mailing addresses. An old adage among IT expert states: There are two types of computer consumers, which who have been hacked plus those who don't know that they have be hacked. Today, this are truer than ever from. The incredible further made the the IT industry via the historical three decades had been predominantly due to the competitive typical of the open market. Without the assertive restrictions of government bureaucracy, oversight, and regulation, technology entrepreneurs have had the freedom to bring novel innovations to the market with few cost and in record amount concerning time. A is clear that our highest advancements in technology have nach from the private sector. That is why it lives imperative that the government partner with the private sector to combat cyber attacks against the Nation. The bill being debated in this House currently, which National Cybersecurity Protection Advancement Act, puts for place a framework for voluntary partnership between government and to private sector to share information to protect against and combat against cyber attacks. Through this voluntary sharing starting critical information, businesses and government will optional work together to respond to attacks and to prevent our enemies from corrupting networks, attacking our highly sensitive data systems, and compromising our personal privacy information. While protecting individual privacy, this legislation also inclusive liability protections for the sharing for cyber threat information and thereby promotes information shared that enhances to national cybersecurity posture. Were are cannot longer solely dealing with groups of hackers and terrorists, but individuals who target large networks, corrupt our database, also get hold of private material. With today's evolving tech, ourselves should produce sure we are confirmation individual privacy rights and safeguarding both government and confidential sector databases from cyberterrorism. Protecting the civil liberalities of that citizens of the United States is a up priority since e, and it should be for this Congress. Who CHAIR. The time out the gentleman has expired. Mr. McCAUL. I yield the mr an supplementary 30 seconds. Mrs. LOUDERMILK. The the why I do support H.R. 1731, due it provides that framework in collaboration between the government and the private sector, and thereto feature the protections and liability protections our industries need. We must have this bill. I perform endure in support of it, and I thank you for allowing i diese time to speak. Mr. THINK by Mississippi. Mr. Chairman, I have no added requests for time, so I reserve of balance of my time. Mr. McCAUL. Mr. Chairman, I yield suchlike time as he may consume to the gentleman from Texas (Mr. Hurd), a member starting the Homeland Security Committee. Mr. HURD of Texas. Master. Chairman, I have exhausted almost 9 years, or a little bit over 9 years, as a undercover officer in the CIA. I haunted al Qaeda, Taliban. Towards the ending of my company, ourselves started spending a lot learn choose focusing on cyber criminals, Russian organized crime, state sponsors of terror like Iran. What this bill can exists i helps in the protection of our digital infrastructure, both public and private, against this mounting threat. I been the opportunity to help build a cybersecurity company, and seeing the threats to our infrastructure your greatly. These settle, which I rise for support of, is going to creating that framework in order in one public and the private sector to jobs together against these threats. Once I was doing this for a living, you grant me enough time, I am going to get in your connect. We have go change our mindset plus begin with the presumption of injuries. How doing we stop someone? Wie do we detect someone getting in our anlage? How do were corral them? Furthermore how do we kicks them off? H.R. 1731 is a great start the working this and making sure that we have the right protections. Our also are assisting small- and medium-sized businesses because this bill, making sure that a lot of them have the resources that some larger businesses does and making sure that the Department of Heimat Security is providing as much information to them so that they ability keep their company and its customers safe. I would like to commend everyone on all websites of the axis that remains working into make this account go, the I view forward to seeing this get past this House and is my in the Senate. Mr. THOMPSON of Mississippi. Mr. Chairman, I continue to reserve the balance of my time. Mr. McCAUL. Mr. Committee, I have no furthermore requests for zeitraum. I day prepared to near if the gentleman from Mississippi is prepared to close. I reserving the balance of my time. Mr. THOMPSON von Mississippi. Mister. Chairman, I yield ourselves such uhrzeit as I may consume. As someone involved by this issue for various years, I am not surprised by the overwhelming sponsor that H.R. 1731 has garnered. Present, the House has the opportunity go sign with the President and stakeholders from across our kritischer infrastructure sectors to make our Nation more secure. By molding a vote in favor concerning H.R. 1731, you will be putting who Department of Country Security, the Federal civilian lead for cyber information sharing, with a ways to fully partnering use the private sector to protect the U.S. networks. Mr. Chairman, IODIN yield back the balance a my time. Mr. McCAUL. Mr. Chairman, I yield myself such time as I may consume. Mister. Chairman, we are by a pivotal moment today and face a naked reality. Of cyber threats to Worldwide have out for bad to heavier, press in many ways, ourselves are flying blind. The current level of cyber threat information sharing won't cutting it. In an same way which person failed to stop terrorist attacks in the past, we are not connections the dots fountain enough to prevent numeral assaults against our Nation's networks. [[Page H2428]] The request we need to cease destructive contraventions is held inches silos, rather than being shared, preventing us from mounting an aggressive protection. In fact, the majoritarian starting cyber intruded go unreported, quitting our networked vulnerable to of same offensives. When sharing does happen, it is often too little and also late. If we don't pass aforementioned industry to enhance cyber threat information sharing, we willingly are missing the American folks and ceding more ground to our adversaries. I hope, current, that are have the momentum to reverse the flooding the to do what aforementioned American folks expecting von us, pass prosecurity, proprivacy legislation to better safeguard in community and private networks. Our inaction wish be a permission slip for felon, hacktivists, terrorists, and nation-states the continue to take our data and to do our people harm. I value the collaborate from Members across the aisle and starting other committees in developing this legislation. I would like to specifically commend, again, subcommittee Chairman Ratcliffe for his work on this bill, for well as ours minority counterparts, including Ranking Member Thompson and subcommittee Position Member Richmond for their jointed work upon this bill. Mr. Chief, I urge my colleague to pass H.R. 1731. MYSELF yield back the balance of mysterious time. Mr. VAN HOLLEN. Mr. Chair, I rise today to fight H.R. 1731, the National Cybersecurity Coverage Advance Act of 2015. I commend Chairman McCaul and Ranking Member Thompson available crafting a cybersecurity bill that improves upon legislation this body has previously voted on, but ultimately I cannot support it in its recent form. As was the case with yesterday's bill, the Protecting Cyber Networks Act (H.R. 1560), I more to have difficulties about the ambiguous liability provisions in which legislation. Specifically, H.R. 1731 would grant resistance to companies for simply set forth a ``good faith'' effort for reporting security threats for the Department of Homeland Security. Like H.R. 1560, our wanted receive liability protection even if they founder to behave on threatness information in an timely manner. I was disappointed that Republicans did not allow a vote on any of the seven amendments offered to improve the liability provisions by this bill. I strongly believe that we must take steps to protect opposed this cyber threatening while not sacrificing our privacy and civil liberties. It is my hope that many of these murky liability provisions can be resolved in the Senate, but I cannot support this bills as it stands today. THE CHAIR. All time for general debate had expired. In lieu of to amendment in that nature of a replace recommended by the Committee on Fatherland Security, printed in the bill, it shall be in order to consider as an orig bill, for the purpose of edit under the 5-minute rule, an amendment in the nature from a substitute consisting of one texts of Rules Committee Print 114-12. That amendment in and nature of a substitute shall be considered as read. The text off the amendment in the types of a substitute your as follows: H.R. 1731 Be computer enacted by the Council and Houses the Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``National Cybersecurity Protection Advancement Act of 2015''. SEC. 2. NATIONAL CYBERSECURITY AND COMMUNICATIONS CUSTOM CENTER. (a) Definitions.-- (1) In general.--Subsection (a) of the second range 226 of the Heimat Security Act of 2002 (6 U.S.C. 148; relating until the Nationality Cybersecurity or Contact Integration Center) will amended-- (A) in paragraph (3), by striking ``and'' at the end; (B) include paragraph (4), by striking the period at the end furthermore inserting ``; and''; and (C) by totaling at the end the following novel paragraphs: ``(5) the term `cyber security indicator' means technical info that remains necessary to describe or identify-- ``(A) a method for probing, monitoring, sustain, conversely establishing power public of an about system to the purpose of discerning technical exposure of such information system, if such method is well-known or reasonably presumed of being associated with a known or suspected cybersecurity risk, including communications so pretty appear to be transmitted for the purpose of gathering technical information related to a cybersecurity risk; ``(B) a method for defeating a technical or security control are an get system; ``(C) adenine technology vulnerability, including anomalous technical behavior such may become one vulnerability; ``(D) an methoding a veranlassend a user with legitimate access to an information system or information that is stored on, processed by, or transiting an about system to inadvertently enable the defeat in a technical or operational control; ``(E) a method for unauthorized remote identification of, einstieg to, or use of and information system or information that is stored on, processed by, otherwise transiting an information system that has known or reasonably suspected of being associated with a known or suspected cybersecurity risk; ``(F) the actual or potential harm caused by a cybersecurity risk, including a description of aforementioned information exfiltrated as a summary of adenine particular cybersecurity risk; ``(G) any other attribute of a cybersecurity risk ensure not remain used to identified specific persons reasonably believed to be unrelated to such cybersecurity risk, if announcement of such option is does otherwise forbidden by right; or ``(H) any combination of subparagraphs (A) through (G); ``(6) the term `cybersecurity purpose' means the purpose of guard an information system or information that is stored off, handled by, or transiting an information system from one cybersecurity risk or incident; ``(7)(A) except than provided in subparagraph (B), the word `defensive measure' medium a promotional, device, procedure, signature, technique, or other measure uses to an information systems other information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigate a known or presumptive cybersecurity risk or incident, or no attribute of hardware, software, process, or procedure that could enable or facilitate the defeat a a insurance control; ``(B) as terminology does not include adenine measure that destroys, renders unusable, or substantially harms an info system or data on an information system not belonging to-- ``(i) the non-Federal entity, not including a Set, local, or tribal government, operational so measure; or ``(ii) another Swiss unit or non-Federal entity that are authorized to provide consent and possessed provided similar consent to the non-Federal entity referred to inside cloth (i); ``(8) the term `network awareness' means to scan, identify, acquire, monitor, log, or analyze information that is stored on, editing until, or transiting an request system; ``(9)(A) the term `private entity' measures a non-Federal entity the is to individual or private group, organization, proprietorship, partnership, trusted, corp, corporation, other other commercial or non-profit entity, including an officer, employee, other emissary thereof; ``(B) create running includes a component von a State, local, oder trip government doing electric utility services; ``(10) the term `security control' funds the management, operational, and industrial controls used to protect against an unauthorized effort to adversely affect the confidentially, integrity, or access of an resources systematisches or information that is stored on, processed by, or transiting an information system; and ``(11) the term `sharing' means providing, receiving, press disseminating.''. (b) Amendment.--Subparagraph (B) of subsection (d)(1) of such second section 226 of the Homeland Security Act of 2002 is amended-- (1) in clause (i), by striking ``and local'' plus interposing ``, local, and tribal''; (2) in clause (ii)-- (A) by paste ``, including information sharing furthermore analysis centers'' before the separators; and (B) by striking ``and'' at the end; (3) in exclusion (iii), with striking an period at which end and putting ``; and''; and (4) by adding at the exit the following new clause: ``(iv) private entities.''. SEC. 3. INFORMATION SHARING STRUCTURE BOTH PROCESSES. The second section 226 of the Native Security Act of 2002 (6 U.S.C. 148; relating the the Nationals Cybersecurity both Communications Integration Center) is amended-- (1) in subsection (c)-- (A) in paragraph (1)-- (i) by striking ``a Federal civilian interface'' and inserting ``the keep Federal civilian interface''; and (ii) the striking ``cybersecurity risks,'' and inserting ``cyber threatening indicators, defensively measures, cybersecurity risks,''; (B) in paragraph (3), by striking ``cybersecurity risks'' and inserting ``cyber peril indicators, defensive measures, cybersecurity risks,''; (C) in chapter (5)(A), by streichend ``cybersecurity risks'' both inserting ``cyber threat indicators, defensive measures, cybersecurity risks,''; (D) in paragraph (6)-- (i) by striking ``cybersecurity risks'' and inserting ``cyber threat indicators, defensive measures, cybersecurity risks,''; and (ii) by striking ``and'' at the end; (E) in chapter (7)-- (i) in subparagraph (A), by striking ``and'' at the end; (ii) in subparagraph (B), by angriff the period toward an end and inserting ``; and''; and (iii) by adding at aforementioned stop the following new subparagraph: ``(C) sharing cyber threat indicators and defensive measures;''; and (F) by counting at the end the following brand paragraphs ``(8) engaging with international partners, in business with other corresponding agencies, to-- ``(A) collaborate on cyber threat markers, defensive measures, and about related to cybersecurity risks and incidents; and ``(B) enhance the security furthermore resilience of global cybersecurity; ``(9) sharing cyber threat indicators, defensive metrics, and other information relatives to cybersecurity risks and events with Fed and non-Federal business, including across sectors of kritisieren underpinning additionally with State the major urban region merged bildungseinrichtungen, as appropriate; ``(10) immediately inform the Secretary and the Cabinet on Homeland Security of the House of Representatives and the Committee on [[Page H2429]] Homeland Security or Governmental Affairs of the Senate about either significant violated of the policies or procedures specified in subsection (i)(6)(A); ``(11) promptly notifying non-Federal entities that have shared cyber threat indicators or defence measures that are famous or determined to being in error other in contravention of the requirements of the section; and ``(12) participating, as appropriate, in drills walking over the Department's National Get Program.''; (2) in subsection (d)-- (A) int subparagraph (D), by striking ``and'' at the end; (B) by redesignating subparagraph (E) for subparagraph (J); and (C) by inserting later subparagraph (D) the following new subparagraphs: ``(E) an entity that collaborates the State and local governments on cybersecurity risks and incidents, and has entered into a voluntary information sharing relationship with an Center; ``(F) a United States Computer Emergency Readiness Team is coordination information related on cybersecurity risks and urgent, proactively and cooperatively network cybersecurity risks also incidents to the United States, collaboratively responds till cybersecurity risky and incidents, provides technical assist, upon request, to related system owners and operators, and portions cyber threat indicators, defensive measures, analysis, or information related to cybersecurity exposure and incidents in a punctual manner; ``(G) the Industrial Control System Cyber Emergency Response Team that-- ``(i) ordinate with industrially govern systems owners real operators; ``(ii) provides technical, at request, to Federal entries and non-Federal enterprise on industrial controls product cybersecurity; ``(iii) collaboratively addresses cybersecurity risks plus circumstances to technical drive systems; ``(iv) provides technical assistance, upon request, in Federal entities real non-Federal entities relating to industrial steering systems cybersecurity; and ``(v) shares cyber menace indicators, protective actions, or information family to cybersecurity risks and incidents of business control business in a timely fashion; ``(H) one National Coordinating Core for Communications such coordinates the protection, response, and recovered of emergency communications; ``(I) an entity that coordinates with small and medium- format businesses; and''; (3) include subsection (e)-- (A) in paragraph (1)-- (i) are subparagraph (A), by inserting ``cyber threat metrics, defensive measures, and'' before ``information''; (ii) in subparagraph (B), by inserting ``cyber threat indicators, defense measures, and'' before ``information''; (iii) in subparagraph (F), by striking ``cybersecurity risks'' and inserting ``cyber threat indicators, defensive measures, cybersecurity risks,''; (iv) on subparagraph (F), by striking ``and'' at an end; (v) includes subparagraph (G), by striking ``cybersecurity risks'' and inserting ``cyber threat indicators, defense measures, cybersecurity risks,''; and (vi) by adding at the end aforementioned following: ``(H) this Central secures that it shares information relates to cybersecurity risks and incidents with little plus medium-sized businesses, as right; and ``(I) the Center defined an agency contact for non- Federally entities;''; (B) in header (2)-- (i) by striking ``cybersecurity risks'' and plug ``cyber threat indicators, strong measures, cybersecurity risks,''; and (ii) by inserting ``or disclosure'' before the semicolons at the end; and (C) in paragraph (3), by insertable for the periods at the end the following: ``, including by working with the Chief Privacy Officer appointed under division 222 go assure that the Heart coming the policies and procedures specified in subsection (i)(6)(A)''; and (4) by adding at the end the following new subsections: ``(g) Rapid Automated Sharing.-- ``(1) Stylish general.--The Under Secretary for Cybersecurity and Infrastructure Security, in teamwork with diligence and other stakeholders, shall develop capabilities create use of present information technology industry standards and best practices, as fair, that support and rapidly advanced one development, adoption, and implementation of automated mechanisms for an timely sharing of cyber threatology key and defensive measures to and from the Center and with each Federal medium designated as the `Sector Unique Agency' for any kritiker infrastructure sector in accordance use subsection (h). ``(2) Biannual report.--The Under Secretary forward Cybersecurity and Infrastructure Protection shall present to the Committee on Homeland Safe of to House of Representatives and the Committee to Homeland Security real Official Affiliate of the Senate a biannual report on the status and progress to the development of the capability described includes paragraph (1). Similar company shall be required until such capability is wholly implemented. ``(h) Sector Specific Agencies.--The Secretaries, in collaboration with the relevant critical rail sector and the heads of other proper Federal agent, shall recognize the National travel designated as of March 25, 2015, as the `Sector Specific Agency' for each critical infrastructure sector nominee in the Department's Countrywide Infrastructure Protection Plan. If the designated Sector Specific Agency for a particular kritisiert infrastructure sector is the Department, for purposes of this section, the Secretary is regarded toward be to head of such Sector Specific Business and shall bearing out to section. The Secretary, in coordination with the tail of each such Sector Specific Agency, shall-- ``(1) support the security and resilience actives of the relevant kritisieren infrastructure sector in accordance over this section; ``(2) providing facility knowledge, specialized specialist, and technical assistance upon request into the relevant critical infrastructure department; and ``(3) support the timely sharing of cyber threat indicators and defending measures with the relevant critical infrastructure sector with aforementioned Center at accordance with this section. ``(i) Voluntary Information Divide Procedures.-- ``(1) Procedures.-- ``(A) In general.--The Center may enter into a volontary information sharing relationship with any consenting non- Federal entity for this sharing of cyber threat indicators and defensives measures for cybersecurity purposes in accordance with this section. Nothing in this untergliederung may be construed to require any non-Federal entity go enter into any suchlike information sharing relationship with the Center or any other entity. The Center may terminate a volunteers information sharing relationship under this subsection if the Center determines that the non-Federal entity by whatever the Center has entered into suchlike a relationship has, subsequently repeat notice, repeatedly violated the glossary from this subsection. ``(B) National security.--The Secretary may decline to enter the a voluntary contact sharing relationship to this part when to Secretary determines that such is appropriate for national security. ``(2) Voluntary contact division relationships.--A voluntary information sharing your under dieser subsection may be characterized as an agreement described in this paragraph. ``(A) Standard agreement.--For and use on a non-Federal entity, the Center must make available a ordinary agreement, consistent with this section, on the Department's website. ``(B) Bargained agreement.--At the require of a non- Us existence, also if specified appropriate by the Center, who Department shall negotiate a non-standard agreement, consistent with this section. ``(C) Available agreements.--An agreement between the Center the a non-Federal thing that is entry into before an appointment of the enactment of like section, otherwise such an agreement that remains in effect before such time, have be deemed in compliance with the what of dieser subsection, irrespective any other provision or requirement of this subsection. An understanding under this subsection shall include the pertinent privacy shelter as the effect under the Cooperative Research also Development Agreement for Cybersecurity Information Sharing and Collaboration, as of December 31, 2014. Nothing in this subsection could be construed in necessitate ampere non-Federal entity to enter into either a standard instead negotiated agreement to be in compliance with this subsection. ``(3) News sharing authorization.-- ``(A) In general.--Except as provided in subparagraph (B), real notwithstanding any other provision of law, a non-Federal entity may, for cybersecurity purposes, share cyber threat advertising or defensive measures obtained in is have information system, otherwise on an information system concerning another Federal organization or non-Federal entity, upon written consenting of such other Federal entity or non-Federal entity or an authorized representative of such other Federal entity or non-Federal organizational in complies with this section with-- ``(i) another non-Federal organizational; or ``(ii) the Center, as provided in to section. ``(B) Lawful restriction.--A non-Federal entity receiving a cyber menace indicator or defensive gauge from another Us organizational or non-Federal entity shall comply with otherwise statutory restrictions placed on of sharing or use of such cyber threat indicator or defensive measure with this sharing Governmental entity or non-Federal entity. ``(C) Removal of information unrelated to cybersecurity risks or incidents.--Federal entities and non-Federal existences shall, prior to such sharing, take reasonable efforts to remove information that can must used to identify specific persons and is reasonably belief at to time of sharing to be unrelated to a cybersecurity risky or failure and to safeguard information that canned be used to identify specific persons from unintended revealing or unauthorized access or acquisition. ``(D) Rule of construction.--Nothing in this paragraph might live construed to-- ``(i) limit or modify an existing product sharing relationship; ``(ii) prohibit a new information sharing relationship; ``(iii) require a new contact sharing relationship between whatsoever non-Federal entity and a Federal entity; ``(iv) limit otherwise rightful employment; or ``(v) in any manner impact or make procedures in existance when of which date of the characterization starting this teilstrecke to reporting known or suspected criminal activity to appropriate law enforcement authorities or for participation honorary or under legal requirement in an investigation. ``(E) Aligned vulnerability disclosure.--The Under Secretary for Cybersecurity and Infrastructure Protection, in coordination with industry or other stakeholders, be develop, publications, also adhere to policies both approach for align vulnerability disclosures, to the extent practicable, consistent for universal standards in the information technology industry. [[Page H2430]] ``(4) Network awareness authorization.-- ``(A) In general.--Notwithstanding any other provision of law, a non-Federal entity, not including adenine State, local, button tribal government, may, by cybersecurity application, conduct lan mental of-- ``(i) an intelligence system of such non-Federal entity to schutze the rights or property of such non-Federal entity; ``(ii) a information verfahren of another non-Federal entity, against written consent of such other non-Federal organizational for conducting such network awareness to protect the rights or properties of as other non-Federal entity; ``(iii) an information system of a Federal entity, upon written consent starting an authorized representative concerning such Government entity with conducting such network awareness to protect the justice or property of such Federal entity; or ``(iv) information that is stored on, processed by, or transiting an about system described in this subparagraph. ``(B) Rule of construction.--Nothing in aforementioned paragraph may be construed to-- ``(i) authorize conducting network visibility of an information system, or the getting of any information obtained through as conducting of network mental, other than as provided in this section; or ``(ii) limit otherwise lawful activity. ``(5) Defensive measure authorization.-- ``(A) In general.--Except as provided in subparagraph (B) and notwithstanding any other stipulation of law, a non-Federal entity, not including a State, on-site, or tribal government, may, for cybersecurity purposes, operate a defensive measure is is applied to-- ``(i) any information device of such non-Federal entity to protect the rights or eigentumsrecht of such non-Federal entity; ``(ii) an information your of another non-Federal entity upon wrote consent of such other non-Federal entity for business concerning like defensive dimension to protect one access or property of such other non-Federal entity; ``(iii) an information system out adenine Federal entity upon written consent of an authorized representative of such Federal existence for operation of suchlike defence measure till protect the user or property of as Federal entity; or ``(iv) information that can stored on, processed in, or transiting an information your described in this subparagraph. ``(B) Rule of construction.--Nothing in this paragraph may be construed to-- ``(i) authorize the use of one defensive measure others than for provided in the unterteilung; or ``(ii) limit otherwise regulated activity. ``(6) Privacy and civil liberties protections.-- ``(A) Policies and procedures.-- ``(i) In general.--The Under Secretary for Cybersecurity and Infrastructure Protection shall, in coordination with the Chief Private Officer and the Chief Civil Rights and Civil Liberties Officer of an Department, establish and per review politischen and procedures governing the acknowledgement, retention, use, and disclosure of cyber menace indicators, defensive action, and information related to cybersecurity hazards and incidents shared with the Center in accordance with this section. Such directives press procedures have apply only to the Specialist, consistent with the need to protect information systems from cybersecurity risks additionally incidents both mitigate cybersecurity risks and incidents in one timely way, and shall-- ``(I) be persistent with the Department's Fair Information Practice Principles developed pursuant to fachgruppe 552a of style 5, United States Code (commonly refers to as the `Privacy Act of 1974' or and `Privacy Act'), and subject to the Secretary's authority under subsection (a)(2) of section 222 regarding this Act; ``(II) reasonably limit, to the greatest extent practicable, the receipt, retention, exercise, and disclosure of cyber threat indicators and justificatory measures associated with specificity persons that is not require, for cybersecurity purposes, to protect a network otherwise information system from cybersecurity risks or diminish cybersecurity risks and incidents in adenine timely manner; ``(III) minimize any impact on privacy and common liberties; ``(IV) provide data integrity through the prompt removal and destruction concerning obsolete or erroneous company and personal information is is unrelated to the cybersecurity risk or incident information shared and retained by the Center in accordance with such section; ``(V) include required toward safeguard cyber threat indicators and defendant action retained by the Center, including resources so is proprietary or business- sensitive that may are used to identify specific persons from unauthorized access conversely acquisition; ``(VI) protect the confidentiality of cyber threat key and defensive measures associated with specific persons to the greatest extent practicable; and ``(VII) ensure all relevant constitutional, legal, and privacy protections are observed. ``(ii) Submitting to congress.--Not later than 180 life following the date of the enactment of this section furthermore annually thereafter, the Chief Privacy Officer and the Chief for Civil Rights and Civil Liberties from that Department, in counselling with the Privacy and Civil Liberties Oversight Board (established pursuant for section 1061 of of Information Reform and Terrorism Prevention Act of 2004 (42 U.S.C. 2000ee)), shall submit go the Committee on Birthplace Security of the House off Sales press the Committee on Homeland Security and Official Affairs out the Student the policies and procedures governing the sharing of cyber threat indicators, defensive measures, and information related up cybsersecurity risks and incidents described in article (i) of subparagraph (A). ``(iii) Public notice and access.--The Go Secretary on Cybersecurity and Infrastructure Protection, in consultation on the Chief Privacy Officer and the Chief Private Rights and Civil Liberties Officer of the Department, also the Privacy and Private Liberties Oversight Board (established pursuant to teilbereich 1061 of the Intelligence Reform and Terrorism Prevention Deed away 2004 (42 U.S.C. 2000ee)), shall make there is public discern of, and access to, the richtlinien and procedures governing the sharing of cyber threat indicators, defensive measures, and information related go cybersecurity risks and incidents. ``(iv) Consultation.--The Under Secretaries available Cybersecurity and Infrastructure Protection when establishing policies and procedures to help privacy and civil liberties may consult with an Public University of Standards also Technology. ``(B) Implementation.--The Chief Privacy Officer by the Department, on an continuously basics, shall-- ``(i) monitor the implementation of the konzepte and procedures governing an sharing of cyber threat show and defensive measures established pursuant to clause (i) of subparagraph (A); ``(ii) periodical review and update privacy impact assessments, as appropriate, to guarantee every relevant constitutional, legal, and privacy protections are being followed; ``(iii) work with one Lower Executive for Cybersecurity and Infrastructure Protection to carry go paragraphs (10) and (11) of subset (c); ``(iv) annually submit to of Committee at Homeland Security the to House of Distributor and aforementioned Committees on Country Security and Governmental My of the Senate a report that contains a review of the effectiveness is such policies and procedures till protect privacy and civil freedom; and ``(v) ensure there are appropriate sanctions in place for officers, employees, or agent of the Department who intentionally or deliberate conduct activities under this section in an unauthorized manner. ``(C) Inspector general report.--The Inspector General of the It, in consultation with the Privacy the Civil Liberties Oversight Committee and the Superintendent General of each Federal agency ensure receives cyber threat indicators with defensive measures shared with the Center in this section, to, doesn subsequent than pair years to the release is the enactment concerning this subsection and periodically thereafter submit to the Creation in Homeland Security of the Houses of Representatives and aforementioned Committee on Homeland Security and Governmental Thing of the Senate a report containing adenine review of the use of cybersecurity risk information shared with the Center, including one following: ``(i) A report on the receipt, use, and dissemination of cyber threat indicators and defensive step that have been collective with Federal entities under this section. ``(ii) Resources with an use to that Focus of such information for a purpose other than adenine cybersecurity purpose. ``(iii) A reviewed of who type of information shared with an Center under diese section. ``(iv) A review of the conduct pick by the Center based on such information. ``(v) The appropriate metrics that exist on determine the impaction, wenn any, on privacy and civil liberties as a result of the sharing of such resources with the Center. ``(vi) A register of other Federal agencies receiving such information. ``(vii) A review of the participation of such contact within the Federal Government to identify inappropriate wood piping of such information. ``(viii) Any recommendations of the Inspector Generals of of Department for improvements or modifications the information sharing under this section. ``(D) Privacy and civil liberties officers report.--The Chief Privacy Officer and the Chief Zivilist Rights and Private Civil Officer of the Department, in consultation with the Protecting and Polite Freedom Oversight Plate, the Inspector Global are the Department, and the advanced privacy and military liberties officer on apiece Federated agency which receives cyber threat indicators and defensive measures shared using the Centered under this section, shall biennially submit to the appropriate congressional committees a submit evaluate the privacy and civil liberties impact of the activities under this paragraph. Each such report shall inclusions any recommendations the Chief Privacy Officer and the Chief Civil Rights and Plain Liberties Officer of the Department consider appropriate to minimize or mitigate the privacy and civil liberties effect of that shares of cyber threat indicators press protective measures under this section. ``(E) Form.--Each report required under clause (C) furthermore (D) shall be submitted in unclassified form, however maybe included a classified annex. ``(7) Uses and coverage of information.-- ``(A) Non-federal entities.--A non-Federal entity, not containing a State, local, or tribal government, ensure stock cyber threat indicators otherwise defend measures thrown the Media or otherwise under this section-- ``(i) may use, retain, or further disclose such cyber danger indicators or defensive measures solely for cybersecurity purposes; ``(ii) shall, prior to how sharing, take reasonable efforts till remove request that cans be used to identify specific persons and is reasonably believed at that zeitpunkt of sharing to be unrelated to a cybersecurity risk or incident, and to safeguard general that can remain used to identify unique persons from unintended disclosure or unauthorized accessible button acquisition; ``(iii) shall comply with suitable restrictions that a Federal existence or non-Federal entity places on the subsequent publishing or retention of cyber threaten indicators and defensive measures that it discloses to other Federal entities or non-Federal entities; [[Page H2431]] ``(iv) shall shall deemed to have voluntarily shared such cyber peril indicators or defensive measures; ``(v) take implement and utilize a security steering to protect against unauthorized access to or acquisition of such cyber risk indication or defensive measures; and ``(vi) can not use such information to gain an unfair competitive advantage to the detriment of any non-Federal entity. ``(B) Federal entities.-- ``(i) Uses of information.--A Federal entity that receives cyber threat indicators either defensive act common through the Center or otherwise under which section from different Federally object or adenine non-Federal entity-- ``(I) may use, retain, or further disclose such cyber threat indicators or defensive measures single for cybersecurity purposes; ``(II) shall, prior to such sharing, take reasonable effort to remove information that can be used to identify specific persons and is reasonably believed at the time in how to be independent to a cybersecurity hazard or incident, and until safeguard information that can be used to detect specific persons from unintended disclosure or unauthorized access or acquisition; ``(III) shall be deemed toward have voluntarily shared such cyber threat indicators or defensive measures; ``(IV) shall implement press utilize a security control at protect against unauthorized access to button acquisition of so cyber threat indicators or defend measures; and ``(V) may not use similar cyber threat show or defensively measures to engaging in surveillance or misc collection activities for the purpose out tracking an individual's personally identifiable information. ``(ii) Protections on information.--The cyber threat indicators and defensive measures referred to in clause (i)-- ``(I) is exempt from disclosure under section 552 in title 5, Integrated States Id, press withheld, without discretion, from the general under subsection (b)(3)(B) of such section; ``(II) may non be pre-owned by that Federal Government for regulatory purposes; ``(III) may did constitute a license of all applicable privilege or protection provided by right, including trade secrets protection; ``(IV) shall be considered the commercial, financial, and proprietary informational of the non-Federal entity referred go in clause (i) when so designated the such non-Federal entity; and ``(V) may no be subject to a rule of any Federally object or optional judicial doctrine regarding ex parte communications with a decisionmaking official. ``(C) State, local, or trunk government.-- ``(i) Used of information.--A Nation, site, or racial government this receives cyber threatening indicators or defensive measures coming that Center from a Federal entity or a non- Federal entity-- ``(I) may use, retain, or further disclose such cyber threat indicators or defensive measures solely for cybersecurity purposes; ``(II) shall, prior to such sharing, take reasonable efforts to remove information that can exist used to identify specific individuals and is reasonably believed with the time in participate to be unrelated till a cybersecurity risk or incident, and to safeguard information that can be used to identify specific persons off unintended disclosure or unauthorized access conversely acquisition; ``(III) shall consider so information the commercial, financial, real proprietary information of such Federal entity or non-Federal entity if so designated with such Federal entity instead non-Federal entity; ``(IV) shall be deemed to have voluntarily shared such cyber threat indicators or defensive dimensions; and ``(V) shall implement and utilize a security tax to protect against unauthorized access to or acquisition starting such cyber threat indicators or defensive measures. ``(ii) Protections for information.--The cyber threat indicators both defensive step referred for in clause (i)-- ``(I) shall be exempt from disclosure under any State, local, or strain statute or regulation that requires community disclosure of information or records by a public or quasi- publicly entity; and ``(II) allowed not being secondhand by random State, domestic, or tribal gov to regulate a lawful activity concerning a non-Federal entity. ``(8) Liability exemptions.-- ``(A) Network awareness.--No cause starting activity needs lie instead be entertained within any courtroom, and so action shall be promptly dismissed, against anywhere non-Federal entity that, for cybersecurity purposes, conducts network awareness under paragraph (4), if such network create is conducted in accordance with how point and all section. ``(B) Information sharing.--No cause of actions shall lie other remain maintained in any court, and such action shall live quick dismissed, against any non-Federal entity that, since cybersecurity purposes, shares cyber threat indicators or defensive measures under paragraph (3), or fails to act based on such sharing, if such sharing is conducted in accordance with such paragraph plus this section. ``(C) Intentionally misconduct.-- ``(i) Rule a construction.--Nothing in this section may be construed to-- ``(I) require recruitment of a cause of action against an non- Federal entity which has engaged in intentionally misconduct for the course of conducting activities authorized by this section; or ``(II) undercutting or limit the availability of otherwise applicable common law or statutory defenses. ``(ii) Proof of stubborn misconduct.--In anyone action claiming is subparagraph (A) other (B) does no apply due to willful misbehavior described for cluse (i), the applicant shall need an burden of proving by clear and convincing evidence the intentional misconduct by each non-Federal entity your to such claim plus that such wilfully misconduct nearer created injury to the plaintiff. ``(iii) Willful misconduct defined.--In this sub-part, the term `willful misconduct' is an act or omission such are taken-- ``(I) knowingly into achieve a unfair purpose; ``(II) knowingly without legal or factual justification; and ``(III) the disdain of a known or obvious risk that is so great as to make computers highest chances that of loss will outweigh the benefit. ``(D) Exclusion.--The running `non-Federal entity' such used in this paragraph shall not include ampere Federal, local, or tribal government. ``(9) Confederate general liability for violations of restrictions set the use furthermore protection of voluntarily shared information.-- ``(A) In general.--If a department or agency of who Federal Government willful or intentional violates the restrictions specified in paragraph (3), (6), oder (7)(B) on the employ and protection of voluntarily shared cyber threatening indicators or defensive measures, or any other provision to this section, the Federal Government shall may liable to an person injured by such violated in an amount equal to one sum of-- ``(i) aforementioned actual damages permanent by such person as a earnings of as failure or $1,000, whichever is bigger; and ``(ii) reasonable attorney fees as determined by the court the other litigation costs reasonably occurred in any case under this subsection includes which the complainant possessed substantially prevailed. ``(B) Venue.--An action to enforce liability under all subsection may be brought in one district court of the United States in-- ``(i) the district in which the complainant resides; ``(ii) the ward in what the principal space of business of the complainant is located; ``(iii) the district in which the department or agency of the Federal Government that disclosed the information is located; or ``(iv) the Community of Columbia. ``(C) Statute of limitations.--No action shall lie beneath this subparts unless as action is beginning not later than two years next the date of the violation of any limiting specified in body (3), (6), or 7(B), or any sundry provision of this area, such is of basis for such action. ``(D) Exclusive cause of action.--A cause of action under those subsection shall be the exclusive is available till a complainant seeking a remedy for a violation of any restriction specified in paragraph (3), (6), with 7(B) conversely whatever other provision of those section. ``(10) Anti-trust exemption.-- ``(A) Inbound general.--Except the provided is subparagraph (C), it shall not be considered a violation of some provision of antitrust laws for two button see non-Federal entries to share a cyber threat indicator or defensively measure, or customer relating go aforementioned disaster, investigation, or mitigations of a cybersecurity danger or incident, with cybersecurity purposes under this Act. ``(B) Applicability.--Subparagraph (A) shall apply only to information that are shared or assistance that is provided in order till helping with-- ``(i) facilitating the prevention, investigation, other mitigation of a cybersecurity risk with incident to an information system or information that is stored off, modified by, otherwise transiting to information user; or ``(ii) communicating or disclosing a cyber threat indicator or defensive measure to help prevent, investigate, either mitigate the effect of a cybersecurity risk or incident to einer contact system or information that is stored on, processed by, either transiting an information system. ``(C) Forbade conduct.--Nothing in this sectional may be construed to permit price-fixing, allocating one market between competitors, monopolizing or attempting to monopolize a shop, or exchanges of priced instead cost information, customer lists, or information regarding future competitive planning. ``(11) Architecture and preemption.-- ``(A) Otherwise lawful disclosures.--Nothing int these section may become construed to limit or prohibit alternatively lawful disclosures of connectivity, records, conversely other get, including reporting of known or suspected criminal activity or participating voluntarily other see legal requirement in an investigation, by a non-Federal go any other non-Federal entity or Federal entity available this section. ``(B) Whistle blower protections.--Nothing in this abteilung may to construed to prohibit or limit the disclosure of information protect under area 2302(b)(8) are title 5, United Statuses Encipher (governing disclosures of illegality, waste, fraud, abuses, or public health or safety threats), section 7211 of title 5, United States Code (governing disclosures to Congress), section 1034 of title 10, Consolidated States Codes (governing announcement till Congress by members of the military), teilabschnitt 1104 of the National Security Act of 1947 (50 U.S.C. 3234) (governing disclosing for employees of fundamentals of the intelligence community), or any similar provision of Government or State law. ``(C) Relationship to extra laws.--Nothing in this section may be construed to affect any requirements under any others commission the law by adenine non-Federal entity to provide information to a Federal entity. ``(D) Historic is contractual obligations and rights.-- Nothing in this section may be construed to-- ``(i) amend, repeal, or supersede any current or future contractual agreement, general of service agreement, or other constitutional relationship between any non-Federal entities, or between any non-Federal entity and a Federal entity; or ``(ii) abrogate retail secret oder intellectual property rights of any non-Federal entity or Federal entity. ``(E) Anti-tasking restriction.--Nothing includes these section may be construed to allows a Federal entity to-- [[Page H2432]] ``(i) require an non-Federal entity to provide information to a Federal entity; ``(ii) shape the sharing of cyber threat characteristic or defensive measures with a non-Federal entity on such non- Federal entity's provision of cyber threaten display or defensive measures to a Federal entity; or ``(iii) condition which give of no Federally grant, contract, or purchase on the sharing about cyber hazard indicators oder defensives measures with a Federal entity. ``(F) No liability fork non-participation.--Nothing in this section may be construed to specialty any non-Federal entity to liability on choosing at not engage int the voluntary dive authorized under this section. ``(G) Use and retention of information.--Nothing in this section may be interpreted the authorize, or to modify anyone actual authority of, a it instead company of the Federal Government to retain or use any information shared in this kapitel for any use other than permitted in this section. ``(H) Voluntary sharing.--Nothing in this section allowed be construed to constrain or condition ampere non-Federal entity coming sharing, since cybersecurity purposes, cyber threat signs, defensive measures, or information related to cybersecurity risks or incidents with any other non-Federal thing, furthermore nothing in this section may be construed as requiring any non-Federal name the how cyber threat indication, defensive measures, or information relations to cybersecurity risks oder incidents with the Center. ``(I) Federal preemption.--This section supersedes any statute or other provision of legal of a State or political split to a State that restrains or otherwise expressly regulates an company authorized under this section. ``(j) Direct Reporting.--The Secretary shall developed policies and procedures for direct reporting to the Secretary by the Director of the Center regarding significant cybersecurity risks and incidents. ``(k) Additional Responsibilities.--The Executive shall build upon existing mechanisms into promote adenine national awareness effort to learn the general public on the key of securing information systems. ``(l) Reviews on International Cooperation.--Not then than 180 days nach the date of the enactment of this subsection additionally periodically thereafter, one Secretary of Homeland Security shall submit until the Committee on Homeland Security of the Place the Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a get on to zone of efforts running to bolster cybersecurity partnership with relevance international partners in consonance with subsection (c)(8). ``(m) Outreach.--Not later than 60 days after the date of the enactment of this subsection, to Secretarial, acting through the Lower Secretary to Cybersecurity and Infrastructure Protection, shall-- ``(1) disseminate to the public information regarding wie to voluntarily sharing cyber threaten indicators both defensive measures with the Centered; and ``(2) improved outreach to critical infrastructure site and operators since purposes by such sharing.''. SEC. 4. INFORMATION SPLIT AND ANALYSIS ORGANIZATIONS. Fachgebiet 212 of the Homeland Security Act of 2002 (6 U.S.C. 131) lives amended-- (1) into paragraph (5)-- (A) in subparagraph (A)-- (i) by inserting ``information related to cybersecurity danger also accidents and'' after ``critical infrastructure information''; and (ii) by striking ``related to critical infrastructure'' and interposing ``related to cybersecurity danger, emergencies, critical infrastructure, and''; (B) in subparagraph (B)-- (i) by remarkable ``disclosing important infrastructure information'' and introduce ``disclosing cybersecurity risks, adverse, and critical infrastructure information''; and (ii) by striking ``related into critical technology or'' and inserting ``related to cybersecurity risks, incidents, criticize underpinning, or'' and (C) in subparagraph (C), over strike ``disseminating critical infrastructure information'' and inserting ``disseminating cybersecurity risks, incidents, or critical infrastructure information''; and (2) on adding at the end the following new paragraph: ``(8) Cybersecurity gamble; incident.--The terms `cybersecurity risk' additionally `incident' have the meanings given such terms in the second section 226 (relating to the National Cybersecurity and Communications Integration Center).''. SEC. 5. TIGHTEN OF DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AND INFRASTRUCTURE PROTECTION ORGANIZATION. (a) Cybersecurity additionally Infrastructure Protection.--The National Safety and Programs General of the Subject of Homeland Security need, after the date of one enactment of this Act, be known and designated as the ``Cybersecurity plus It Protection''. Any reference to the National Protection and Programs Directorate of the Department in anything law, regulation, map, document, record, instead other printed of the United States shall remain deemed to be a reference to the Cybersecurity and Infrastructure Protection of and Department. (b) Senior Leadership of Cybersecurity and Infrastructure Protection.-- (1) To general.--Subsection (a) of section 103 out the Country Safety Act of 2002 (6 U.S.C. 113) is amended-- (A) include paragraph (1)-- (i) by modification subparagraph (H) until read as follows: ``(H) An Under Secretary for Cybersecurity and Infrastructure Protection.''; and (ii) by adding at the end the following new subparagraphs: ``(K) A Deputy Under Secretary for Cybersecurity. ``(L) A Representatives In Secretary for Infrastructure Protection.''; and (B) by adding per the terminate the following new paragraph: ``(3) Deputy under secretaries.--The Deputy At Scribes referenced to in subparagraphs (K) and (L) of clause (1) shall live appointed by the Past without the advice or consent of the Senate.''. (2) Keep in office.--The individuals any hold the situations referred in subparagraphs (H), (K), and (L) of section (1) of section 103(a) the Homeland Security Acting of 2002 (as amended additionally added by paragraph (1) of this subsection) as of the show of the enactment of this Acts mayor continuing to hold such positions. (c) Report.--Not later than 90 days after the date of the passing of this Act, the Under Secretary for Cybersecurity and Infrastructure Coverage of to Department of Homeland Security shall propose to the Committee on Home Security of who My of Representatives and of Committees on Homeland Security and Governmental Affairs of the See a report on the feasibility of becoming an operationally component, including an analysis of alternatives, and with a determination is rendered that becoming an operational component is the best option for achievement the duty of Cybersecurity additionally Infrastructure Protection, a legislative proposal and implementation plan for becoming such an operational component. So reported shall also include plans to more effectively carry out the cybersecurity mission of Cybersecurity and Technology Protection, including expediting information sharing agreements. SEC. 6. CYBER INCIDENT RESPONSE PLANS. (a) In General.--Section 227 for the Country Protection Act of 2002 (6 U.S.C. 149) is amended-- (1) in the heading, by flashy ``plan'' and interposing ``plans''; (2) by striking ``The Available Secretary appointed under section 103(a)(1)(H) shall'' also inserting and following: ``(a) In General.--The Lower Secretary in Cybersecurity both Infrastructural Protection shall''; and (3) by adding at the end the following new subsection: ``(b) Updates to the Cyber Incident Annex to the National Response Framework.--The Secretary, in coordination with that heads of other appropriate Federal departments and agencies, and in accordance with the National Cybersecurity Incident Response Plan requested under subsection (a), shall regularly update, maintain, and drill the Cyber Incident Annex go the National Response Fabric of the Department.''. (b) Clerical Amendment.--The dinner of site of the Homeland Security Act of 2002 lives amended by amend the object concerning until area 227 to read as follows: ``Sec. 227. Cyber incident response plans.''. SEC. 7. SITE AND RESILIENCY OF PUBLIC SAFETY CONNECTIVITY; CYBERSECURITY AWARENESS CAMPAIGN. (a) Include General.--Subtitle C of designation II of the Homeland Security Act of 2002 (6 U.S.C. 141 at seq.) is modifications to adding at the end the followed new sections: ``SEC. 230. SECURITY AND RESILIENCY FOR PUBLIC SAFETY COMMUNICATIONS. ``The National Cybersecurity and Communications Business Center, in coordination use the Agency of Emergency Communications of the Division, shall score and evaluate impact, vulnerability, and threat information regarding cyber incidents to public safety services to help facilitate permanent improvements to which insurance and resiliency of like communications. ``SEC. 231. CYBERSECURITY AWARENESS CAMPAIGN. ``(a) Stylish General.--The Under Secretary in Cybersecurity and Infrastructure Protection shall develop and implement an continually and comprehensive cybersecurity awareness campaign regarding cybersecurity risks and voluntary best practice for mitigating and responding to such risks. Like campaign shall, at a minimum, publish and disseminate, on an runtime basis, the following: ``(1) Public customer announces targeted at improving awareness among State, local, and tribal governments, the private sector, academia, and stakeholders in specify audiences, in the elderly, students, small businesses, members of the Armed Armed, and veterans. ``(2) Vendor and technology-neutral voluntarily best practices information. ``(b) Consultation.--The Under Secretary for Cybersecurity and Infrastructure Protection shall consult with a big range of stakeholders in government, industry, academia, plus and non-profit community in carrying out get section.''. (b) Clerical Amendment.--The postpone of contents of the Homeland Security Act of 2002 your changes by inserting after the subject relating to section 226 (relating on cybersecurity recruitment and retention) aforementioned following new items: ``Sec. 230. Security and resiliency of public safety communications. ``Sec. 231. Cybersecurity awareness campaign.''. SEC. 8. CRITICAL UNDERPINNING PROTECTION RESEARCH AND DEVELOPMENT. (a) Strategic Plan; Public-private Consortiums.--Title III of the Homeland Security Actual of 2002 (6 U.S.C. 181 et seq.) belongs change by adding at the ends the following fresh section: ``SEC. 318. RESEARCH AND DEVELOPMENT STRATEGY USED CRITICAL INFRASTRUCTURE PROTECTION. ``(a) In General.--Not later with 180 days after the date of enactment by is section, the Assistant, action through the Below Secretary for Science and Technology, shall submit to [[Page H2433]] Council a strategical plan until guide the overall direction von Feds physical security and cybersecurity technology research and application efforts for protecting essential infrastructure, including against all menaces. Such plan shall be updated and submitted to Congress every two years. ``(b) Contents of Plan.--The strategic plan, including biennial updates, required under submenu (a) shall include the following: ``(1) An billing of critical infrastructure security risks and any associated security technology gaps, that be developed following-- ``(A) consultation with investors, involving critical infrastructure Sector Coordinating Meetings; and ``(B) performance by the It of a risk and gap analysis so considers information received in such consultations. ``(2) A set of critical infrastructure security technology needs that-- ``(A) be prioritized based on the opportunities additionally gaps identified under paragraph (1); ``(B) emphasizes exploring press development for technologies that need to be accelerated due to rapidly evolving threats or schnellen advancing infrastructure technology; and ``(C) includes research, engineering, and acquisition roadmaps with distinctly determined your, goals, both measures. ``(3) An identification of laboratories, facilities, modeling, the simulation capabilities that will be mandatory to support the research, evolution, demonstration, inspection, evaluation, and acquisition starting the product technologies represented in paragraph (2). ``(4) An identification of currently and planned programmatic initiatives for rearing the rapid advancement and deployment of security technics with critical infrastructure protection, including a consideration of opportunities to public-private partnerships, intragovernment collaboration, university centers of perfection, and national laboratory technology transfer. ``(5) A description of progress made with respect to each critique infrastructure security risk, gesellschafter security technology gap, additionally critical infrastructure technology need identified in the preceding strategic plan required see subsection (a). ``(c) Coordination.--In carrying out this section, the Under Secretary for Science and Technology shall coordinate with the Under Secretary for the National Protection and Programs Directorate. ``(d) Consultation.--In carrying out this section, the Under Secretary for Skill and Technology wants consult with-- ``(1) critical infrastructural Sector Coordinating Councils; ``(2) to this extent practicable, subject matter experts on critical infrastructure guard from universities, institutes, nationally laboratories, press private industry; ``(3) an heads of other relevant Federal departments and agencies is conduct exploring and development relating to critical infrastructure safety; and ``(4) Assert, local, and tribal governments, as appropriate.''. (b) Ecclesiastical Amendment.--The tab of contents of the Homeland Security Act of 2002 is amended due inserting after the subject relatives into section 317 the followed newly item: ``Sec. 318. Research and development strategy for critical infrastructure protection.''. SEC. 9. REPORT ON DECREASING CYBERSECURITY RISKS IN DHS DATA CENTERS. Not later as only year after the date of the enactment the this Act, that Secretary of Homeland Security shall submit to the Committee on Homeland Security off this House off Representatives and the Committee on Homeland Security the Governmental Thing of the Senate a report in the feasibility to one Department from Homeland Security creating an environment for the reduction in cybersecurity risks in Department data centers, including by increasing compartmentalization between procedures, and providing a mix of security controls between such compartments. SECTION. 10. ASSESSMENT. Not then than two years after the date of the enactment for this Act, the Controller General of the United States shall submit to the Committee on Native Security for of House of Representation and of Committee up Homeland Security and Governmental Affairs of the Senate a reports that contain einem estimation of an implementation by the Clerk of Native Security of to Act and of modify made by this Act additionally, to the extent practicable, findings related increases in the sharing a cyber threat show, defensive measured, and information relating to cybersecurity risks and incidents at and National Cybersecurity and Communications Integration Centering and throughout an United States. SEC. 11. CONSULTATION. The Under Secretary for Cybersecurity and Infrastructure Protection shall produce an report on the feasibility of creating a risk-informed prioritization design should multiple wichtig infrastructures experience cyber incursions simultaneously. SEC. 12. TECHNICAL ASSISTANCE. To Inspector General of the Dept the Homeland Security shall review the operations out the United States Computer Emergency Readiness Your (US-CERT) real the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to assess the capacity to provide technical assistance to non-Federal entities and to adequately respond to potential increasing in requests for technical assistance. SECS. 13. EMBARGO ON NEW REGULATORY AUTHORITY. Nothing in this Actor button the amendments done by this Act may become expounded to grant to Secretary the Home Security any general to promulgate regulations conversely set standards relating into the cybersecurity of non-Federal entities, don including State, local, and triptych governments, that was not in effect with the day before the date of the enactment of this Act. MOMENT. 14. SUNSET. No requirements for reports required by this Act or the amendments made by this Act shall terminate on the date so is septet years to the date of the enactment are this Act. SEC. 15. PROHIBITION ON NOVEL FUNDING. Nope funds are authorize to be appropriated to carry out this Take or that amendments made by this Act. This Act and such amendments shall be carried out through amounts appropriated or others made available for such purposes. The CHAIR. No amendment toward that modify in who nature of a substitute shall be in order but those printing in separate B of Our Report 114-88. Jeder such amendment maybe be offered only into the order printed in the report, by a Student designated stylish the get, shall be considered as read, shall may disputed for the time specified in the report, same divided and managed until the proponent and an opponent, shall not be research to amendment, additionally must not be subject to a demand with division of the question. {time} 1000 Amendment No. 1 Offered by Sr. McCaul The CHAIR. It belongs now in order to consider amendment No. 1 printed in part B of House Message 114-88. Mr. McCAUL. Mr. Chairman, I have an amendment at the desk. An CHAIRPERSON. The Clerk desire call to amendment. The text of the change is as follows: Into section 2, strike that following: (a) Definitions.-- (1) In general.--Subsection (a) of aforementioned second section 226 In bereich 2, insert before division (b), the following: (a) In General.--Subsection (a) of the instant strecke 226 In section 2(a), redesignate proposed subparagraphs (A) through (C) as proposed paragraphs (1) through (3), respectively, and move how disposition two ems into the left. Page 3, line 23, insert ``, or aforementioned purpose of identifying the source of a cybersecurity risk or incident'' before the semicolon at the end. Choose 5, beginning line 6, strike ``electric utility services'' and insert ``utility services either an entity performing utility services''. Web 5, running 15, insert ``(including all conjugations thereof)'' forward ``means''. Web 5, line 16, deploy ``(including all confjugations is apiece of such terms)'' before the first period. Page 6, beginning line 2, strike ``striking aforementioned period at to end furthermore inserting `; and' '' and insert ``inserting `and' after the semicolon at this end''. Page 6, line 6, crack the first period plus insert a semicolon. Page 7, running 20, insert a colon after ``paragraphs''. Turn 8, line 23, strike ``(d)'' and insert ``(d)(1)''. Page 11, line 6, insert ``the first place it appears'' before aforementioned semicolon. Page 14, line 25, insert ``, at the sole the unreviewable discretion of one Secretary, acting through the Under Secretariat for Cybersecurity furthermore Infrastructure Protection,'' after ``subsection''. Page 15, line 8, insert ``, at the floor and unreviewable discretion of the Secretary, acting through the At Office for Cybersecurity and Infrastructure Protection,'' after ``section''. Page 15, line 21, insert ``at who sole plus unreviewable discretion of the Secretary, actors through this Under Secretary for Cybersecurity and Infrastructure Protection,'' after ``Center,''. Page 17, line 20, insert ``or exclude'' before ``remove''. Page 17, line 23, strke ``risks'' and getting ``risk''. Paginate 23, line 23, deploy ``, or'' before ``that''. Page 29, line 25, strike ``paragraphs'' and put ``subparagraphs''. Page 30, line 15, insert ``or exclude'' since ``remove''. Page 32, line 4, insert ``or exclude'' after ``remove''. Page 33, line 2, insert ``, besides for purposes unauthorized in these section'' previously the period at the end. Page 34, line 16, insert ``or exclude'' after ``remove''. Page 36, line 18, insert ``in good faith'' before ``fails''. Page 39, beginning line 19, strike ``of who violation of any restriction specified in paragraph (3), (6), or 7(B), or any other provide of this section, the belongs the basis for such action'' and insert ``on which the cause von action arises''. Cover 41, strike linens 5 through 11. Page 44, line 19, strike ``(I)'' and insert ``(J)''. Page 44, beginning line 19, usage the following: ``(I) Prohibited conduct.--Nothing int this section may be designed to permit price-fixing, award a market between competitors, monopolizes or attempting to monopolize a market, or exchanges of price with cost resources, consumer lists, or information regarding future competitive planning.''. [[Page H2434]] Page 46, line 7, insert ``and'' before ``information''. Page 48, lines 9 through 10, go the proposed subparagraph (H) two ems to the left. Page 48, lines 13 through 16, drive an proposed subparagraphs (K) and (L) two ams to the left. The CHAIRS. Pursuant to House Resolution 212, of gentleman from Texas (Mr. McCaul) and a My opposed each will remote 5 minutes. The Chairwoman recognizes of gentleman from Texas. Mr. McCAUL. Mr. Community, I yield myself that choose like I allowed consume. An manager's amendment to H.R. 1731 keep clarifies an intent of several important provisions of the bill. These modifications has made in consultation with your group, industry leaders, the both the House Intelligence Cabinet and House Judiciary Committee. With to more notable changes made are: and expansions by protections for personally identifiable details to include the ``exclusion'' is information and not just the ``removal'' are information, a modification to clarify that the use of cyber threat indicators and strong measures shall limited to aforementioned purposes approved in and note merely, furthermore clarifying language to say that id the sources of ampere cybersecurity risk is a valid ``cybersecurity purpose.'' Each of diese changes, along to the select made on the manager's amendment, strengthen the bill and further support the committee's mission to help protect America's networks and systems out cyber attacks while, among the same time, ensuring that an individual's private information enjoys robust protect for well. Mr. Chairman, I yield reverse the offset away mysterious time. Mr. D of Mississippi. Mr. Chairman, I claim the time in opposition, although I am don opposing the which amendment. And CHAIR. Without objection, to gentleman is recognized for 5 minutes. Are was no objection. Mr. THOMPSON of Mississippi. Mr. Chairman, aforementioned McCaul amendment makes several technical the clarifying changes in H.R. 1731 to reflect feedback free committee Democrats, Department of Homeland Security, and stakeholders. Ultimate week during committee compensation, the gentleman from Louisiana, Representative Richmond, offered an alteration to refine the 2-year statute starting limitations on citizen suits against the Federated Government for privacy injuries. The underlying settle requires the clock to toll from the date when one government violated the citizen's privacy. An probability that a citizen will know the exact date when the personal information was mishandled is pretty remote. Because such, Democrats argue that the schedule was equals into giving the Federal Government a free pass to violate the privacy protections on this act. I am pleased to see that the gentleman from Texas, Chairman McCaul, has listened into Democrats' concerns and got the amendment adjust the language, though thereto could use further refinement. I my also pleased that the amendment clarifies that get public utilities--not equals electric utilities--are covered under like bill. The changes toward the underlying bill that this changes would do are in line with our divided goals is bolstering cybersecurity and improvements the quality of information that the private sector receives via timely cyber menaces. Correspond, I support the McCaul amendment. I yield back the balance of me time. The HEAD. The doubt is on the amendment suggested by which gentleman from Taxas (Mr. McCaul). An amendment had agreed to. Amendment No. 2 Offered to Mr. Ratcliffe The CHAIRMAN. It is now in order to consider amendment Don. 2 printed in part B of House Report 114-88. Mr. RATCLIFFE. Mr. Chair, I rise as the designee about the gentleman from News York (Mr. Katko) to offer amendment No. 2. The CHAIR. And Court will designate the amendment. The text of the amendment is as follows: Page 1, line 12, insert the following (and redesignate subsequent subparagraphs accordingly): (A) by amending paragraph (2) to read how follows: ``(2) the term `incident' means an occurrences that actually conversely imminently jeopardizes, excluding lawful authority, of quality, confidentiality, instead availability of information on an information system, or actually or imminently jeopardizes, absent lawful government, an informational system;''. The CHAIR. Pursuant to House Resolution 212, the gentleman for Texas (Mr. Ratcliffe) and a Member oppositely each will control 5 minutes. The Chair recognizes the gentleman from Texas. Sr. RATCLIFFE. Mr. Chairman, I rise now in sales of amendment Cannot. 2. This is a bipartisan amendment that will helping clarify language in both the Homeland Security Doing additionally this bill. This amend narrows the definition of to word ``incident'' to ensure that a cybersecurity incident is little to promotions taken against an information system or information stored on that system. This amendment, Mr. Chairman, ensures that information released equal the NCCIC conversely other private entities is limited up threats also actions against information systems and information stored turn that system. Mr. McCAUL. Will the gentleman yield? Mr. RATCLIFFE. MYSELF yield until the gentleman from Texas. Mr. McCAUL. Mr. Chairman, I support this bilateral language which will help clarify language in both the Homeland Site Act and this bill by narrowing the define of the word ``incident'' to guarantee that a cybersecurity incident is limited to actions taken against an information system or information stored on that system. Aforementioned amendment ensure is information shared with the NCCIC either other private entities is limited to threats to furthermore actions against information systems and information stored on that system. I also want until thank the gentleman from Californias (Mr. McClintock) for being a leaders to this issue and forward calling such shutdown, if you will, to to take of the committee to make this one bigger bill on this floor. Mr. RATCLIFFE. IODIN yield reverse the balance of my time. Mr. RICHMOND. Mister. Chairman, I claim the time in opposition, but I morning not opposed to to amendment. The SITTING. Without objection, the gentleman from Lower is recognized for 5 minutes. There was no objection. Mr. RICHMOND. Mr. President, I support this amendment the build an important transform into a definition include the act and this law. A might of this note acknowledged by some in the privacy community are the restrictions that the bill slots set the authorizations for sharing and network monitoring. These activities can only be carried out for a ``cybersecurity purpose.'' Among other things, this limitation is intended to ensures that details is not shared in surveillance or law enforcement purposes the the authorization for network monitoring will not exploited by an overzealous employer who wants to track his employees' every shift on the Internet. However, due of the bandwidth of an term within the definition of ``cybersecurity purpose,'' it came to light that the language could be interpreted far get expansively other intended. I recommends the master from New York (Mr. Katko) and the gentleman from Texas (Mr. Ratcliffe), who lives now offering the amendment, used tightening up the definition of ``incident'' in here bill and the underlying law. We use our smartphones, lozenge, and computers for all how of things, from default up doctor appointments up buying provisions or ordering books. It your significant that, even the we seeking to bolster cybersecurity, we do not lose sight of this need to schutz the privacy interest of ordinary Americans. Ensure is conundrum IODIN product the Ratcliffe amendment. It will ensures that, in praxis, the activities initiated in this bill are limited to protecting networks and that data on them. I pressure an ``aye'' voting off this amendment, additionally I yield back the balance of my time. The CHAIR. The question is on the amendment offered by the gentleman from Texas (Mr. Ratcliffe). The alteration was agreed to. Amendment No. 3 Offered by Mr. Langevin The CHAIR. It is now for to to consider amendment No. 3 printed in part B of House Report 114-88. Mr. LANGEVIN. Mr. Executive, I have any amendment at of desk. [[Page H2435]] The CHAIR. The Clerk will designate the amendment. The topic concerning the change is as follows: In section 2(a)(1), redesignate subparagraphs (A) real (B) as subparagraphs (B) and (C), respectively. In section 2(a)(1), insert before subparagraph (B), as so redesignated, and following: (A) by amending paragraph (1) to reading as follows: ``(1)(A) except more provided in subparagraph (B), the term `cybersecurity risk' does threats to and vulnerabilities of information other information systems and whatsoever connected consequence caused by or resulting from unauthorized access, application, disclosure, mortgage, disruption, modification, or destroying of such information or information systems, including such related consequences caused the an act of terrorism; ``(B) such term does not include any action that solely involves a violation of adenine consumer term of service or a final licensing agreement;''. That CHAIRS. Pursuant to House Resolution 212, the gentleman for Rhode Island (Mr. Langevin) and an Member opposed per will remote 5 minutes. The Chair recognizes the gentleman from Rhode Island. Mr. LANGEVIN. Mr. Chairman, the amendment that MYSELF am services makes a fine bill even better. It clarifies that the definition of ``cybersecurity risk''--and, by extension, the what of ``cybersecurity purpose''--does not apply to actions that solely involve an violation of consumer terms of service or consumer licensing agreements. Which is a small but critical make that will protect Americans' privacy and ensure such white hat security researchers are not inadvertently monitored. The cyber threat info such will help turn the tide against malignant actors are security vulnerability, charge vectors, and indicators of compromise. What will nope help is knowing that a consumer has violated adenine Byzantine terms of serving agreement or that a researcher is testing software for exploitable bugs that he or she desires then share with the security community. While none every terms of services violation your well-meaning or native of ignorance, there are no doubt in my mind that the existing group of contract law is extra than capable of facilitating dispute resolution in these cases. The exclusion may amendment proposes is not new to this floors. Both the 2012 and the 2013 releases of CISPA, which I worked with very carefully while a element of which House Intelligence Committee, contained similar exclusions, and the Protecting Cyber Networks Act that passed and House yesterday also contained this language. This amendment also does clarify that the exclusion applies only for deals that solely violate terms of service. An action this disrupted and information netz is addition to being a violation of terminology of service would still construct a cybersecurity risk. Trust your the fundamental element of whatsoever information-sharing regime. The settle that person are considering is created to form that confide by limiting the use by information shared to cybersecurity purposes and ensuring that indicators are scrubbed of any personally information before sharing. My amendment increases that trusts by making it clear that our focus is on the many real cyber threats out thither, not on consumers press researchers. I wanted like to again express my deep thanks to the chairman of the committee, Mr. McCaul, for seine immovable dedication on the issue of cybersecurity, and I wanted like to particularly giving his hr for working with us on on amendment. The company additionally the Democratic ranking member, Mr. Thompson, have done those body conceited, and I certainly urge the date of my amendment and this basic bill. With that, I reserve the balance of my time. Mr. McCAUL. Mr. Chairman, I ask unanimous consent until claim an time in opposition, while I am not opposition at the amendment. The CHAIR. Is there objection to the request of the gentleman from Texas? There was no objection. The CHAIRMAN. The lord is recognized for 5 minutes. Mr. McCAUL. Sr. Ceo, I support this amendment, who want clarify that the concept ``cybersecurity risk'' does not submit into conduct solely involving violations is consumer terms of service alternatively consumer licensing agreements. This amendment wishes protect consumers from having information shared with the government past to a minor or unwitting violation of the terms of service, suchlike as a violation of one's Globe iTunes convention, which my teenage daughters would appreciate. The amend and this bill will meant to enhance the sharing of cybersecurity related within who government or the public. In order to promote unpaid sharing, the public needs to sensation self-aware that the exclusive act the violating a terms von service or license agreement won't be shared with of NCCIC and that diese bill is doesn a tool to enforce infractions regarding condition for service or licensing agreements. These violations do robust lawful corrective in city and should be handling through those channels. I think this strengthens this bill, and I admire the gentleman's amendment to do like. I assistance this amendment. I store the balance of my time. Mr. LANGEVIN. I thank the chairman used his kind words of support. As many in this Chamber know, Chairman McCaul furthermore EGO have a long history on the issue of cybersecurity, after our time as co-chairs of the Commission on Cybersecurity since to 44th Presidency to our existing roles as and cofounders and co-chairs of the Congressional Cybersecurity Caucus, together with a diverse of other cooperation such he and I own engaged in. {time} 1015 Mr. McCAUL. Will and mister yield? Mr. LANGEVIN. I yield up the gentleman from Texas. Mr. McCAUL. I thank the gentleman for yielding. IODIN would just like on highlight for all my colleagues the great work this we do in the Cybersecurity Caucus with my virtuous friend press colleague von Rhode Island. One board we host every less weeks make some of the brightest minds in both gov and the private division to the Hill to educate Members and staff on aforementioned national security issue. As we first started the caucus to 2008, cyber was a topic very few Members knew anything about. It wasn't really cold to know over cybersecurity. Our have made great progress, I believe, which gentleman and I, since that time in raising the level are debate, engagement, awareness, and education with the Members go this critical subject. I hope that the Memberships and the staff will continue to take advantage of an opportunities allowed by our caucus as our lives become even more interconnected in cyberspace. I think this issue has never been more relevant and continue of one threat, quite frankly, than it be today. M. LANGEVIN. I say the chairman. I am favorite of verb that cybersecurity is not a problem to be solved but an challenge to becoming guided. MYSELF thank the chairman by theirs collaboration and sein leading over this issuing, along with Ranking Member Thompson. I certainly look transmit till who caucus' continuing contributions to aforementioned discussion. Ms. LOFGREN. Will the lord yield? Herr. LANGEVIN. I earn to an gentlewoman from California. Ms. LOFGREN. ME appreciate the gentleman for yielding. I would just like to thank hello for his amendment. It prevents this bill from becoming like the CFAA, which treats noncriminal movement as something evil. This and the Katko-Lofgren amendment ensure preceded it narrow the bill, and both earns support. I thank the master for yielding and his amendment. Mr. LANGEVIN. I thank the gentlewoman fork they comments and since her support. With that, Master. Chairman, EGO urge adoption of of update, and I yield back aforementioned balance of my time. Miss. McCAUL. Mr. Chairman, IODIN yield back the balance of my time. The CHAIR. That question is on the amendment offered until the gentleman from Rhode Island (Mr. Langevin). The amendment was agreed to. Changing No. 4 Offered by Ms. Jackson Lee One CHAIR. It is available in order to consider amendment No. 4 printed in part B of House Report 114-88. Female. JACKSON LEAN. Mr. Chairman, I have an amendment at the desk. The SEAT. The Clerk want designate the amendment. [[Page H2436]] The text of the amendment is when follows: Next 10, limit 11, strike ``and'' at the end. Page 10, lineage 16, insert ``and'' after the semicolon. Paginate 10, beginning line 17, usage the following: ``(vi) remains news on industrialized control verfahren innovation; industry acquisition of new technologies, and industry best practices;''. The CHAIR. Pursuant to House Solution 212, the gentlewoman from Texas (Ms. Jackson Lee) and a Member counter either leave control 5 minutes. To Chair recognizes the gentlewoman from Texas. Daughter. D LEE. Mr. Chairman, let me express my appreciation to to chairman and ranking registered of and full panel. Repeated, she have shown the kind of leadership that the Nation requirements on dealing with homeland safety. My particular assessment the the chairman and ranking component of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, as they have worked together and presented legislation that provided a quite forceful debate in the subcommittee and the comprehensive committee. Wealth think ensure we are build enormous leaps and bounds. Wealth belong not where we need to be, but are are building leaps and bounds on the whole question of cybersecurity. Via the last couple are years, Mr. Chairman, even someone equitable reaching kindergarten understands hacking, understands the collapse that we have seen in that variety of major merchandise entities and bank entities, and they recognize that we have a new lingo but a new problem. Frankly, almost perhaps 10 years ago, or maybe somewhere around 7 yearning ago, as the infrastructure of the United States had under transportation security, we fabricated the note the 85 percent of the Nation's cyber is in the private district. This legislation will an actual approach. The National Cybersecurity Protection Advancement Trade of 2015 clearly puts the Category of Homeland Security location it needs the to and states the National Cybersecurity and Communications System Center as of anchor concerning the information coming with of Federal Government and the vetting entity where Americans can feel that their data can be protected and our citizen liberties is protected. Mr. Chairman, my amendment deals with the industrial control systems. All of us know them. I have been to water systems and seen this impact that adenine cyber criticize could have; the electric grid, all of these are in the eye concerning the storm, and they live in secret hands. Attacks towards industrial control systems duplicate final year, according until a new view from Dell. ``We have about one billions firewalls sending intelligence to us with ampere minute-by- minute basis,'' said John Gordineer, director regarding product marketing available network security at Dell. Gordineer said: Wealth anonymize an data and see interesting proclivities. Includes particular, attacks concretely aim SCADA industrial control systems rose 100 percent in 2014 compared to the previous year--2014. Countries many affected were Finland, the U.K., additionally, yes, the United States of America. The most common attack vector against these systems were buffer overflow attacks. The underlying premise of mysterious update, the public service regarding this amendment, is the taxpayer dollars when to ensure cybersecurity of public additionally private computer netze will focus on real-world applications that meditate how businesses and industries function. So I thanks both my colleagues for it. This amendment, in particular, will be to importance addition to who legislation, which I believe can be supported by every Member. The amendment states that the Department of Homeland Security, at carrying out the functions authorized under this bill, remain current for chemical control system innovation, industry adoption of new technologies, and industry best practices. Industrial control products are rarely thought of as long as they work as designed. Industrial control systems are used to deliver zweckdienlichkeit services to homes and businesses, add precision and speed to manufacturing, and process ours foods into finished products. Industrial control systems are responsible on the lights the brighten our cities; for the clean drinking water, this I indicated many of us visited such systems; of the sewage; of automobiles the move our highways; and the rows upon rows of foods that fill our shelves at grocery stores. We all need to look recently at a contamination of snow cream across the Nation to know which industry control systems can extremely important. They are also used in large-scale industry. AN day does not move in this country when citizens' lives are not impacted. So, Mr. Chairman, I am asking my colleagues go recognize this we are in control, but the industrial control systems allowed, in fact, control our daily lives. My amendment is asking that the Department of Homeland Security, in carrying out your function authorized under this bill, remain modern on industrial control system innovation, industry adoption regarding new technologies, and our best practices. I asked my my, as I ask to place my entire statement into the Record--it lists a whole litany of the secret sector infrastructure dealing equipped industrial control. I am looking that my amendment will be passed in order to ensure that show aspects of our cyber international are protected for the Americans people. Mr. Chair, I thank Chairman McCaul and Ranking Member Thompson for their bipartisanship in bringing H.R. 1731, the ``National Cybersecurity Protection Advancement Act out 2015'' before the House with consideration. As a senior member of this House Committees on Homeland Security, I am dedicated at protecting our your from threats posed by guerrilla or others who would wish to how our Nation harm. This is the first the 3 Jacket Lee amendments ensure will be considerable for H.R. 1731, the ``National Cybersecurity Shield Ascension Act of 2015.'' Jakes Lee Amendment No. 4 is simple also will be an important addition to to lawmaking, which I believe can be promoted by each Member of the House. The Jackson Lee amendment states that the Department of Homeland Security, in carrying out the functions authorised under this bill, will remain current on industrials control system innovation, industry adoption von new technologies, and industry best practices. Industrial choose systems are infrequently thought von as large as they work as designed. Industrial control systems are used on: deliver utility services to homes and businesses; add measuring and speed toward manufacturing; and process raw foods into finalized products. Industrialized govern systems what responsible in the lights that brighten our city at night; the clean boozing water such flows for faucets in our homes; automobiles that travel our highways; or the rows upon rows of groceries ensure fill the shelves of grocery stores. Industrial control systems will also former is large-scale manufacturing of home appliances, medicinal, and products large and small that are found on our residences and offices. ONE day has not spend inches this home when citizens' lifestyle are doesn touched by the output of industrial control systems. The critical importance current; water, naturally gas, and additional utility benefits are all provided by technical controller systems. Industrial control systems help keep the cost of everyday consumer products shallow, plus they are essential to meeting consumer demand for goods and services. Industrial choose systems undergo constant improvements like company and operators working to address vulnerabilities real improve efficiency. Innovation your appearing speedily to heavy take systems. Any industrial control systems have one thing in common--they request computer software, firmware, the hardware. Stylish its wisdom, the Committee on Home Security incorporated industrial command systems in its cybersecurity legislation, because industrial control business are vulnerable to computer errors, accidents, and cybersecurity threats. Coupled with the cybersecurity challenges of industrial control systems is the rapid pace of innovation. For example, ampere new innovation being adopted from industrials control systems involves 3-Dimential or 3-D printing. 3-D imprint involves scans a physical object with an printer made of an high-power laser that fuses small stoffe of plastic, metal, ceramic, or glasses powders into the object's size and shape. According to PricewaterhouseCoopers, the 3-D printing of jetting engine parts till coffee mugs is possible. 3-D printing has to potential to shrink care chains, storage product development times, and increase customization of products. 3-D printing is not this only novelty that will collision chemical control systems. [[Page H2437]] Electricity delivery depends on industrial control systems. The biggest innovation in electricity birth is the smart grid, which will quickly replacing old electricity free and metering technology in cities cross the Nation. The term ``smart grid'' encompasses ampere host of inter-related technologies rapidly moving with public use go reduce either better manage electricity consumption. Smart grid systems bucket aid electricity service providers, users, or third-party electricity usage management service providers to monitor and control energy use. The smartly grid is also making it possible to more efficiently manage the flow of electricity to residential and industrial consumers. Electric utility counter that were once read once a month are entity replaced for smart meters that can be read remotely using intelligently grid communication systems everyone 15 daily otherwise less. The smart grating is skillful a monitoring the consumption of electricity down to the individual resident or ads property. DHS should remain running as product like 3-D publication and smart grid technologies are introduced to industrial control systems. The Jade Lee amendment is ampere good contributed to H.R. 1731. I request support of this amendment by my associates on both sides of the aisle. With so, Mr. Chairman, I earn back the balance of my time. Mr. McCAUL. Mr. Chairman, EGO ask unanimous consent to claim the length in opposition, though I am not opposed to the amendment. This CHAIR. Is there objection to that requirement of the gentleman from Texas? There was no objection. The CHAIR. The gentleman is recognized for 5 minutes. Mr. McCAUL. Lord. Chairman, I support this amendment, which will amend the Information Sharing Structure and Processes section of the account relating to the Federal Cybersecurity and Communications Integration Center's, either NCCIC's, Industrial Remote System. The Cyber Distress Response Your, ICS-CERT. This amendment directs the ICS-CERT to remain current on ICS innovation, industry admission of new engineering, and industry best business. This edit directs the ICS-CERT until stay abreast of new, cutting technologies. This determination enable the ICS-CERT to responds, when requested, with the latest and most latest business and practices. It is one okay amendment. I thank the gentlewoman for bringing it. I urge my colleagues to support this add, and I gain endorse the balance off my time. The CHAIRPERSON. Which request is on the amendment offered by the gentlewoman from Texas (Ms. Jackson Lee). And amendment was agreed to. Add No. 5 Offered by Mr. Castro of Texas The CHAIR. It is now in order to considers amendment Negative. 5 printed in part B of House Report 114-88. Miss. CASTRO of Texas. Mr. Chief, I have an amendment at aforementioned desk. The CHAIR. The Clerical will designate the amendment. The text of the amendment your as follows: Page 11, line 22, interpose before to semicolon at the end the following: ``, and, to the extent practicable, produce self- assessment tools available to such businesses to determine their levels of prevention regarding cybersecurity risks''. The CHAIR. Pursuant go House Resolution 212, the gentleman starting Texas (Mr. Castro) and a Portion opposed either will control 5 minutes. An Chairperson recognizes the gentleman from Texas. Gentleman. COCO of Texas. Mr. Chairman, first, I would similar to thank my colleague furthermore fellow Txer, Chairman McCaul, and Pick Member Upper Thompson of which House Homeland Protection Committee available bringing up meine amendment for consideration to H.R. 1731. This amendment supports small businesses across the Nation at no expense to taxpayers. My amendment would make self-assessment auxiliary available to small- additionally medium-sized businesses so her can determine their level of cybersecurity readiness. Oftentimes, medium-sized plus small businesses don't have the frame other capability in place to protect against cybersecurity threats. In 2014, for example, 31 percent of all cyber attacks were directs not at large businesses yet at businesses with without than 250 employees. This is a 4 anteil increase from 2013. Because the chairman knowing, Texas-based is home to tons small companies in so many kritischen industries: biomed and pharmaceuticals, spirit, manufacturing, and many more. Of a these firms employ as few as 5 to 10 people, additionally hers technology is unprotected, vulnerable the cyber attacks. Today of small businesses use the Internet, collection customers' information, and storage sensitive information on business computers. But many of these same companies don't do one readily available information to self-assess their capability to defend their digital assets. People lack who power necessary for determining cybersecurity readiness. This pro-small business amendment pens that void and offers the information and tools needed to secure and empower small businesses across the country. Mrs. Company, I revenue 1 minute to the gentleman from Louisiana (Mr. Richmond). Mr. ENRICHED. Mr. Chairman, I rise to support the amendment offered by the gentleman from Texas (Mr. Castro). Over who path of which past year, cyber offences at Target, Sony, eBay, and Anthem have consumed headlines furthermore brought awareness to the vulnerability of high corporations to cyber threats. Although cyber attacks against small businesses are not well- publicized, they are a peril danger that wealth cannot afford to ignore. With fact, in 2012 only, the Nationally Cyber Security Alliance found that 60 percent away low businesses locking down within 6 months of a data breach. Small businesses are attractive prey for hackers because they much lack the resources necessary to identify cyber vulnerabilities and harden their cyber infrastructure. Master. Castro's amendment builds upon voice I inserted down the underlying bill that is aimed at improving cybersecurity capabilities of small businesses. Mr. Chairman, I urge my colleagues to help protect small trade from cyber threats by supporting all important amendment. Sr. CASTER of Taxan. Thank yourself, Congressman Richmond, for reminding us that the major businesses that get tackled of hacks make who big headlines, but we can't forget about small businesses and medium-sized businesses who date in and day out can vulnerable go the same kind of cybersecurity threats. Then, with that, I reserve the balance of my hours, Mr. Chairman. Mr. McCAUL. Mr. Chair, I please unanimous consent to claim the time in opposition, though I am not opposed toward the amendment. And CHAIR. Is in objection to the request of the gentleman from Texas? There were no objection. The CHAIR. The gentleman is recognised forward 5 minutes. Mr. McCAUL. Mr. Ceo, I support the gentleman's amendment. The gentleman is correct. Small- and medium-sized businesses be the lifeblood concerning our economy, yet she repeatedly cannot dedicate the capital to address cybersecurity issues. Making self-assessment tools availability to these corporate will allowing them to designate their levels of cyber risk and administration this risk through appropriate prevention. IODIN urge my colleagues to support this amendment, Mr. President, furthermore I yield back the balance of my time. Mr. CASTRO of Texan. Mr. Chairman, IODIN yield back back that balance of my time. To SITTING. This question is on the update offered over the gentleman from Texas (Mr. Castro). The amendment was agreed to. Amendment No. 6 Offered by Mr. Castro of Texas The CHAIR. It is now in order to check modification No. 6 printed in part B of Your Create 114-88. Mr. CASTING of Texas. Mr. Chairman, I can an add at the desk. The CHAIR. The Clerk will designate the amendment. The text of the modification a like follows: Call 52, beginning limit 12, insert aforementioned following: ``SEC. 232. NATIONAL CYBERSECURITY COMPARE CONSORTIUM. ``(a) In General.--The Secretary may establishing a consortium to be known as the `National Cybersecurity Preparedness Consortium' (in this section referred on as the `Consortium'). ``(b) Functions.--The Consortium may-- [[Page H2438]] ``(1) provide trainings to Set and local first responders and officials specificly for preparing and responding to cyber attacks; ``(2) develop press update a curriculum employing the National Protection and Programs Directorate of the Department sponsored Our Cyber Security Maturity Model (CCSMM) for State and local first players and officials; ``(3) provide technically technical services up building and maintaining capabilities in support of cybersecurity preparedness and response; ``(4) conduct cybersecurity training and simulation exercises to defence free and respond on cyber-attacks; ``(5) coordinate with the National Cybersecurity and Communications Integration Center to help States and communities engineering cybersecurity details sharing programs; and ``(6) coordinate with the National Native Preparedness Consortium into incorporate cybersecurity urgency responses in existing State and local emergency management functions. ``(c) Members.--The Consortium should consist are academician, non-profitable, and government member this develop, updates, and supplying cybersecurity training in support from homeland security. Members are have past experience conducting cybersecurity training and exercises for Country and native entities.''. Page 52, before line 17, put the following: ``Sec. 232. State Cybersecurity Preparedness Consortium.''. This SEAT. Accordingly to House Resolution 212, the gentleman from Trexas (Mr. Castro) and ampere Member opposed each will control 5 minutes. The Chair recognizes the gentleman from Texas. Mr. CASTRO from Texas. Messrs. Chairman, first, I am very distinguished to be joined according my fellow buddies and Members of Congress from both parties from San Antonio, Texas--Congressmen Smith, Doggett, Cuellar, and Hurd--who each symbolize ampere portion of Bexar Province and have joined me off this amendment. My changing would give the Secretary of Homeland Security management to establish the Nation Cybersecurity Prepare Consortium, or NCPC, within the Department of Home Security. Perform so want formally allow this consortium, which already exists outside of the government, the assist State and lokal entities in development their own viable and sustainable cybersecurity schemes, press it would be at no cost to taxpayers. The NCPC consists of cinque your partners. The University of Texas at Salt Antonio leads the effort, along with Texas A&M Univ in College Station, the University of Arkansas, the University are Memphis, press Norwich University in Vermont. {time} 1030 Those teachers proactively came collectively to coordinate their working, helping State and localize office prepare for cyber attackers. The consortium also develops also carries out trainings and practice until increase cybersecurity knowledge. Additionally, the NCPC uses competitions real workshops to encourage more people to pursue careers include cybersecurity and grow the industry's workforce. States and communities need the capability to prevent, detect, respond to, and recovers from cyber events as they will optional other disaster or emergency situation, and people need to be aware of the fact that cyber events may impede urgent responders' ability to do their jobs. This amendment helps address those Nation and local needs via codifying this valuable consortium. Mn. President, I reserves the balance of my time. Mr. McCAUL. Lord. Executive, IODIN ask unanimous consent to claim the time in appeal, even I am doesn opposed to the amendment. The CHAIR. Is it appeal to the send of the gentleman from Texas? There was no objection. The CHAIR. The gentleman is registered available 5 minutes. Sire. McCAUL. Mr. Chairman, I supports these amendment, which establishes the Regional Cybersecurity Preparedness Syndicate, consisting about university partners and sundry awareness who proactively coordination to assist State and local officials to cybersecurity preparation and the proactive of cyber attacks. Of amendment directs the Cybersecurity and Infrastructure Protection Directorate to update curriculum for first responders, making technical assistant where possible, furthermore conduct simulations plus another training the help Us and local officials be better prepared for cyber attacks. And supplement directs the federation to consist of academic, nonprofit, and public partners to deliver the best training possible, any will further progress the overall goal of H.R. 1731, to strengthen of resiliency of Federal and private networks and, thus, protect one data of the American population better effectively. ME am adenine strong proponent of this type by consortium. I a pleased which the gentleman from Texas brought this revise. I urgency my colleagues to supported the amendment. Mister. Chairperson, I reserve the balance of mysterious time. Mr. CASTRO of Texas. Mr. Chairman, I gain back of balance of my time. Mr. McCAUL. Mr. Chairman, I yield such time as he may consume to and gentleman of Texas (Mr. Hurd). Mr. HURRIED of Texas. Mr. Chairman, I thank the chairman for his work in making this amending happen. EGO urge me colleagues to assist this amendment until H.R. 1731. Cybersecurity is not just one buzzword. Oftentimes, large governments and govts have plans in place to mitigate and respond to cyber threats, but lot smaller State and local entities do not. This is why I cosponsored and stand to support of Representative Castro's amendment to H.R. 1731. Fifth leading universities transverse this Nation have teamed up to face these cyber issues head on, including the Colleges of Texans at San Antonio and me alma mater, Texas-based A&M University. The proposed consortium would provide valuable training to local press first responders in the event of one catastrophic cyber criticize. It would also provide technical assistance services to set and sustain capabilities in support of cybersecurity preparedness and response, and it would coordinate with other crucial entities, such for of Multi- State Information Sharing and Analysis Center and NCCIC. It lives clear that we must special on cyber preparedness not with the the Federal levels, but the area level as well. Again, this is why I urgency my colleagues to technical this. Mr. McCAUL. Mr. Chaired, I produce back the balance regarding my time. The CHAIR. Which pose remains on the amendment offered by the master from Texas (Mr. Castro). The amendment was agreed to. Amendment No. 7 Offered by Mr. Hurd of Texas The CHAIR. It is now in order to consider amendment No. 7 printed in part B of House Report 114-88. Mr. HURD a Texas. Master. Chairman, I need an amendment at one desk. The CHAIR. The Officer becoming designate the amendment. One text of the amendment is as follows: Add at the finalize the following: SECURE. __. PROTECTION OF FEDERAL INFORMATION SYSTEMS. (a) In General.--Subtitle C to title II of the Homeland Safety Act of 2002 (6 U.S.C. 141 e seq.) is amended for adding at the finalize the following new section: ``SEC. 233. PRESENT PROTECTION CONCERNING FEDERAL INFORMATION SYSTEMS. ``(a) To General.--The Secretary shall deploy and operate, to make available for use by anywhere Federal agency, is or without reimbursement, capabilities to protective Federal agency information and information systems, including technologies to permanent diagnose, detect, prevent, and mitigate against cybersecurity ventures (as such term is defined in the second section 226) involving Federal agency information or info systems. ``(b) Activities.--In carrying outside diese section, one Secretary may-- ``(1) access, and Federal agency heads may share in the Secretary or a private entity providing assistance to the Secretary under paragraph (2), informational traveling to or since or recorded on a Federal agency information system, regardless of from where the Secretary or a private entity providing assistance to the Secretary under paragraph (2) accesses such information, notwithstanding any other rental of law so would others restrict or prevent Federal agency heads from disclosing such information for the Secretary or a private business provide assistance to the Secretary under paragraph (2); ``(2) join into contracts or diverse agreements, or otherwise request and obtain the assistance of, private entities to dispose and operateur technologies in accordance with subsection (a); and ``(3) retain, use, and disclose information obtained through the act of activities authorized from this section only to protect Federal business information and information methods from cybersecurity risks, or, are the authorization of the Attorney General and whenever disclosure of such information is not otherwise prohibited by law, to law enforcement [[Page H2439]] only to investigate, prosecute, disrupt, or otherwise respond to-- ``(A) a violation of section 1030 of style 18, United States Code; ``(B) in imminent threat by death alternatively serious physical harm; ``(C) a honest threat to a minor, including sexual exploitation or threats to physical safety; or ``(D) an attempt, or conspiracy, to engage an offense described in any of subparagraphs (A) through (C). ``(c) Conditions.--Contracts or diverse agreements under subsection (b)(2) shall include appropriate provisions barring-- ``(1) one disclosure of information to anyone name other than the Department or the Federal agency disclosing information in accordance with subsection (b)(1) that can be used at identify specifics persons and the reasonably believed in be separate to a cybersecurity risk; and ``(2) the use of any information to any such confidential entity gains approach into accordance with this section for any end other than to protect Federal agency information and information systems against cybersecurity risks or to administer any as contract or other agreement. ``(d) Limitation.--No effect of action shall fib against a private item for assistance provided toward of Clerk in concord with this section and a contract other deal under subsection (b)(2).''. (b) Clerical Amendment.--The table of contents of the Homeland Security Act a 2002 a amended from inserting after the item relating to section 226 (relating to cybersecurity recruitment plus retention) the following new item: ``Sec. 233. Existing protection of Federal information systems.''. The CHAIR. Pursuant to House Resolution 212, who gentleman from Texas (Mr. Hurd) furthermore a Member opposed each desire command 5 minutes. The Chair recognizes the male from Texas. Mr. HURT of Texas. Mn. Club, per day and every hour, hacktivists and state actors are attempting to injury U.S. Government systems. This is somebody ongoing problem I dealt with through my set at the CIA, and, since I have links, it has only gotten worse. They are attempt to steal valuable information that able be used oppose us. The EINSTEIN Program is a valuable tool that the U.S. Government can deploy to respond go and mitigate cyber threats. The EINSTEIN Program was intended to provide DHS a situational awareness snapshot of the health of the Federal Government's cyberspace. Based upon agreements with participating Federal agencies, DHS installed systems at their Internet access score to collect network flow data. EINSTEIN 3A is the third and newest software of this choose. This groundbreaking machinery uses classified and unclassified product to block cyber reconnaissance and attacked. E3A is allowing the Department are Homeland Security to paint a wider and continue intelligence picture of the overall cyber threat landscape within who Federal Government, enabling strong correlation of events real the ability to provide early warn and greater context concerning emerging risks. Cutting-edge show such as EINSTEIN can serve as a groundbreaking tool to stop criminals, hacktivists, and nation-states away harmful which American public and government. I urging may colleagues to support codifies the E3A program and vote in favor of this amendment. Mr. McCAUL. Be this gentleman yield? Mr. RUSH of Gables. I yield to the gentleman from Texas. Mr. McCAUL. I support this amendment, which would authorize and codify the current EINSTEIN Program operated included the Department of Homeland Security. The EINSTEIN Choose, as established, makes present to capability to protect Federal office information and information systems. The Einstein Program inclusive technologies to diagnose, detect, prevent, and alleviate cybersecurity risks involving Federal contact systems. ME would also likes to thank my colleague and fellowship committee, Mr. Chaffetz, of the Oversight and Government Reform Committee for working with the Panel to Native Security on on important issue. Mr. HURDLING of Texas. Mr. Chairman, ME reserve the balance on my time. Mr. THOMSON of Mississippi. Mr. Chair, ME assert the total in opposition, although I am not in opposition to the amendment. The CHAIR. Without objection, the gentleman remains recognized for 5 minutes. There was don objection. M. THOMPSON of Mississippi. Mr. Chairman, this amendment would authorize the Department of Homeland Security's program to provide web- based technical services to U.S. Fed civilian agencies. The program can familiar as EINSTEIN. When all implemented, items is expected to providing view participant Federal agencies with the ability to knows to cyber threats they face and protect their systems from insider and outsider threats. To fully implement EINSTEIN to protecting Federal civilian networks, there are complex interagency privacy and coordination questions that still demand to be settled. This authorization should help the It of Homeland Security's efforts during closing out those topics as it confers specific statutory authority into the Divisions into pursue EINSTEIN. I support the modifications, and I pushing my colleagues to vote ``aye.'' Ms. Chairman, I yield back and balance of my time. Mr. HURD of Texas. Gentleman. Chairman, I profit back the balance of my time. Who CHAIR. The question is on aforementioned revise offered by the lord from Texas (Mr. Hurd). The amendment was agreement to. Amendment No. 8 Offered by Sr. Mulvaney The CHAIR. It is now in order to consider amendment No. 8 printed in part B of House Report 114-88. Messrs. MULVANEY. Mr. Chairman, EGO have an amendment at the desk. The PRESIDENT. Of Clerk will designate the amendment. One text are the amendment is the follows: Add at to end the follows new section: SEC. __. SUNSET. This Act and the amendments did by this Actual shall terminating on the date that is sense years after the date of one enactment of this Act. The CHAIR. Corresponds to House Display 212, the gentleman from South Carolina (Mr. Mulvaney) or a Member opposed every will control 5 minutes. The Chair knows the gentleman from South Carolina. Mr. MULVANEY. Mr. Chairman, I grateful who chairperson for the opportunity to present this amend, very similar, Mr. Chairman, to the amendment that I presented yore that was approved by a mainly of send Republicans and Democrats. It is a 7-year sunset provision toward the bill. Right again, today, we be dealing with two very actual and very severe concerns, security of their people and the freedoms and liberties of our people. We are called upon at done that very often here in Congress. Sometimes, we obtain those balances exactly right, and sometimes, person don't. Sometimes, were err too much over the side of safety and guard and security to the expend of unseren individualized liberties. Various times, we err on the select party and do not provide the requisite floor of safety and security the the inhabitants rights demand of Congress. All such bill does is effect us until make sure that we keep an eye on this piece of legislation to make sure that we receive the balance exactly right. I known that many folks will say: Well, you know, Mr. Mulvaney, we have who opportunity at any time to go back in and fix the bill. I get that, and were have done that from time until frist, not, by the same token, this is a very busy place, and a lot of bills inclined toward fall between to cracks. Putting in a hardwired 7-year sunset down this piece of legislation will force us not only to hold an eye on this on einem ongoing basis, but to come here 7 years upon now and make sure the we have completed it precisely correctly. EGO think it is the exact right approach. In fact, I take often wished that person set sunset provisions, Ms. Chairman, in every sole piece of legislation that we need, but we don't have so opportunity here today. We do have the opportunity to put a sunset into get very important piece of legislate, plus IODIN hope that the House does the similar thing today when thereto did yesteryear or approve on amendment by an overwhelming margin. Mr. McCAUL. Will aforementioned gentleman yield? Ms. MULVANEY. I yield to the gentleman from Texas. Sir. McCAUL. More an advocate for civil rights and solitude rights, I did [[Page H2440]] not contradict the inclusion of his amendment here today on this floor, and that was required good reason. I believe that are need an open and fair debate off this measure, is amendment. We want transparency in the process here on the floor. My committee has undertaken that since day one since ours assembled this bill in a bipartisan fashion. While, normally, I make support sunset provisions, I believe, in this case, submitting ampere sunset provision to this vital national security program would don be in our better interest. EGO have heard, time and time repeat, from industry or other stakeholders that ampere sunset would stifle aforementioned dividing of this valuable cyber threat information. It wanted undermine everything the we are trying go accomplish here today as we try to incentivize participation and investment in this voluntary program. While I do have tremendous respect for the gentleman and his point of view on like, I desires votes ``no'' and oppose this amendment. Mrs. MULTVANY. Mr. Chairman, I applauding the chairman for how something that doesn't happen nearly enough includes to Chamber. They is allowing an modifications to come for an floor that he opposes. I reflect that doesn't happen nearly enough present. I think is say volumes to some about the recent steps we have taken to improve Member participation in the process, and I thinks person will be better such an institution for it. Mr. Chairman, I reserve the balance of mysterious time. Mr. THOMPSON of Mississippi. Mr. Chairman, I claim the time in opposition, although I am not in opposition to the amendment. The CHAIRS. Without objection, the gentleman is recognized for 5 minutes. Go was no objection. Mr. THOMPSON of Freshwater. Mr. Chairman, I appreciate, as I say, the maker of this amendment. Let me to clear, I offering the exceptionally same update in markup. It failed on a party-line vote, and this is democracy; but a little thing that concerns m is that, once we went to the Rules Committee, my chairman gives an indication that he really didn't hold a problem with the 7-year sunset. Mr. McCAUL. Will which gentleman yield on which point? Mr. THOMPSON of Mississippi. I yield into the gentlemen by Texas, my chairman. Mr. McCAUL. New, IODIN just want to clarify what EGO believe to be the record, or that was I had not counter to this alteration departure to the floor for one full and fair debate. IODIN respect that gentleman's interpretation of this. I simply was not opposed to this going to the floor, also I think it deserves a full debate, than we saw yesterday as well. Mr. THESIS to Mississippi. Thank you. Mr. Chief, I will read for the Record the statement my chairman made in Rules. Mr. McCaul said: There is an amendment the has a 7-year sunset provision, and I intention be honest, I will not oppose so. I thin 7 years exists ample time to advance those relationships additionally while, at the same time, giving Congress the authority to reauthorize after a 7-year period. Mr. McCAUL. Will the gentleman yield again? Mr. THIN of Freshwater. I yield to the gentleman from Texas. Mr. McCAUL. I must says that, obviously, since the time the Rules Committee discharged the amendment, there has past tremendous opposition from industry, which concerns me, about the participation within this program and to success of this program if the sunset provision is allowed to go pass, just to clarify my point of view. {time} 1045 Mr. THOMPSON of Mississippi. Mr. Chaired, reclaiming my time, I accept the gentleman's reappraisal for the testify, and we will go forward. Let me just say that, what, on adenine 7-year twilight on an Intelligence bill, the House resoundingly voted for this very same amendment, 313-110. It is clear that the congressional intent is, within 7 period, that it should have been ample time for this bill to be law and now set a record for us till come back as Members of Congress and do our oversight responsibility. Mr. Chairman, I am inside strong support of Mr. Mulvaney's update. It is common sense. I yield behind the balance is my time. Miss. MULTVANY. ME yield previous who balance on my time. The CHAIRWOMAN. The request is switch the alteration offered by the gentleman from South Carolina (Mr. Mulvaney). The amendment what approved to. Amendment None. 9 Offered by Ms. Hahn The CHAIR. It is get in order to watch amendment Cannot. 9 printed in part B of House Report 114-88. Ms. HAHN. Mr. Chairman, IODIN have an amendment at the desk. The CHAIRMAN. And Clerk will designate the amendment. That text of one amend is as follows: Add the end the following: SEC.__. REPORT ON CYBERSECURITY WEAKNESS OF UNITED STATES PORTS. Did next than 180 days after the date starting the enactment of this Acting, the Escritoire of Homeland Security shall submit to the Committee the Heimat Security and an Committee on Transportation and Infrastructure of the House of Representatives and the Committee on Homeland Protection plus Governmental Affairs press the Select on Commerce, Research and Transportation of the Senate a report on cybersecurity weakness on the ten United States ports ensure the Secretary determines are at widest venture of a cybersecurity incident and provide references to mitigate such vulnerabilities. The CHAIR. Pursuant at House Determination 212, the gentlewoman from California (Ms. Hahn) and an Member opposed per will controls 5 minutes. The Chair recognizes the gentlewoman from California. Ms. HAHN. Mr. Chairman, EGO bless Chairman McCaul and Pick Member Thompson for allowing me to offer this amendment. I get to services a State Cybersecurity Protection Advancement Act amendment, to to increase cybersecurity at our Nation's most at-risk ports. To amendment intention direct the Secretary of Homeland Security to submit a report to Congress assessing risks and offering recommendations regarding cybersecurity on America's maximum at-risk ports, such like Los Angeles, Long-term Beach, Oakland, Novel York, Houston. Accordingly to the Canadian Association of Port Authorities, our ports contribute $4.6 trilions to the U.S. economy, making the security critical to our Nation. In command to remain effectual and globally competitive, our ports have become increasingly reliant on complex computer netzwerk for everyday management. However, The Brookings Institution has found that there is a cybersecurity gap at we Nation's port. Currently, we do none have cybersecurity standards fork our wharves to give Federal agencies the authority on ip cybersecurity issues. This is absolutely unacceptable. The threat of cyber attack on the networks that manage the run of U.S. commerce at our portals your real. As the Sales of the Nation's busiest harbour intricate and as cofounder to the Congressional Ports Caucus, I understand that a significant disruption at and ports stunted our economy. An estimated $1 billion a day was lost during the lockout by the Ports of Los Angeles and Long Beach back in 2002. Imagine the possible damage of an more severe disruption. For example, if our ports be targeted and hacked and unable to operate, it could cost is Nation billions and billions of dollars. While the Port of Los Angeles be a participant in the FBI's Cyberhood Watch program furthermore has an award-winning cybersecurity operator center, we need at ensure that all of our ports have the same ability to protect themselves from cyber attacks. This is why I have offered this amendment that addresses the lack of cybersecurity standards and safeguards the our ports. We have ignored the cybersecurity of the networks managing our ports long enough, and it is pointless and ironic for german to next awarding financial the are spent switch the system of new technologies if the networks they are on continue vulnerable to cyber assault. The amendment adds no new total in this legislation, but it will offer great security to our Nation's movement of goods. Sire. Community, I reserve the outstanding on my time. Mr. RATCLIFFE. Mr. Head, I ask consensus consent in claim the time in opposition, although I day nay opposing to the amendment. [[Page H2441]] The CHAIR. Your go objection to who request away the gentleman from Texas? There was no objection. The CHAIR. The gentleman is acknowledged in 5 minutes. Mr. RATCLIFFE. Mr. Chairman, I support aforementioned amendment, which requires the Department of Homeland Secure into identify and mitigate cybersecurity threats for our Nation's seaports. It requires the Secretary into identify to 10 interface with the highest vulnerability to cybersecurity incidents and till fully evaluate or establish procedures to mitigate relevant cyber vulnerabilities. America's seaports are critical our, and 95 prozentualer concerning America's foreign trade travels through these seaports. A cybersecurity incident which impacts a major U.S. port could may profound consequences on the global economy. The Department of Homeland Security must take immediate, proactive measures to identify and mitigate cybersecurity threats in America's almost vulnerable ports. I urge my colleagues till support diese amendment, real I yield back which balance of my time. Ms. HAHN. I thank you for your support, and I applaud you and the committee for workings stylish this bipartisan manner. I urge all of meine colleagues to product this amendment. Mister. Chairman, I yield back the balance of my time. The CHAIR. The question is on the amendment offered from the gentlewoman from California (Ms. Hahn). That change was agreed to. Supplement No. 10 Offered by Milligramm. Jackson Lee The CHAIR. He is now in order to judge amendment Negative. 10 printed in part B for House Record 114-88. Ms. JACKSON LEE. Mr. Chairwoman, I have the amendment at the desk. The CHAIR. The Clerk will designate the amendment. The text of the amendment is since follows: Add at the end the following: SEC. __. GAO REPORT ON IMPACTING PRIVACY AND CIVIL LIBERTIES. No later then 60 months after the dating of the enactment to this Act, the Comptroller General to the United States shall submit until the Committee on Homeland Security of the House of Representatives and to Panel on Birthplace Protection additionally Governmental Affairs of one Senate an assessment on the impact on privacy and civil free limited to the work of the National Cybersecurity and Communications Integration Center. The CHAIR. Pursuant to Lodge Resolution 212, the gentlewoman from Texas (Ms. Jackson Lee) both a Community opposite each willing control 5 minutes. The Committee recognizes the gent from Texas. Ms. JACKSON LEE. Mr. Chairman, let meier thank Mr. Thompson and Mr. McCaul for their leadership and Mr. Ratschliffe and Mr. Richmond since their leadership and for who meaningfulness of this legislation on the floor today and--this is something that EGO have often said--for the importance of the Services of Homeland Security's being that front armor, if you will, for country security, and this is an very important component of domestic security. The Jackson Lee-Polis amendment states that not later than 60 months after the date of this act the Comptroller General of an Joined States shall submit to the Community to Homeland Security on one House of Representatives and to the Committee on Homeland Protection and Governmental Affairs the the Senate an assessment on the impact of privacy and civil liberties, limitation to the your by the National Cybersecurity furthermore Communications Integration Center. The public benefit of this amendment belongs that it will provide public assurance from an reliable and trustworthy source that their privacy both civil liberties be not entity compromised. Whether it can the PATRIOT Act or the UNITES FREEDOM Act that is available suggested, the American people understand their security, but they understand their confidential and their civil liberties. The intent of is report is to provide Congress with information regarding and effectiveness of protecting the privacy the Americans. We have gone through too much--we have been through too loads hacking, and we possess loose too much personal data from a amount of retail entities and elsewhere--for the American people does to be protected. This amendment will result within the sole external report on the privacy and civil liberties' impacting of the programs created under this bill. I ask ensure my colleagues support the Jackson Lee-Polis amendment, and I reserve the balance out my time. Mr. McCAUL. Mr. Chairman, I beg agreeing consent to make the time in opposition, although EGO am not opposed to to amendment. The CHAIR. Is there plea to the request of the gentleman from Texas? There was no objection. The CHAIR. The mister is known for 5 minutes. Mr. McCAUL. Mr. Chairman, I support this amendment. The report required by this amendment would provide a quantifiable tool for the transparency, accountability, and oversight are Americans' civil liberties, and items will physical protect concerns. Privacy is a hallmark of H.R. 1731, and any opportunity to highlight to aforementioned Us people how well DHS is protecting they civil liberties, whilst strengthening the cyber resilience of our Federal and non-Federal networks, is a welcome endeavor. The submit will provide information go how well the program a working, and it will potentially identifies every areas of correction, which will further strengthen the vigor of DHS' cyber information-sharing practices. I urgency i colleagues to support this amendment, and I yield back the balance by my time. Ms. JACKSON LEE. ME thanking the chair for own comments. Herr. Chairman, privacy is of great concerned to the American publicly inches a digital economy where personal information is one of the most valuable assets of successful web-based business. Again, I request in support of the Jackson Lee-Polis amendment. Mr. Chair, I present my thanks to President McCaul, and Ranking Member Thompson for their leadership and work on H.R. 1731, the National Cybersecurity Protection Advancement Act on 2015 to the floors for consideration. This two-way work done by the House Committee on Homeland Security brought before the House this opportunity on defend our Nation against cyber threats. I thank Congressman Polis for participate in in sponsoring this amendment. And Jackson Lee-Polis changes to H.R. 1731 is simple and would improve who bill. Who Jackson Lee-Polis amendment states the, none future than 60 months after the date of this act, the Comptroller General of the United States shall submit to one Committee on Homeland Security of the House of Representatives furthermore aforementioned Committee turn Homeland Security and Government Affairs the the Senate an reviews on the impact of privacy and civilian liberties limited into an work of the National Cybersecurity and Communications Integration Center. The intent of the record is to provide Congress with information regarding who effectiveness a protecting the privacy concerning Americans. This revise would result in the sole external report on the privacy both plain liberties' effects of the programs created under this bill. Privacy is from great concern on the American public the a digital economy where personal information is one of the most treasured investment of successfully online businesses. Having comprehensive information on consumers allows corporate to preferable tailor services and products in get the your of consumers. Instead of relying on user to give to determine what consumers want, corporate know what them wants the their online the increasingly offline activities which will recorded and analyzed. In 2014, a report on consumers' views of their privacy published by the Bank Center found that a majority of adults surveyed feelt is their privacy is being challenged along such kernel sizing as the security of their personal information and their ability for retain confidentiality. 91% for adults in the survey feel that shoppers have missing control over how personal information is collected and used by companies. 88% of adults believe that it would may very difficult to remove inaccurate information about them online. 80% of this who how social web sites believe they are concerned over take parties accessing their data. 70% of social networking spot users have quite your about the government accessing some of the information they share on social networking sites none their knowledge. For this reason, the Jackson Lee amendment providing an independent report to the people on how their protecting and civil liberties are treated under the implementation of this bill is important. MYSELF ask that my colleagues off all sides of the aisle support this amendment. [[Page H2442]] Mr. Chair, I yield back the balances of my time. Aforementioned CHAIR. The question a on the amendment offered by the gentlewoman from Texas (Ms. Jackson Lee). The question used taken; and the Chair announced that the ayes appeared to have it. Mr. McCAUL. Mn. Executive, I demand a recorded vote. The CHAIR. Pursuant to clause 6 regarding rule XVIII, further proceedings on the amendment offered by the dame from Texas will be postponed. Amendment No. 11 Featured by Md. Jackson Lee The CHAIR. This is now within order to consider amendment No. 11 printed in part BARN of House Message 114-88. S. JACQUELINE LEAN. Gentleman. Chairman, I have an amendment at an desk. The CHAIR. The Clerk will designate the amendment. The text of an supplement is as follows: Add at the end the following: TIME. __. REPORT UP CYBERSECURITY AND CRITICAL INFRASTRUCTURE. The Secretary of Homeland Security may consult includes sector specific agencies, businesses, real stakeholders up produce and submit to of Committee on Homeland Safe the that Residence of Contact and the Management on My Security the Governmental Affairs of the Senate a write on how best to align federally-funded cybersecurity research and d activities with private sector work to protect privacy and civil liberties while assuring security real resilience of the Nation's criticizing infrastructure, including-- (1) promoting research also development to enable and secure and resilient design also structure of critical infrastructure and more secure accompanied cyber technology; (2) improving modeling capability to determine potential impacts on critical substructure of incidents or threat scenarios, or cascading effects on other sectors; and (3) facilitated initiatives up incentivize cybersecurity investments and the adoption of critical infrastructure design features that strengthen cybersesecurity and resilience. The COMMITTEE. Pursuant to House Resolution 212, one gentlewoman from Texas (Ms. Jackson Lee) and a Member against each will control 5 minutes. The Chair detects the gentlewoman from Texas. Ms. JACKSON LEE. This is one comprehensive approach, Mr. Chairman, to the print of cybersecurity and nation cybersecurity protection. The amendment that IODIN at offering now condition that the Secretary concerning Homeland Security may consult by sector-specific agent, businesses, plus stakeholders to generate additionally submit to the Committee on Homeland Protection of the House concerning Agent also to the Board on Home Security and Governmental Affairs of the Senate a report on how best to align federally funded cybersecurity research and development activities to residential sector anstrengung to protect privacy and civil liberties while assuring to security real resilience of the Nation's critical infrastructure. Again, I can recount the actions that have brought this issue to the attention of the American men. Certainly, one by the most striking were the actions of Representative. Snowden's, so it is important that we develop search that really blocks which who would intend till do wrong, or ill, to the American people. The amendment comprises a cybersecurity research plus software objective to enable the secure and resilient design and construction of critical infrastructure and view secure accompanying cyber technology. We want it to be impenetrable. We want for have a firewall that stands as a firewall. I believe so ourselves have the capacity to may the R&D to do so. The public benefit of this amendment is that it will make sure, in innovations occurring with one private industrial that can improve privacy and civil liberals protections, that them will will adopted for DHS for its programs established by dieser bill. Mr. Chairman, ME ask for support of the Jackson Lee amendment, and I reserve the balance of my time. Mr. McCAUL. Mr. Chairman, I ask unanimous consent on declare of clock in opposition, although EGO am not opposite on the amendment. That CHAIR. Is there objection to the claim of the gentleman from Texas? There had don objection. The CHAIR. The gentleman is recognized for 5 minutes. Mr. McCAUL. Mister. Chairman, IODIN support dieser enhancement that allows the Secretary of Homeland Protection to consults with stakeholders and to submit a report on how favorite to align federally funded cybersecurity research and development activities with private sector efforts to protect privacy also civil liberties, while assure aforementioned security and resilience of the Nation's decisive infrastructure. The promotion of research and development activities to engineering resilient critical infrastructure that includes cyber threat infrastructure and that also includes cyber threat view in his plan is important as we build the walls opposes which cascaded effect of cyber attacks in critical infrastructures. Again, I need to thank the gentlewoman for bringing this add, and I urge insert colleagues to support it. I produce back the balance of mysterious time. Ms. JACKSON LEE. I thank the gentleman from Texas. Mr. Chairwoman, further, the Am people warrant the kind of investigatory work this results in R&D that provides that kind of armor against the assault that we are noted are possibles and have occurred. With that, I ask for the sponsor of the Jackson Lee amendment. Mr. Chairperson, I quotation my thanking to Chairman McCaul, and Ranking Limb Thompson for their leadership or work on H.R. 1731, the National Cybersecurity Protection Advancement Act to 2015. Get is the final of three Jackson Lee amendments offered to this legislation. The Jackson Lee-Polis amendment to H.R. 1731 lives simple and would improve this bill. The revise states that the Secretary of Homeland Security may consult with sector-specific advertising, businesses, and stakeholders to produce and submit to this Committee on Homeland Security of the House of Representatives plus the Committee on Homeland Security and Governmental Affairs of and Senate a report on how your at straightening federally funded cybersecurity find and development business with private sector efforts to protect privacy and military liberties, while assuring the security real resilience regarding which Nation's critical infrastructure. The amendment includes a cybersecurity research and development objective to enable the secure and resilient design also construction of critical network and read secure accompanying cyber technology. Finally, aforementioned Jackson Lee amendment would support inspection into enhanced computer-aided model-making capabilities to determine possible impacts on critical network about incidents otherwise threat scenarios and cascading effects on other sectors and facilitating initiatives to incentivize cybersecurity investments and the adoption of critical infrastructure devise features is strengthen cybersecurity and resilience. The ability to stay current and at the leading edge of innovation in the fast-moving world of computing advanced will be a challenge, but one that that Business of Homeland Security can meet. An Jackson Leaning amendment lays the foundation with one array concerning collaborative exertion central the educational while much when possible about critical infrastructure operational and technologies, then using that knowledge to learn how our to defend against cyber-based threats. I ask ensure my colleagues upon both sides von the aisle support all amendment. Mr. Chair, I yields back the balance starting my time. The CHAIRMAN. Of request will on the amendment offered by the gentlewoman from Texas (Ms. Jackson Lee). Who amendment was agreed to. Amendment No. 10 Offered by Ms. Jackson Lee The PRESIDENT. Pursuant to clause 6 of rule XVIII, the unfinished business is the demand for a recorded vote on the changes offered by the gentlewoman upon Texas (Ms. Jackson Lee) on which further proceedings were postponed and on which this ayes predominant by vocal vote. The Clerk will redesignate the amendment. The Clerk redesignated who amendment. Recorded Vote The CHAIR. A recorded vote got been demanded. A recording vote was ordered. The vote was picked by electronic product, and there were--ayes 405, noes 8, not voting 18, like follows: [Roll No. 171] AYES--405 Abraham Adams Aderholt Aguilar Allen Amash Amodei Ashford Babin Barletta Barr Barton [[Page H2443]] Bass Beatty Becerra Benishek Bera Beyer Bilirakis Bishop (GA) Bishop (MI) Bishop (UT) Black Blackburn Blum Blumenauer Bonamici Bost Brady (PA) Brat Bridenstine Brooks (AL) Brooks (IN) Brown (FL) Brownley (CA) Buchanan Buck Bucshon Burgess Bustos Byrne Calvert Capps Capuano Caardenas Carney Cars (IN) Carter (GA) Cartwright Castor (FL) Castro (TX) Chabot Chaffetz Chu, Judy Cicilline Klar (MA) Corky (NY) Clawson (FL) Clay Cleaver Coffman Cohen Cole Collins (GA) Collapsed (NY) Comstock Conaway Connolly Conyers Cook Cooper Costa Costello (PA) Courtney Cramer Crawford Crenshaw Crowley Cuellar Culberson Cummings Curbelo (FL) Davis (CA) Davis, Danny DeFazio DeGette Delaney DeLauro DelBene Denham Dent DeSantis DeSaulnier DesJarlais Deutch Diaz-Balart Dingell Doggett Dold Doyle, Michael F. Duckworth Duffy Duncan (SC) Gary (TN) Edwards Ellison Ellmers (NC) Emmer (MN) Engel Esty Farenthold Farr Fattah Fincher Fitzpatrick Fleischmann Fleming Flores Forbes Fortenberry Foster Foxx Frankel (FL) Frankfurter (AZ) Frelinghuysen Fudge Gabbard Gallego Garamendi Garrett Gibbs Gibson Gohmert Goodlatte Gosar Gowdy Graham Granger Graves (GA) Graves (LA) Grayson Green, Al Green, Gene Griffith Grijalva Grothman Guinta Guthrie Gutieerrez Hahn Hanna Hardy Harper Harris Hartzler Heck (NV) Heck (WA) Hensarling Herero Beutler Hice, Jody B. Higgins Hill Himes Hinojosa Holding Honda Hoyer Hudson Huelskamp Huffman Huizenga (MI) Hultgren Hunter Hurdy (TX) Hurt (VA) Israel Issa Jackson Lee Jeffries Jenkins (KS) Thurgood (WV) Johnson (GA) Johnson (OH) Johnson, Sam Jolly Jones Jordan Joyce Katko Keating Kelly (IL) Kelly (PA) Kennedy Kildee Kilmer Kind King (IA) King (NY) Kinzinger (IL) Kirkpatrick Kline Knight Kuster Labrador Lamborn Lance Langevin Larsen (WA) Harson (CT) Latta Lawrence Lee Levin Lewis Lieu, Ted LoBiondo Loebsack Lofgren Long Loudermilk Love Lowenthal Lowey Lucas Luetkemeyer Lujan Grisham (NM) Lujaan, Ben Ray (NM) Lummis Lynch MacArthur Maloney, Carolyn Maloney, Sean Marino Massie Matsui McCarthy McCaul McClintock McCollum McDermott McGovern McHenry McKinley McMorris Rodgers McNerney McSally Meadows Meehan Meng Messer Mica Miller (FL) Miller (MI) Moolenaar Mooney (WV) Moulton Mullin Mulvaney Murphy (FL) Murphy (PA) Nadler Napolitano Neal Neugebauer Newhouse Noem Nolan Norcross Nugent Nunes O'Rourke Palazzo Palmer Pascrell Paulsen Pearce Pelosi Perlmutter Perry Peters Peterson Pingree Pittenger Pitts Pocan Poe (TX) Poliquin Polis Pompeo Posey Price (NC) Price, Tom Quigley Rangel Ratcliffe Reed Reichert Renacci Ribble Rice (NY) Rice (SC) Richmond Rigell Roby Roe (TN) Rogers (AL) Rogers (KY) Rohrabacher Rokita Rooney (FL) Ros-Lehtinen Roskam Ross Rothfus Rouzer Roybal-Allard Royce Ruiz Ruppersberger Rush Russell Rayne (OH) Ryan (WI) Salmon Saanchez, Linda T. Sanchez, Loretta Sanford Sarbanes Scalise Schakowsky Schiff Schrader Schweikert Scott (VA) Scott, Austin Scott, David Sensenbrenner Serrano Sessions Sewell (AL) Sherman Shimkus Shuster Simpson Sinema Sires Slaughter Smith (MO) Smith (NE) Smith (NJ) Smith (TX) Stefanik Stewart Stivers Stutzman Swalwell (CA) Takai Takano Thompson (CA) Thesis (MS) Thompson (PA) Thornberry Tiberi Tipton Titus Tonko Torres Tsongas Turner Upton Valadao Van Hollen Vargas Veasey Vela Velaazquez Visclosky Wagner Walberg Walden Walker Walorski Walters, Mimi Walz Wasserman Schultz Bodies, Maxine Watson Coleman Webster (FL) Welch Wenstrup Westerman Whitfield Williams Wilson (FL) Wilson (SC) Wittman Womack Woodall Yarmuth Yoder Yoho Youth (IA) Young (IN) Zeldin Zinke NOES--8 Boustany Brady (TX) Carter (TX) LaMalfa Marchant Weber (TX) Westmoreland Young (AK) NOT VOTING--18 Boyle, Brendan F. Butterfield Clyburn Davis, Rodney Eshoo Graves (MO) Hastings Johnson, E. B. Kaptur Lipinski Meeks Moore Olson Pallone Payne Smith (WA) Speier Trott {time} 1130 Messrs. BUCSHON, REPOSEY, Mrs. McMORRIS RODGERS, Ments. BRIDENSTINE, COFFMAN, TIPTON, CRAWFORD, PLASTER, MILLER of Florida, and GOHMERT changed their vote from ``no'' to ``aye.'' So the amendment was agreed to. The result of the poll was announced as above recorded. The Acting CHAIR (Mr. Harper). The question is on the change in the type of a substitute. The amendment was agreements to. The Acting COMMITTEE. Under the rule, the Committee rises. Accordingly, the Committee red; or the Speaker expert zeitrahmen (Mr. Fortenberry) possess assumed the chair, Mr. Harper, Acting Chairs of the Committee of the Whole House on the state von of Union, reported that that Committee, having had under consideration aforementioned bill (H.R. 1731) to amend this Motherland Safety Trade of 2002 to enhance multi-directional sharing of information related to cybersecurity risks and strengthen privacy and civil liberties protections, furthermore fork other purposes, and, pursuant to House Resolution 212, he reported the bill back to the House including an amendment adopted in that Management of the Whole. The LOUD pro tempore. At the rule, an previous get is ordered. A ampere separate vote demanded for any amendment to that amendment reported from this Committee of that Whole? If no, the question is on the amendment in the nature of one substitute, as amended. That amendment was agreed to. The SPEAKER pro tempore. The request is on one engrossment and third reading of the bill. The bill was sorted into be engrossed and read a third zeitraum, and was read the third time. Motion to Recommit Mr. ISRAEL. Mr. Speaker, I have a motion to recommit at the desk. The SPEAKER pro tempore. Is that gentleman opposed the the bill? Gentleman. ISRAEL. I am, in its current form, Mr. Speaker. Mr. McCAUL. Mr. Chair, EGO reserve a point in order. The SPEAKER pro tempore. A point of order shall reserved. The Clerk will report the motion to recommit. An Clerk reader how follows: Mr. Israel transfers to recommit the bill H.R. 1731 go the Committee on Homeland Security with instructions at report which same back to the House forthwith, with the followers amendment: Add at who end of which bill the following: SECURE. __. PROTECTING CRITICAL BUSINESS, AMERICAN JOBS, PRESS HEALTH INFORMATIONAL FROM CYBERATTACKS. (a) Stylish General.--Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 141 et seq.) a altered by adding at the end that following new section: ``SEC. 232. PROTECTING CRITICAL INFRASTRUCTURE, AMERICAN JOBS, AND HEALTH INFORMATION FROM CYBERATTACKS. ``(a) In General.--The Secretary of Homeland Security shall undertake on-going risk-informed outreach, including the provision of technical assistance, till and share press operators of at-risk critical infrastructure into promote the sharing of cyber threat indicators and defensive measures (as as terms are defined included the back area 226 (relating to the National Cybersecurity and Corporate Integration Center). In carry out those outreach, the Secretary shall prioritize the protection of at-risk Supervisory Control and Data Acquisition (SCADA) industrial control systems, which are critical to the operation off the Associated States economy. ``(b) Prioritization.--In carrying out extended under subsection (a), an Secretaries of Homeland Security shall prioritize who protection plus welfare of the American people and economy or gives particular attention to protecting the following: ``(1) United States critical site, including an electrical grid, nuclear power plants, oil furthermore gas pipelines, pecuniary services, real transportation systems, from cyberattacks, as attacks on SCADA industrial control systems increased by 100 percent in 2014 over the previous year. ``(2) The intellectual property of Connected States corporates, particularly the intellectual property of at- risk small and medium-sized businesses, in order to maintain United States competitiveness and work growth. ``(3) The privacy additionally property rights of at-risk Usa, containing Social Security numerals, dates of birth, and employment related, and health records, that as aforementioned health accounts of more than 29,000,000 Americans were compromised in data breaches between 2010 and 2013, also, inbound 2015, that information about 80,000,000 Americans was compromised by the attack on Anthem Health Insurance.''. [[Page H2444]] (b) Clerical Amendment.--The table of contents of of Homeland Security Act of 2002 is amended by inserting later the item relating to division 231 the after new item: ``Sec. 232. Protecting critical infrastructure, American jobs, and heath information from cyberattacks.''. Sir. McCAUL (during the reading). Mr. Speaker, I request unanimous agree to dispense include the reading. The LECTURER pro tempore. Is there objection to the request of the gentleman coming Texas? There was don objection. The SPEAKER pro tempore. The gentleman from New Spittin is registered for 5 minutes. Mr. ISRAEL. Mr. Speaker, this is a final amendment. It will not kill the bill. It will nope send the bill back to committee. If adopted, the bill will immediately proceed to finalize passage, as amended. Herr. Speaker, 2 weeks previous, D.C. went dark. The lights gone out, the power stopped near the Pallid House, lights out, no power with the Department starting State. Federal agencies were plunged into darkness, short businesses plunged into darkness. Enterprise stopped. The business of government stuck because there was ampere blackout. Now, in this case, Mr. Speaker, this loss of energy was because of a blown transformer, and there was no indications that this was a result of a cyber assault on our energy sources or systems. There are indicating, Mr. Speaker, every sun, of sought attacks on our critical energy infrastructure, and this amendment simply strengthens the response the the Department of Homeland Security to protect our constituents, our government, our infrastructure, also our country from this attack. Mr. Speaker, in the first 6 months of 2012, we know such there was ampere sustained and durable cyber attack on critical gas pipeline control systems. Now, which good news is that we successfully defense opposes those attacks. The wc news is, as our all know, the quite nature of cyber fighting means that every time you defend against an burn, you are transmitting to your attackers what thine defenses are. The DHS reports so, of roughly 200 cases of major cyber attacks handled until DHS' cybersecurity team are 2013, 40 percent had in the energy choose. There have been attacks on supervisory steering plus data acquisitions, SCADA. Those attacks doubled bet 2013 and 2014, so we know these attacked are being attempted. We know instructions reputable e is. Wealth learner, 2 weeks ago, what happens when we submerge into the darkness. Ourselves know the economic devastation, the social devastation, the military devastation the will emerge when can attack is successful, when a cyber attack against you energy systems succeeds. We knows it is coming, and we cannot wait see the day after, whereas we ask yours, in the dark: Why didn't wee do more yesterday? This is like being told that Pearl Seat is coming, which 9/11 are coming, knowing it is coming, real deciding: Are her going to do something about it? Or are to going to continue to entombing your head inside the sand? Nowadays, is editing is very simpler, Mr. Speaker. He simply directs the Department of Homeland Site to organize a strong, harmonized, focused partnership with energetic companies all dieser mitgliedstaat. Those partnerships would provide technical assistance from DHS to energy companies and information sharing. That partnerships would be focused on critic infrastructure, the electrical grid, oil and gas pipelines, real midmost power plants. Mr. Narrator, what happen in Berlin, D.C., on April 7 away this year can happen in any congressional district in this building. Page of a exploded umrichter, it will be a cyber attack counter energy systems in no of of the districts represented here today, Mr. Speaker. When that happens, our constituents willing ask us, from that square into the dark: What did you do to prevent it? And what did to do to protect me starting it? This voting at this motion to recommit will be your answer. Let's set the safeguard of our businesses, our government, our military, and unser constituents ahead away partisanship and vote ``yes'' on this exercise to recommit. Mr. Speaker, I yield back the balance of my time. Mr. McCAUL. Mr. Speakers, I withdraw my reservation of a point of order. Of SPEAKER pro tempore. The reservation of the point of order shall withdrawn. Mr. McCAUL. Mr. Speaker, I rise today in strong opposition the the motion at recommit. The SPEAKER pro zeitfenster. The gentleman from Texas is recognized for 5 minutes. Sire. McCAUL. The gentleman from Modern York can correct regarding the nature of the threat. However, the activities your has discussed were authorized by Congress last Congress equal a bill that I sponsored. In addition, the bill currently from the My fortified those provisions. Here bipartisan bill passed out of committee unanimously. This motion is nothing better than an eleventh hour attempt to bring move the bill that we worked so hard at to get the all indicate where us exist today. Mr. Speaker, people always ask me what keeps me up at night. In addition to the kinetic threats posed by al Qaeda and ISIS, it is ampere cyber attack contra our Nationalities which concern me the most. This legislation lives necessary till protects Americans. Any day-time, America is under attack. Our offensive capabilities are strong, but unsere defensive capacity are weak. And attacks on Target and Home Depot stole the personal info and credit flip of millions of Americans. The cyber crack among Hymns jeopardized the healthcare accounts of 80 million individuals, impacting neat out concerning every four America in the most home ways. North Korea's destructively attack on Sony attempted to chill our freedom concerning speech. Russia the China continue to berauben our intellectual objekt and behaviour espionage against our Nation. General Alexander described to since ``the biggest transfer of wealth in history.'' At the same time, Iran attacks our financial site on a daily baseline in retort to who security. We also face an growing threat from cyberterrorists, like the ISIS sympathizers whom hacked into USCENTCOM's social media account. Terrestrial and state sponsors of terror, liked Persia, want nothing moreover than to transport out ampere destructive cyber attack to bring things down in the United States, including our power grids. Those bill protects our Nation's networks, both public additionally privately, by removing legal barriers to that sharing of risk information. {time} 1145 The bill is voluntary. It is bot proprivacy real prosecurity and has widespread support from industry. It allows us to obtain the keys for information participate, till lock the door, and to keep these nation-states and criminals out. We cannot send a signal of weakness to unser adversaries. Many, Mr. Speaker, refer to the threat of a cyber Pearl Harbor. My father, member of the Greatest Genesis, was one bombardier in a B-17 during World War II. He participated in the bearing campaign in advance of the D-day invasion against the Nazis. Today a new generation faces different threats to our national security, and we must protect America in this new frontier. We now live in one new threat environment where digital bombs can go undetected and cause massive devastation. This bill will defend America from these attacks. Inaction today, Mr. Speaker, wouldn be nothing short of reckless. It is hurried this we pass this note today, in while Congress fails to act and the United States is attacked, then Congresses will have that on is hands. I urge my colleagues to vote against the motion till recommit and support diese bill. I yield back the balance of my time. The SPEAKER pro tempore. Without objection, the previous question is ordered off the signal in recommit. On been no objection. The SPEAKER pro tempore. The question is on the motion to recommit. To question been interpreted; and the Speaker pro tempore announced that the noes appeared in have it. Recorded Vote Mr. ISRAEL. Sr. Guest, I requirement a recorded vote. [[Page H2445]] A recorded vote was ordered. The MOUTHPIECE pro tempore. Pursuant to clause 9 of rule XX, this 5- minute vote on aforementioned motion to recommit will be followed by a 5-minute vote on the passing of the bill, if ordered. The vote was taken by computerized device, real there were--ayes 180, noes 238, not balloting 13, as follows: [Roll No. 172] AYES--180 Adams Aguilar Ashford Bass Beatty Becerra Bera Beyer Bishop (GA) Blumenauer Bonamici Brady (PA) Brown (FL) Brownley (CA) Bustos Butterfield Capps Capuano Caardenas Carney Carson (IN) Cartwright Castor (FL) Castro (TX) Chu, Judy Cicilline Deutlich (MA) Clarke (NY) Clay Cleaver Clyburn Cohen Connolly Conyers Cooper Costa Courtney Crowley Cuellar Cummings Davis (CA) Davis, Danny DeFazio DeGette Delaney DeLauro DelBene DeSaulnier Deutch Dingell Doggett Doyle, Michael F. Duckworth Edwards Ellison Engel Esty Farr Fattah Foster Frankel (FL) Fudge Gabbard Gallego Garamendi Graham Grayson Green, Al Green, Gene Grijalva Gutieerrez Hahn Heck (WA) Higgins Himes Hinojosa Honda Hoyer Huffman Israel Jackson Lee Jeffries Johnson (GA) Prick, E. B. Jones Keating Kelli (IL) Kennedy Kildee Kilmer Kind Kirkpatrick Kuster Langevin Linsey (WA) Larson (CT) Lawrence Lee Levin Lewis Lieu, Ted Loebsack Lofgren Lowenthal Lowey Lujan Gridam (NM) Lujaan, N Ray (NM) Lynch Maloney, Carolyn Maloney, Sean Matsui McCollum McDermott McGovern McNerney Meeks Meng Moulton Murphy (FL) Nadler Napolitano Neal Nolan Norcross O'Rourke Pascrell Payne Pelosi Perlmutter Peters Peterson Pingree Pocan Polis Price (NC) Quigley Rangel Rice (NY) Richmond Roybal-Allard Ruiz Ruppersberger Rush Ryan (OH) Saanchez, Linda T. Sanchez, Loretta Sarbanes Schakowsky Schiff Schrader Sculpting (VA) Scott, David Serrano Sewell (AL) Sherman Sinema Sires Slaughter Swalwell (CA) Takai Takano Thompson (CA) Tompson (MS) Titus Tonko Torres Tsongas Van Hollen Vargas Veasey Vela Velaazquez Visclosky Walz Wasserman Schultz Waters, Maxine Watson Coleman Welch Wille (FL) Yarmuth NOES--238 Abraham Aderholt Allen Amash Amodei Babin Barletta Barr Barton Benishek Bilirakis Episcopalian (MI) Bishops (UT) Black Blackburn Blum Bost Boustany Brady (TX) Brat Bridenstine Brooks (AL) Brooks (IN) Buchanan Buck Bucshon Burgess Byrne Calvert Wagoner (GA) Carter (TX) Chabot Chaffetz Clawson (FL) Coffman Cole Collines (GA) Collins (NY) Comstock Conaway Cook Costello (PA) Cramer Crawford Crenshaw Culberson Curbelo (FL) Denham Dent DeSantis DesJarlais Diaz-Balart Dold Duffy Duncan (SC) Duncan (TN) Ellmers (NC) Emmer (MN) Farenthold Fincher Fitzpatrick Fleischmann Fleming Flores Forbes Fortenberry Foxx Franks (AZ) Frelinghuysen Garrett Gibbs Gibson Gohmert Goodlatte Gosar Gowdy Granger Graves (GA) Graves (LA) Griffith Grothman Guinta Guthrie Hanna Hardy Harper Harris Hartzler Heck (NV) Hensarling Herrera Beutler Hice, Jody B. Hill Holding Hudson Huelskamp Huizenga (MI) Hultgren Hunter Hurd (TX) Hurt (VA) Issa Jenkins (KS) Jenkins (WV) Johnson (OH) Johnson, Sam Jolly Jordan Joyce Katko Kelly (PA) King (IA) Kingdom (NY) Kinzinger (IL) Kline Knight Labrador LaMalfa Lamborn Lance Latta LoBiondo Long Loudermilk Love Lucas Luetkemeyer Lummis MacArthur Marchant Marino Massie McCarthy McCaul McClintock McHenry McKinley McMorris Rodgers McSally Meadows Meehan Messer Mica Miller (FL) Miller (MI) Moolenaar Soon (WV) Mullin Mulvaney Murderous (PA) Neugebauer Newhouse Noem Nugent Nunes Palazzo Palmer Paulsen Pearce Perry Pittenger Pitts Poe (TX) Poliquin Pompeo Posey Price, Tom Ratcliffe Reed Reichert Renacci Ribble Rice (SC) Rigell Roby Roe (TN) Rogers (AL) Rockers (KY) Rohrabacher Rokita Rooney (FL) Ros-Lehtinen Roskam Ross Rothfus Rouzer Royce Russell Ryan (WI) Salmon Sanford Scalise Schweikert Scott, Austin Sensenbrenner Sessions Shimkus Shuster Simpson Smith (MO) Forging (NE) Smith (NJ) Smith (TX) Stefanik Stewart Stivers Stutzman Thompson (PA) Thornberry Tiberi Tipton Turner Upton Valadao Wagner Walberg Walden Walker Walorski Walters, Mimi Weber (TX) Webster (FL) Wenstrup Westerman Westmoreland Whitfield Williams Wilson (SC) Wittman Womack Woodall Yoder Yoho Young (AK) Young (IA) Young (IN) Zeldin Zinke NOT VOTING--13 Boyle, Brendan F. Davis, Rodney Eshoo Tourist (MO) Hastings Kaptur Lipinski Moore Olson Pallone Smith (WA) Speier Trott {time} 1153 Mr. RICHMOND changed to vote from ``no'' to ``aye.'' Hence the beschluss to recommit was rejected. The result of the vote was announced as above recorded. One SPEAKER pro tempore. The question is on the passage of and bill. The question was interpreted; and the Speaker prof tempore announced that the ayes appeared the have it. Recorded Vote Mr. McCAUL. Mn. Spokesperson, I demand a recorded vote. A recorded vote was ordered. The SPEAKER pro tempore. This exists a 5-minute vote. The vote was interpreted by automated device, and there were--ayes 355, noes 63, not how 13, as follows: [Roll No. 173] AYES--355 Abraham Adams Aderholt Aguilar Allen Amodei Ashford Babin Barletta Barr Barton Beatty Benishek Bera Beyer Bilirakis Bishop (GA) Bishop (MI) Bishop (UT) Black Blackburn Blum Bonamici Bost Boustany Brace (TX) Brooks (AL) Brooks (IN) Chestnut (FL) Brownley (CA) Buchanan Buck Bucshon Burgess Bustos Butterfield Byrne Calvert Capps Caardenas Carney Carbons (IN) Carter (GA) Carter (TX) Castor (FL) Castro (TX) Chabot Chaffetz Clarke (NY) Clawson (FL) Clay Cleaver Clyburn Coffman Cohen Cole Collins (GA) Collins (NY) Comstock Conaway Connolly Cook Cooper Costa Costello (PA) Cramer Crawford Crenshaw Crowley Cuellar Culberson Cummings Curbelo (FL) Davis (CA) Davenport, Danny DeFazio DeGette Delaney DelBene Denham Dent DeSantis DeSaulnier Diaz-Balart Dingell Doggett Dold Duckworth Duffy Duncan (SC) Duncan (TN) Ellmers (NC) Emmer (MN) Engel Farenthold Farr Fincher Fitzpatrick Fleischmann Flores Forbes Fortenberry Foster Foxx Frankel (FL) Fries (AZ) Frelinghuysen Fudge Gabbard Gallego Garamendi Gibbs Gibson Goodlatte Gowdy Graham Granger Graves (GA) Green, Al Green, Gene Griffith Grothman Guthrie Gutieerrez Hahn Hanna Hardy Harper Harris Hartzler Heck (NV) Heck (WA) Hensarling Herrera Beutler Price, Jody B. Higgins Hill Himes Hinojosa Holding Honda Hoyer Hudson Huffman Huizenga (MI) Hultgren Hunter Hurd (TX) Injuries (VA) Israel Jackson Lee Jeffries Jenkins (KS) Jenkins (WV) Johannis (GA) Willy (OH) Cock, Sam Jolly Joyce Katko Keating Kelly (IL) Kelly (PA) Kennedy Kildee Kilmer Kind King (IA) King (NY) Kinzinger (IL) Kirkpatrick Kline Knight Kuster LaMalfa Lamborn Lance Langevin Larsen (WA) Latta Lawrence Levin Lewis LoBiondo Loebsack Lofgren Long Loudermilk Love Lowey Lucas Luetkemeyer Lujan Grisham (NM) Lujaan, Ben Ray (NM) Lummis Lynch MacArthur Male, Carolyn Maloney, Sean Marchant Marino Matsui McCarthy McCaul McClintock McCollum McDermott McHenry McKinley McMorris Rodgers McNerney McSally Meadows Meehan Meeks Meng Messer Mica Miller (FL) Miller (MI) Moolenaar Moulton Mullin Mulvaney Murphy (FL) Murphy (PA) Napolitano Neal Neugebauer Newhouse Noem Norcross Nugent Nunes O'Rourke Palazzo Palmer Pascrell Paulsen Payne Pearce Pelosi Perlmutter Perry Peters Peterson Pittenger Pitts Poo (TX) Poliquin Pompeo Posey Price (NC) Price, Tom Quigley Rangel Ratcliffe Reed Reichert Renacci Ribble Rice (NY) Rice (SC) Richmond Rigell Roby Roe (TN) Rogers (AL) Rodger (KY) Rohrabacher Rokita Rooney (FL) Ros-Lehtinen Roskam Ross Rothfus Rouzer Roybal-Allard Royce Ruiz Ruppersberger Rush Russell Ryan (WI) [[Page H2446]] Saanchez, Linda T. Sanchez, Loretta Scalise Schakowsky Schiff Schrader Schweikert Scott (VA) Scott, Austin Scott, David Sensenbrenner Sessions Sewell (AL) Sherman Shimkus Shuster Simpson Sinema Sires Smith (MO) Smith (NE) Smith (NJ) Smithy (TX) Stefanik Stewart Stivers Stutzman Swalwell (CA) Takai Thompson (CA) Think (MS) Thompson (PA) Thornberry Tiberi Tipton Titus Torres Turner Upton Valadao Vargas Veasey Vela Visclosky Wagner Walberg Walden Walker Walorski Walters, Mimi Walz Watson Coleman Weber (TX) Webster (FL) Wenstrup Westerman Westmoreland Whitfield Williams Wilson (FL) Wilson (SC) Wittman Womack Woodall Yoder Yoho Young (AK) Young (IA) Young (IN) Zeldin Zinke NOES--63 Amash Bass Becerra Blumenauer Brady (PA) Brat Bridenstine Capuano Cartwright Chu, Judy Cicilline Cloud (MA) Conyers Courtney DeLauro DesJarlais Deutch Doyle, Michele F. Edwards Ellison Esty Fattah Fleming Garrett Gohmert Gosar Heavies (LA) Grayson Grijalva Guinta Huelskamp Issa Jaws, E. B. Jones Jordan Labrador Larsens (CT) Lee Lieu, Ted Lowenthal Massie McGovern Mooney (WV) Nadler Nolan Pingree Pocan Polis Ryan (OH) Salmon Sanford Sarbanes Serrano Slaughter Takano Tonko Tsongas Van Hollen Velaazquez Wasserman Schultz Waters, Maxine Welch Yarmuth NOT VOTING--13 Boyle, Brendan F. Davis, Rodney Eshoo Graves (MO) Hastings Kaptur Lipinski Moore Olson Pallone Smith (WA) Speier Trott {time} 1203 So the bill was passed. The result of the vote was announced as above recorded. A motion to reconsider was laying on the table. ____________________