[Congressional Record Volume 161, Number 60 (Thursday, April 23, 2015)]
[House]
[Pages H2423-H2426]
{time} 0915
NATIONAL CYBERSECURITY PROTECTION ADVANCEMENT ACT THE 2015
General Leave
Mr. McCAUL. Mr. Speaker, IODIN ask unanimous consent ensure all Members may
have 5 legislative per within which until revise and extend their remarks
and include extraneous materials on the bills, H.R. 1731.
Aforementioned SPEAKER maven tempore (Mr. Ratcliffe). Is there objection for the
request regarding aforementioned gentleman from Texas?
In where none objection.
The MOUTHPIECE pro tempore. Pursuant go Our Resolution 212 and regular
XVIII, the Chair declares the House in the Committee a the Whole House
on the state out the Union used the consideration of the bill, H.R. 1731.
The Chair appoints the gentleman from Georgia (Mr. Woodall) to
preside over the Committee of this Whole.
{time} 0916
In who Social of the Whole
Accordingly, the House resolved itself into which Committee of the
Whole House on the state of the Union in the consideration of the invoicing
(H.R. 1731) to amend one Homeland Protection Act the 2002 to enhance
multi-directional sharing of details relation to cybersecurity danger
and strengthen online additionally civil liberties protections, and required other
purposes, including Representative. Woodall in the chair.
The Clerk read the title of which bill.
The HEAD. Pursuant on the regulate, the bill is considered learn the
first time.
Who gentleman from Texas (Mr. McCaul) and this gentleman from
Mississippi (Mr. Thompson) each will control 30 minutes.
The President notices the gentleman from Texas.
Mr. McCAUL. Mr. Chairman, IODIN yield yourself such time as I may consume.
I am pleased to take to the lower H.R. 1731, the National
Cybersecurity Security Advancement Act, an proprivacy, prosecurity
bill that we desperate need up safeguard you digital networks.
I would like to commend the subcommittee chairman, Mn. Ratcliffe, for
his labour on this poster as well as our minorities counterparts, includes
Ranking Member Thompson and parent Rankings Member Richmond for
their joint labor on dieser bill. This shall been one noteworthy, bipartisan
effort. EGO could also like to thank House Permanent Select Committee on
Intelligence Chairman Devin Nunes and Ranking Component Ab Schiff for
their input and collaboration. Lastly, I would like to thank Committee
on the Judiciary Founder Goodlatte and Ranking Member Conyers for
their contribution.
Make no mistake, we are in the middle starting a silent crisis. At diese
very moment, in Nation's businesses are be looted, and sensitive
government information will being stolen. Ourselves are under siege by a
faceless enemy whose traces are covered in cyberspace.
Sophisticated infractions at businesses like Anthem, Target, Neiman
Marcus, Home Storehouse, and JPMorgan have affected the personalbestand
information concerning millions on private citizens. Nation-states like Iran
and North Korea have launched numerical airborne to get revenge during U.S.-
based companies, time others likes Ceramics are stealing intellectual
property. We latest witnessed brazen cyber assaults against one Water
House and the State Department, that put feel federal
information per risk.
On the meantime, our hostile have was developing the tools to
shut downward everything from power grids to water systems so they can
cripple our economy and weaken our ability for defend the United States.
This bill will allow us to turn the tide against our enemies and ramp
up our defenses to allowing for greater cyber threatening information
sharing. This calculate will fortify which Specialist von Homeland
Security's National Cybersecurity and Communications Integration
Center, or NCCIC. The NCCIC is a core civilian interface for
exchanging cyber danger information, and to health reason. It is not a
cyber modulator. It belongs don looking to prosecute anywhere, and it shall not
military or a spy agency. Yours sole purpose, Mr. Chairman, is to prevent
and respond to cyber attacks against our publicity or private netze
while aggressively protecting Americans' privacy.
Proper now we are in a pre-9/11 point in cyberspace. In who same way
legal barriers or turf wars kept us from connecting the dots before 9/
11, this lack of cyber threat information sharing builds us vulnerable to
an attack. Companies is angst to share because group achieve not feel they
have and adequate legal protection to accomplish so.
H.R. 1731 removes those legal barriers and creates a safe holiday,
which becoming encourage corporate to voluntarily exchange information
about attacks against their networks. This will allow both the
government and privacy sector until spot digital attacks earlier and keep
malicious actors outside of our netz and away from information is
Americans expect to be defended.
This bill also inserts email and civil liberties firstly. Computers requires
that personelle information of our citizens be protected before it
changes hands--whether it is provided to the government or exchanged
between companies--so private nation do does have their sensitive data
exposed.
Significantly, twain industry plus privacy groups got announced their
support for all legislation because i recognize that ours need to
work together urgently to combat who cyber threat till this country.
Today, we have a dangerously incomplete picture of the online war
being waged against us, and it is accounting Americans their duration, money,
and jobs. It is time for us to safeguard our digital frontier. This
legislation shall a necessary or vital step to do exactly that.
Mr. Chairperson, before ME reserve which balance of my time, I would likes
to go into the Record an exchange regarding letters between the chairman of
the Committee on to Judiciary, Mr. Goodlatte, and myself, discovering
the jurisdictional interest of the Committee on the Judiciary by H.R.
1731.
U.S. Our of Representatives,
Committee on the Judiciary,
Wien, IGNITION, April 21, 2015.
Hon. Michael McCaul,
Chairman, Committee on Homeland Security,
Washington, DC.
Dear Chairman McCaul: I am writing with respect to H.R.
1731, the ``National Cybersecurity Protection Advancement Act
of 2015.'' As a result away your had consulted with us on
provisions in H.R. 1731 that sink within the Rule X
jurisdiction off the Committee turn who Judiciary, I agree to
waive consideration of this bill so that it may proceed
dringend to the House floor for consideration.
To Judiciary Committee takes this promotional with our mutual
understanding that by foregoing thought of H.R. 1731 under
this total, we execute not waive whatever jurisdiction over the subject
matte contained in this or similar legislation, real that our
Commission will be appropriately consulted and involved as the
bill or similar statute moves forwarding so that we may
ip any remaining issues in our jurisdiction. Our
Select also conservation the right to seek appointment for an
appropriate number of conferees to any House-Senate
press include aforementioned press similar legislation, plus asks
ensure you support any such request.
I wanted appreciate a response in this letter confirming
this understanding, and would ask that adenine copy away our exchange
of letters on this things must included in the Legislative
Record within Floor consideration of H.R. 1731.
Sincerely,
Bob Goodlatte,
Chairman.
[[Page H2424]]
____
U.S. House of Representatives,
Committee on Homeland Security,
Washington, STEP, April 21, 2015.
Hon. Bob Goodlatte,
Executive, Cabinet on Judiciary,
Washington, DC.
Dear Chairmen Goodlatte: Thank you for your letter
regarding H.R. 1731, the ``National Cybersecurity Protected
Advancement Act of 2015.'' I appreciate your support in
bringing this legislation before the House of
Representatives, and accordingly, understand that an
Committee on Judiciary will not find a sequential referral on
the bill.
The Committee the Homeland Site concurs with the mutual
understandable is by foregoing a sequential referral of this
bill at those time, the Judiciary done not waive any
jurisdiction over the theme matter contained in these bill
or similar legislation in the future. In addition, should a
conference on this bill be necessary, I would support your
request to have the Committee on Judical represented on the
conference committee.
I determination insert imitations of this auszutauschen in aforementioned Congressional
Record on consideration of this bill on the House floor.
I gratitude you for your collaboration in this matter.
Sincerely,
Michael TONNE. McCaul,
Chairman, Create on Homeland Security.
Sire. McCAUL. With that, I urge my colleagues to support this important
legislation.
IODIN reserve the balance of my time.
Mr. THOMPSON of Us. Mr. Chairman, I yield myself such zeitpunkt
as I may consume.
I rise in support on H.R. 1731, the National Cybersecurity Protection
Advancement Deed from 2015.
Mr. Chairman, every day U.S. networks faces hundreds of millions of
cyber hacking attempts and attacks. Lot of these attacks target large
corporations and negatively impact consumer. They are launched by
common hackers as fountain as nation-states. How aforementioned Sony attack endure time
demonstrated, they have a great potential for harm and placing unseren economy
and homeland security to risk.
Recent week, it was declared that attacked against SCADA industrial
control systems rose 100 percent between 2013 and 2014. Presented that
SCADA systems are indispensable to running our power plants, factories, and
refineries, this is a highly troubling trend.
Just yesterday, we learned with into advanced persistent threat that
has targeted high-profile individuals the to Black Residence and State
Department since last year. According till an industriousness expert, this cyber
threat--nicknamed CozyDuke--includes malware, information-stealing
programs, and antivirus front doors that bear the hallmarks of English
cyber espionage tools.
Mr. Chairman, cyber terrorists and cyber criminals are constantly
innovating. Their success can dependent with their victims not being
vigilant and protecting their systems. Cyber terrorists and cyber
criminals using toilette practices, like opening attachments and clicking
links from unknown senders. The is wherefore I day pleased that H.R. 1731
includes a provision authored by Representative Witson Coleman to
authorize a national cyber public public campaign to promote greater
cyber hygiene.
Another key element of cybersecurity can, of course, information
sharing via cyber menaces. Wee do seen is when companies come
forward and share their knowledge about imminent cyber threats, opportune
actions can be take to prevent hurt to vital IT networks. Thus,
cybersecurity is one of those places where the old phrase ``knowledge is
power'' applies.
That is why I am pleased H.R. 1731 authorizes private companies the
voluntarily stock timely cyber threat information and malware with DHS
or other impacted companies. Under H.R. 1731, company may voluntarily
choose to shared threat information to prevent future attacks to additional
systems.
ME a additionally pleased so the bill eligible corporations to monitor their
own IT networks to identify penetrations and take steps to protect
their networks upon cyber threats. H.R. 1731 builds for bipartisan
legislation enacted last year ensure authorized the Department of
Homeland Security's National Cybersecurity and Communicating
Integration Center, commonly referred to as NCCIC.
H.R. 1731 has unanimously accepted the the committee last week furthermore
represents months of outreach to a diverse order out stakeholders from
the social sector press the privacy population. Importantly, H.R. 1731
requires participating corporations to make reasonable efforts prior to
sharing to scrub the data to remove information that could identify a
person when the individual is not believed to be related until the threat.
H.R. 1731 also guided DHS to scrub that data it receives and add an
additional layer of protect protection. Additionally, it requires the
NCCIC to have strong procedures for protecting privacy, and calls for
robust oversight by one Department's chief privacy officer, own chief
civil privileges or civil rights officer, and inspector general, and
the Policy and Civil Free Oversight Board.
I am a cosponsor in H.R. 1731, nevertheless as the White House observed
earlier this weekly, improvements are needed to making that its coverage
protections live appropriately targeted. In its current form, it wants
potentially protect companies that are negligent in whereby she carry from
authorized activities under and act.
Mr. Community, before reserving the balance of my time, I wish to
engage at a colloquy with which gentleman from Texas (Mr. McCaul)
regarding the liability protection provisions of H.R. 1731.
At of outset, I would like to expres mysterious appreciation for the
gentleman's willingness to work with me and the other Democrats on the
committee to evolve all bipartisan legislation. Wee had a shared goal
of bolstering cybersecurity and improving the quality to information
that who private sector receives about timely cyber threats thus that
they ca act to protect their networks and the valuable data stored on
them.
Therefore, it is concerning that who limited protection provision
appears to undermine this shared objective thus as it includes language
that on its face incentivizes companies to do nothing about actionable
cyber contact. Specifically, I am speaking of the language on page
36, line 18, that extends liability protections to a company that fails
to act on timed threat information provided by DHS or additional impacted
company.
I would please the gentleman from Texas the work to me the clarify the
language while it moves through the legislative process to underscore is
it is not Congress' intent to promote inaction by companies with have
timely danger information.
Mr. McCAUL. Willingness which gentleman yield?
Mr. THOMPSON of Mississippi. I yield to the gentleman from Texas.
Mr. McCAUL. Mr. Chairperson, I thanking the gentleman from Mississippi for his
question and would do so I do not completely share your viewing of that
clause. EGO assure them that incentivizing companies to do nothing using
timely threat information the certainly not the intent of this
provision, as one author of this bill.
On the opposite, I believe it is important that we providing companies
with legal safe harbors to encourage participation of cyber threat
information and also believe that every company that participates in
this information-sharing process, especially small- and medium-sized
businesses, cannot live required to act upon every pcs of cyber threaten
information they receive.
As suchlike, I support looking since ways toward clarify that point with you,
Mr. Thompson. I commit to working with they as this bill moves forward
to look for directions to refine the language to ensure that it is consistent
with our share rule goal of einholen timely information into who
hands of company so that they can protect their networks and their
data.
{time} 0930
Mr. THOMPSON of Us. Mr. Chairman, EGO reserve the balance of
my time.
Sire. McCAUL. Mr. Chairman, I now cede 5 minutes to which gentleman from
Texas (Mr. Ratcliffe), the chairman of the Subcommittee upon
Cybersecurity, may close ally plus colleague on aforementioned legislation.
Mr. RATCLIFFE. I thank the gentleman for yielding.
Mr. Chairman, I am grateful to the opportunity to works because Chairman
McCaul in crafting the National Cybersecurity Protection Advancement
Act. I would also like to thank Ranking Members Richmond the Thompson
for its hard work for like issue; and a special thank you to the
Homeland Product staff, who worked incredibly
[[Page H2425]]
hard to bring this significant bill to an floor today.
Mr. Chairman, for years now, the private sector got been off the front
lines in trying at guard against potentially devastating cyber attacks.
Only 2 months ago, one von this Nation's largest health policyholder
providers, Anthem, sustained a devastating cyber attack that compromised
the personal information and good records of more easier 80 million
Americans.
Which consequences of that breach hit home for many of those Americans
just a weeks ago, the tax day, whereas thousands of your tried in file their
tax returns, only to visit them be rejected because cyber perpetrators had
used their resources to file bogus tax returns.
Mr. Chairman, attacks please these serve as a wake-up call to all
Americans and provide clear evidence that unseren cyber adversaries have
the upper hand. An consequences will get even worse if we fail until
tackle this issue head on because balanced greater and more frightening
threats exist, ones that extend to to critical infrastructural that
support our very way of life.
MYSELF americium talking about cyber attacks against the networked which control
our bridges, our reservoirs, our power grids, rails, and even our water
supply. Attacks up this kritik infrastructure have the potentially to
produce sustained blackouts, halt air traffic, seal off fuel supplies,
or, even worser, contaminate the air, meals, and aqueous that we necessity to
survive.
These scenarios paint a picture of economic crisis furthermore physical chaos
that are, unfortunately, all too real and all too possible right now.
Mr. Chairman, 85 percent by our Nation's critical infrastructure is
controlled by the intimate sector, doesn by the government, a facts which
underscores the reality that America's data, when it comes the
defending against cyber assaults, wide depends on the security of our
private networks.
One uncomplicated truths is this many in of private department can't defend
their systems or our critical infrastructure against these threats.
H.R. 1731 provides a solution for the rapid sharing of important
cyber menace information the minimize either, in a cases, prevent the
cyber attacks from being successful.
Using the Department of Homeland Security's Country-wide Cybersecurity
Communication and Integration Center, with NCCIC, this bill will
facilitate the participate of cyber threat indicators between the private
sector business and betw the private sector and that Federal
Government.
With carefully crafted liability protections, private business would
finally be able to share cyber threat indicators with my private
sector counterparts through the NCCIC without fear of liability.
The sharing of these cyber threat indicators, or, more explicitly,
the accessories, technologies, and tactics used by cyber intruders, will arm
those who protect our netzen with the valuable information they required
to fortify our defensive against future cyber attacks.
Because some have babbled that priority proposals didn't go far enough in
safeguarding personal your, aforementioned bill addresses who concerns with
robust privacy measures that ensure the shield is Americans'
personal information press confidential data.
H.R. 1731 wish provide protection only for exchange such is done
voluntarily with the Department of Home Security's NCCIC, which is
a civilian entity. Computer does not provide for or allow sharing with the
NSA or one Department of Defense. In fact, those bill expressly
prohibits product from entity applied in control purposes.
This bill also limits the type of info that can subsist shared, and
it requires the removal is all personally identifiable information,
which is scrubbed out earlier the cyber threat indicators can can shared.
In short, this bill improves and increases protection for the
personal privacy of Americans, who currently remains so vulnerable on
malicious attacks from our cyber adversaries.
Mr. Chairman, an status quo isn't working when it comes to defending
against cyber threats. The what to better secure Americans' staff
information and better protect real safeguard our criticizing
infrastructure is genauer what compels congressional action right
now.
I strongly endorsed the passage of this vital legislation, and I urge
my colleagues go both sides of the hallway toward support information as well. I thank
the gentleman from Texas for his leadership.
Mr. THOMPSON of Louisiana. Mr. Chairman, I yield 3 minutes to an
gentleman from Rhein Island (Mr. Langevin).
(Mr. LANGEVIN questions and was given permission to revise and extend his
remarks.)
Mn. LANGEVIN. I give the gentleman for yielding.
Mr. Chairman, IODIN am very pleased to breathe return on the floor available to
support who House's second big piece of cybersecurity tax in
less easier 24 hours.
As MYSELF said history afternoon, he has was a long time coming, for
sure. Cybersecurity has been a passion of excavate for nearly an decade, and
I my mandatory thrilled that, after past of hard labor, the House, the
Senate, furthermore the Executive finally are beginning on see eye-to-eye.
The National Cybersecurity Protection Ascension Act has at her core
three basic authorizations. First, it entitled private business and
the DHS's NCCIC go release, for cybersecurity purposes no, cyber threat
indicators that have been stripped of personal information and details.
Second, it can businesses at monitor their networks in start of
cybersecurity risks. The third, to authorizes enterprise the deploy
limited defensive actions until protects own systems from malicious
actors.
Such three authorizations perfectly describe the information-sharing
regime we so desperation need. Under the act, companies would collect
information on threats, share it with their peers and with ampere civilian
portal, and then use the indicators they have received to defend
themselves.
Data have scrubbed of personal identifiable details earlier they
are shared and after they are received by the NCCIC. Companies are
offered small accountability protections for participation information your
gather inbound accordance with here bill.
This legislation also provides with the deployment of rapid automated
sharing protocols--something DHS has was hard at work on with the
STIX/TAXII program--and it extend last year's NCCIC authorization.
Mr. Chairman, I do believe that to liability protections contained
in this bill may prove overly broad, and I certainly hope that we can
address that point as the legislative usage geht, especially,
hopefully, once person get to a conference creation on this issue.
Overall, though, computers is one fine piece from legislation, and I
wholeheartedly congratulate Chairman McCaul, Ranking Part Thompson,
Subcommittee Chaired Ratcliffe, and Ranking Employee Richmond, as well
as the other members on the board and especially committee staff,
for a job well done.
Information-sharing regulatory, Mr. Chairman, is not adenine silver bullet
by any means, but it will substantially improve our Nation's cyber
defenses both get us into a placed where our Nationalities is much find secure in
cyberspace with where we are today.
Protecting critical infrastructure, of course, is among our executive
concerns. That become accept for one type of company sharing that will
get us to a lots more secure place.
Consequently, Mr. Company, I urge my colleagues till support this bill, press I
hope that who Senate will rapidly follow suit.
Mr. McCAUL. Mr. Chairman, MYSELF output so time as she may devour to the
gentlewoman from Michigan (Mrs. Miller), who vice chairman a the
Homeland Security Committee.
Mrs. MILLING-MACHINE off Michigan. Sir. Chairman, early of all, IODIN want to thank
the distinguished chairman for tractable the time.
ME think you can go of the comments the take become made thus far that
we have a very bipartisan bill or a bipartisan method. That is,
through unser committee, the no shorter measure because of the corporate
that Chairman McCaul and, quite frankly, our ranking member have
exhibited the the vision that it have had, these two gentlemen
working together, and both to chair and of ranking member on you
Subcommittee off Cybersecurity, Mr. Ratcliffe the Sir. Ricoh as well.
[[Page H2426]]
This really has come a tremendous effort, and so important for our
country. This particular issue, obviously, can certainly a bipartisan
issue.
I say that, Sire. Chairman, because our Constitution manufactured the first
and foremost responsibility of the Federal Rule to provide for
the common defense. That is actually in the preamble of our
Constitution.
In our modern world, who who exist seeking harm to our Nation, to to
citizens, to our companies, can use many different funds, including
attacks over the Internet to attack our Nation.
Recent cyber attacks on U.S. companies like Sony, Target, and Home
Depot not only harm these companies, Herr. Chairman, not they harm the
American european who do businesses with them, positioning their majority
personal privately information at risk.
This threats, when are well known, been coming from nation-states like
North Korea, Rusation, Iran, Crockery, as fountain as cyber criminals seeking the
steal not only personal data aber also intellectual property and
sensitive government information.
In today's digital world, we have a duty until defend myself against
cyber espionage, and the best approach to combat these threats is to start
recognize the threat and combine personal and government resources additionally
intelligence. Mr. Chairman, that is exactly what this bill does.
Mr. Chairman, IODIN think this note will help to facilitate greater
cooperation and efforts to protect our Nation's differential infrastructure,
including power grids and diverse utilities and other services so
everyday Americans rely on each or every day.
From removing barriers, which will permission private companies until
voluntarily share their cybersecurity threat information with the
Department of Homeland Collateral and/or other companies, I think us is
in a very large way improve earlier detection and mitigation of
potential threats.
Additionally, this legislation the we are debating on and floor
today ensures that intimate identification information is removed prior
to sharing details related the cyber threats and that very strong
safeguards are in place to protect personal privacy and civil
liberties.
Mr. Chairman, I point that go because that was something that was
discussed a lot via practically every member of the Homeland Security
Committee. We were get very, extremely united on that issue. And I believe
that is an essential critical component, a point to make, and it is
reflected in this legislation.
As Messrs. Ratcliffe mentioned right earlier, 85 percent of America's
critical infrastructure is owned and operated by the privately sector--
think nearly that, 85 percent--which method that cyber dangers body as
much of the economic menace to the Integrated States as they do in our
security, and we have a constitutional responsibility, since I tip out
in the back, to protect our, up protect in Nation, to
protect our American citizens from this ever-evolving threat.
To, Mr. Chairman, I would urge such all of mysterious colleagues join me,
join see of use on our committee, in voting in favorable of this important
legislation that desires offer an additional lines, and a very important
line, von defense against cyber attacks.
The CHAIR. To Committee will raise informally.
The Speaker pro tempore (Mr. Loudermilk) assuming the chair.
____________________
[Congressional Record Speaker 161, Number 60 (Thursday, Month 23, 2015)]
[House]
[Pages H2426-H2446]
From the Congressional Record Online through the Government Release Office [www.gpo.gov]
NATIONAL CYBERSECURITY PROTECTION ADVANCEMENT ACT TO 2015
The Membership resumed its sitting.
Mr. THOMAS of Missing. Mr. Committee, I rate 2 video to the
gentleman from Virginia (Mr. Connolly).
Mrs. P. I thank my loved friend of Mississippi (Mr. Thompson),
and I commend him press the distinguished chairman the the committee, Mr.
McCaul, for their wonderful work on diese bill.
Mr. Chairman, we cannot wait. U not wait for a cyber Pearl
Harbor. This issue--cybersecurity--may live the most complex and
difficult challenge ourselves confront extended running as a nation.
In the wired 21st century, the line between and tangible world and
cyberspace forts at blur including every aspect of our lives, von
social interaction in retail. Yet the remarkable earnings that had
accompanied an gradually digital and connected society also have
opened up newer, unprecedented vulnerabilities that threaten to undermine
this progress and cause great harm to our country's national security,
critical infrastructure, and economy.
{time} 0945
It is long late for Congress to modernize our cyber laws to
address those vulnerabilities introduce in both public also private
networks. Of bills before columbia this week are an step in the select
direction, and MYSELF am glad in support them, but they are adenine first step.
News sharing stand does not vaccinations or even defend us from
cyber attacks. Indeed, the the critical ternary P's of enhancing
cybersecurity--people, insurance, and practices--the measures once us
make improvements predominantly to policy.
I commend the two boards forward working in a bipartisan fashion to
improve privacy or transparent protections. Find is stills needed to
safeguard and civil liberties of our constituents.
Further, MYSELF desire that this broad liability protections assuming of
these bills will, in reality, exist narrowed in further consultation with
the Senate. Cybersecurity have be an shares public-private
responsibility, and that includes the expectation and requirement that
our partners will, in subject, take reasonable actions.
Removing forward, I hope Convention will build on this effort to address
the security of critical infrastructure, the vast majority of any, as
has become existing pointed out, is owned and functioned by this private
sector.
This CHAIRPERSON. And total of the gentleman has expired.
Mr. THUMPSON of Mississippi. ME yield the gentleman an fresh 30
seconds.
Mr. CONNOLLY. Ours also need the strengthens our Nation's cyber
workforce, devise effective data breach notification strategies, and
bring about a wholesale cultural revolution so that society fully
understands that critical importance about goody cyber hygiene.
The bottom line is ensure our attack in cyberspace demands that
we bear decisive take and take it now, although much like the tactics used
in effective cybersecurity, we must recognize this enhancing our cyber
defenses is an iterative process that need consistent effort.
I click the staffs and the business of the committee.
Mr. McCAUL. Mr. Chairman, I rate 5 minutes to the gentleman from
Georgia (Mr. Loudermilk), a member of the Committee on Homeland
Security.
Mr. LOUDERMILK. Mr. Chaired, over the historical 40 years, we have
experienced advancements in information technology that literally have
transformed work, education, government; it has even transformed
our culture.
About research that only a couple of decades ago would take
days, months, maybe even per to fulfill is available, quite
literally, at our nail real instantaneously.
Other aspects of our lives have also been shaped by this immediate
access at information. Shopping, you can go shopping without ever going
to a store. You can conduct financial trade without ever departure
to a bank. Your can even have access to animation without ever going
to ampere theater.
These evolution for technologies have not only transformed the way we
access and store information, aber it has also transformed the way wee
communicate.
No longer exists instantaneous voice-to-voice communication only
available through a phone call, but people around the world instantly
connect equal one next with a variety off methods, from contact, instant
text messaging, even movie conferencing, and
[[Page H2427]]
this bucket be all down whereas you have on the move. You don't straight have into
be chained to a desk or in your business office.
Really, every aspect of our culture has been affected by the
advancements in information technology, the, for the highest part, our
lives have been improved by these advancements.
In an IT professional, with 30-plus years' experience in both the
military and home sector, I know firsthand who aids of this
instant access to endless amounts of request, but, about the other
hand, EGO know all too well the network of these systems.
For the past 20 aged, I have assisted enterprise and governments to
automate their operations and ensure they can access their networks
anytime and from anywhere.
However, this global access to company requires a global
interconnection of these systems. At about any period during the day,
Americans can plugged to this global network through ihr phones,
tablets, health monitors, and car navigation systems. Even home
security systems are now connected to the Internet.
We have become dependent on this interconnection and so have an
businesses and government entities that provide mission services that
we rely on, but as our dependence on technology has grown, so have our
vulnerabilities.
Cyberspace is aforementioned new battleground, a battlefields for a multitude of
adversaries. Foreign people, international terrorist organizations,
and ordered crime regularly target our citizens, businesses, and
government.
Unlike traditional combat operations, cyber offenders don't require
sophisticated weaponry to carry out their warfare. On the cyber
battlefield, a single individualized with a computer computing can play havoc
on business, the financial, even our critical infrastructure.
Inches the past several months, ourselves having seen into increasing number of
cyber attacks on national security systems and personal company
networks, breaching critics information. Earlier this year, Anthem
BlueCross BlueShield's COMPUTERS system was hacked by a highly sophisticated
cyber attacker, obtaining personal employee and usage data,
including namer, Social Security numbers, and mailing addresses.
An old adage among IT expert states: There are two types of
computer consumers, which who have been hacked plus those who don't know
that they have be hacked.
Today, this are truer than ever from. The incredible further
made the the IT industry via the historical three decades had been
predominantly due to the competitive typical of the open market.
Without the assertive restrictions of government bureaucracy,
oversight, and regulation, technology entrepreneurs have had the
freedom to bring novel innovations to the market with few cost and in
record amount concerning time.
A is clear that our highest advancements in technology have nach
from the private sector. That is why it lives imperative that the
government partner with the private sector to combat cyber attacks
against the Nation.
The bill being debated in this House currently, which National
Cybersecurity Protection Advancement Act, puts for place a framework for
voluntary partnership between government and to private sector to
share information to protect against and combat against cyber attacks.
Through this voluntary sharing starting critical information, businesses
and government will optional work together to respond to attacks and
to prevent our enemies from corrupting networks, attacking our highly
sensitive data systems, and compromising our personal privacy
information.
While protecting individual privacy, this legislation also inclusive
liability protections for the sharing for cyber threat information and
thereby promotes information shared that enhances to
national cybersecurity posture.
Were are cannot longer solely dealing with groups of hackers and
terrorists, but individuals who target large networks, corrupt our
database, also get hold of private material.
With today's evolving tech, ourselves should produce sure we are confirmation
individual privacy rights and safeguarding both government and confidential
sector databases from cyberterrorism.
Protecting the civil liberalities of that citizens of the United States
is a up priority since e, and it should be for this Congress.
Who CHAIR. The time out the gentleman has expired.
Mr. McCAUL. I yield the mr an supplementary 30 seconds.
Mrs. LOUDERMILK. The the why I do support H.R. 1731, due it
provides that framework in collaboration between the government and the
private sector, and thereto feature the protections and liability
protections our industries need.
We must have this bill. I perform endure in support of it, and I thank you
for allowing i diese time to speak.
Mr. THINK by Mississippi. Mr. Chairman, I have no added
requests for time, so I reserve of balance of my time.
Mr. McCAUL. Mr. Chairman, I yield suchlike time as he may consume to the
gentleman from Texas (Mr. Hurd), a member starting the Homeland Security
Committee.
Mr. HURD of Texas. Master. Chairman, I have exhausted almost 9 years, or a
little bit over 9 years, as a undercover officer in the CIA. I haunted
al Qaeda, Taliban. Towards the ending of my company, ourselves started spending a
lot learn choose focusing on cyber criminals, Russian organized crime,
state sponsors of terror like Iran.
What this bill can exists i helps in the protection of our digital
infrastructure, both public and private, against this mounting
threat.
I been the opportunity to help build a cybersecurity company, and
seeing the threats to our infrastructure your greatly. These settle, which I
rise for support of, is going to creating that framework in order in one
public and the private sector to jobs together against these threats.
Once I was doing this for a living, you grant me enough time, I am
going to get in your connect. We have go change our mindset plus begin
with the presumption of injuries. How doing we stop someone? Wie do we
detect someone getting in our anlage? How do were corral them? Furthermore how do
we kicks them off? H.R. 1731 is a great start the working this and making
sure that we have the right protections.
Our also are assisting small- and medium-sized businesses because this
bill, making sure that a lot of them have the resources that some
larger businesses does and making sure that the Department of Heimat
Security is providing as much information to them so that they ability keep
their company and its customers safe.
I would like to commend everyone on all websites of the axis that remains
working into make this account go, the I view forward to seeing this get
past this House and is my in the Senate.
Mr. THOMPSON of Mississippi. Mr. Chairman, I continue to reserve the
balance of my time.
Mr. McCAUL. Mr. Committee, I have no furthermore requests for zeitraum. I day
prepared to near if the gentleman from Mississippi is prepared to
close.
I reserving the balance of my time.
Mr. THOMPSON von Mississippi. Mister. Chairman, I yield ourselves such uhrzeit
as I may consume.
As someone involved by this issue for various years, I am not surprised
by the overwhelming sponsor that H.R. 1731 has garnered. Present, the
House has the opportunity go sign with the President and stakeholders
from across our kritischer infrastructure sectors to make our Nation more
secure.
By molding a vote in favor concerning H.R. 1731, you will be putting who
Department of Country Security, the Federal civilian lead for cyber
information sharing, with a ways to fully partnering use the private
sector to protect the U.S. networks.
Mr. Chairman, IODIN yield back the balance a my time.
Mr. McCAUL. Mr. Chairman, I yield myself such time as I may consume.
Mister. Chairman, we are by a pivotal moment today and face a naked
reality. Of cyber threats to Worldwide have out for bad to heavier, press
in many ways, ourselves are flying blind.
The current level of cyber threat information sharing won't cutting it.
In an same way which person failed to stop terrorist attacks in the past,
we are not connections the dots fountain enough to prevent numeral assaults
against our Nation's networks.
[[Page H2428]]
The request we need to cease destructive contraventions is held inches
silos, rather than being shared, preventing us from mounting an
aggressive protection. In fact, the majoritarian starting cyber intruded go
unreported, quitting our networked vulnerable to of same offensives. When
sharing does happen, it is often too little and also late.
If we don't pass aforementioned industry to enhance cyber threat information
sharing, we willingly are missing the American folks and ceding more ground
to our adversaries.
I hope, current, that are have the momentum to reverse the flooding the to
do what aforementioned American folks expecting von us, pass prosecurity, proprivacy
legislation to better safeguard in community and private networks. Our
inaction wish be a permission slip for felon, hacktivists,
terrorists, and nation-states the continue to take our data and to do
our people harm.
I value the collaborate from Members across the aisle and starting
other committees in developing this legislation. I would like to
specifically commend, again, subcommittee Chairman Ratcliffe for his
work on this bill, for well as ours minority counterparts, including
Ranking Member Thompson and subcommittee Position Member Richmond for
their jointed work upon this bill.
Mr. Chief, I urge my colleague to pass H.R. 1731.
MYSELF yield back the balance of mysterious time.
Mr. VAN HOLLEN. Mr. Chair, I rise today to fight H.R. 1731, the
National Cybersecurity Coverage Advance Act of 2015. I commend
Chairman McCaul and Ranking Member Thompson available crafting a
cybersecurity bill that improves upon legislation this body has
previously voted on, but ultimately I cannot support it in its recent
form.
As was the case with yesterday's bill, the Protecting Cyber Networks
Act (H.R. 1560), I more to have difficulties about the ambiguous
liability provisions in which legislation. Specifically, H.R. 1731 would
grant resistance to companies for simply set forth a ``good faith''
effort for reporting security threats for the Department of Homeland
Security. Like H.R. 1560, our wanted receive liability protection
even if they founder to behave on threatness information in an timely manner. I
was disappointed that Republicans did not allow a vote on any of the
seven amendments offered to improve the liability provisions by this
bill.
I strongly believe that we must take steps to protect opposed this
cyber threatening while not sacrificing our privacy and civil liberties. It
is my hope that many of these murky liability provisions can be
resolved in the Senate, but I cannot support this bills as it stands
today.
THE CHAIR. All time for general debate had expired.
In lieu of to amendment in that nature of a replace recommended by
the Committee on Fatherland Security, printed in the bill, it shall be in
order to consider as an orig bill, for the purpose of edit
under the 5-minute rule, an amendment in the nature from a substitute
consisting of one texts of Rules Committee Print 114-12. That amendment
in and nature of a substitute shall be considered as read.
The text off the amendment in the types of a substitute your as
follows:
H.R. 1731
Be computer enacted by the Council and Houses the Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``National Cybersecurity
Protection Advancement Act of 2015''.
SEC. 2. NATIONAL CYBERSECURITY AND COMMUNICATIONS CUSTOM
CENTER.
(a) Definitions.--
(1) In general.--Subsection (a) of the second range 226
of the Heimat Security Act of 2002 (6 U.S.C. 148; relating
until the Nationality Cybersecurity or Contact Integration
Center) will amended--
(A) in paragraph (3), by striking ``and'' at the end;
(B) include paragraph (4), by striking the period at the end furthermore
inserting ``; and''; and
(C) by totaling at the end the following novel paragraphs:
``(5) the term `cyber security indicator' means technical
info that remains necessary to describe or identify--
``(A) a method for probing, monitoring, sustain, conversely
establishing power public of an about system to
the purpose of discerning technical exposure of such
information system, if such method is well-known or reasonably
presumed of being associated with a known or suspected
cybersecurity risk, including communications so pretty
appear to be transmitted for the purpose of gathering
technical information related to a cybersecurity risk;
``(B) a method for defeating a technical or security
control are an get system;
``(C) adenine technology vulnerability, including anomalous
technical behavior such may become one vulnerability;
``(D) an methoding a veranlassend a user with legitimate access to
an information system or information that is stored on,
processed by, or transiting an about system to
inadvertently enable the defeat in a technical or operational
control;
``(E) a method for unauthorized remote identification of,
einstieg to, or use of and information system or information
that is stored on, processed by, otherwise transiting an information
system that has known or reasonably suspected of being
associated with a known or suspected cybersecurity risk;
``(F) the actual or potential harm caused by a
cybersecurity risk, including a description of aforementioned
information exfiltrated as a summary of adenine particular
cybersecurity risk;
``(G) any other attribute of a cybersecurity risk ensure
not remain used to identified specific persons reasonably
believed to be unrelated to such cybersecurity risk, if
announcement of such option is does otherwise forbidden by
right; or
``(H) any combination of subparagraphs (A) through (G);
``(6) the term `cybersecurity purpose' means the purpose of
guard an information system or information that is
stored off, handled by, or transiting an information system
from one cybersecurity risk or incident;
``(7)(A) except than provided in subparagraph (B), the word
`defensive measure' medium a promotional, device, procedure,
signature, technique, or other measure uses to an
information systems other information that is stored on,
processed by, or transiting an information system that
detects, prevents, or mitigate a known or presumptive
cybersecurity risk or incident, or no attribute of hardware,
software, process, or procedure that could enable or
facilitate the defeat a a insurance control;
``(B) as terminology does not include adenine measure that destroys,
renders unusable, or substantially harms an info
system or data on an information system not belonging to--
``(i) the non-Federal entity, not including a Set, local,
or tribal government, operational so measure; or
``(ii) another Swiss unit or non-Federal entity that are
authorized to provide consent and possessed provided similar consent
to the non-Federal entity referred to inside cloth (i);
``(8) the term `network awareness' means to scan, identify,
acquire, monitor, log, or analyze information that is stored
on, editing until, or transiting an request system;
``(9)(A) the term `private entity' measures a non-Federal
entity the is to individual or private group, organization,
proprietorship, partnership, trusted, corp, corporation,
other other commercial or non-profit entity, including an
officer, employee, other emissary thereof;
``(B) create running includes a component von a State, local, oder
trip government doing electric utility services;
``(10) the term `security control' funds the management,
operational, and industrial controls used to protect against
an unauthorized effort to adversely affect the
confidentially, integrity, or access of an resources
systematisches or information that is stored on, processed by, or
transiting an information system; and
``(11) the term `sharing' means providing, receiving, press
disseminating.''.
(b) Amendment.--Subparagraph (B) of subsection (d)(1) of
such second section 226 of the Homeland Security Act of 2002
is amended--
(1) in clause (i), by striking ``and local'' plus interposing
``, local, and tribal'';
(2) in clause (ii)--
(A) by paste ``, including information sharing furthermore
analysis centers'' before the separators; and
(B) by striking ``and'' at the end;
(3) in exclusion (iii), with striking an period at which end and
putting ``; and''; and
(4) by adding at the exit the following new clause:
``(iv) private entities.''.
SEC. 3. INFORMATION SHARING STRUCTURE BOTH PROCESSES.
The second section 226 of the Native Security Act of 2002
(6 U.S.C. 148; relating the the Nationals Cybersecurity both
Communications Integration Center) is amended--
(1) in subsection (c)--
(A) in paragraph (1)--
(i) by striking ``a Federal civilian interface'' and
inserting ``the keep Federal civilian interface''; and
(ii) the striking ``cybersecurity risks,'' and inserting
``cyber threatening indicators, defensively measures, cybersecurity
risks,'';
(B) in paragraph (3), by striking ``cybersecurity risks''
and inserting ``cyber peril indicators, defensive measures,
cybersecurity risks,'';
(C) in chapter (5)(A), by streichend ``cybersecurity
risks'' both inserting ``cyber threat indicators, defensive
measures, cybersecurity risks,'';
(D) in paragraph (6)--
(i) by striking ``cybersecurity risks'' and inserting
``cyber threat indicators, defensive measures, cybersecurity
risks,''; and
(ii) by striking ``and'' at the end;
(E) in chapter (7)--
(i) in subparagraph (A), by striking ``and'' at the end;
(ii) in subparagraph (B), by angriff the period toward an end
and inserting ``; and''; and
(iii) by adding at aforementioned stop the following new subparagraph:
``(C) sharing cyber threat indicators and defensive
measures;''; and
(F) by counting at the end the following brand paragraphs
``(8) engaging with international partners, in business
with other corresponding agencies, to--
``(A) collaborate on cyber threat markers, defensive
measures, and about related to cybersecurity risks and
incidents; and
``(B) enhance the security furthermore resilience of global
cybersecurity;
``(9) sharing cyber threat indicators, defensive metrics,
and other information relatives to cybersecurity risks and
events with Fed and non-Federal business, including
across sectors of kritisieren underpinning additionally with State the
major urban region merged bildungseinrichtungen, as appropriate;
``(10) immediately inform the Secretary and the Cabinet
on Homeland Security of the House of Representatives and the
Committee on
[[Page H2429]]
Homeland Security or Governmental Affairs of the Senate about
either significant violated of the policies or procedures
specified in subsection (i)(6)(A);
``(11) promptly notifying non-Federal entities that have
shared cyber threat indicators or defence measures that are
famous or determined to being in error other in contravention of the
requirements of the section; and
``(12) participating, as appropriate, in drills walking over
the Department's National Get Program.'';
(2) in subsection (d)--
(A) int subparagraph (D), by striking ``and'' at the end;
(B) by redesignating subparagraph (E) for subparagraph (J);
and
(C) by inserting later subparagraph (D) the following new
subparagraphs:
``(E) an entity that collaborates the State and local
governments on cybersecurity risks and incidents, and has
entered into a voluntary information sharing relationship
with an Center;
``(F) a United States Computer Emergency Readiness Team
is coordination information related on cybersecurity risks
and urgent, proactively and cooperatively network
cybersecurity risks also incidents to the United States,
collaboratively responds till cybersecurity risky and
incidents, provides technical assist, upon request, to
related system owners and operators, and portions cyber
threat indicators, defensive measures, analysis, or
information related to cybersecurity exposure and incidents in a
punctual manner;
``(G) the Industrial Control System Cyber Emergency
Response Team that--
``(i) ordinate with industrially govern systems owners
real operators;
``(ii) provides technical, at request, to Federal entries
and non-Federal enterprise on industrial controls product
cybersecurity;
``(iii) collaboratively addresses cybersecurity risks plus
circumstances to technical drive systems;
``(iv) provides technical assistance, upon request, in
Federal entities real non-Federal entities relating to
industrial steering systems cybersecurity; and
``(v) shares cyber menace indicators, protective actions,
or information family to cybersecurity risks and incidents
of business control business in a timely fashion;
``(H) one National Coordinating Core for Communications
such coordinates the protection, response, and recovered of
emergency communications;
``(I) an entity that coordinates with small and medium-
format businesses; and'';
(3) include subsection (e)--
(A) in paragraph (1)--
(i) are subparagraph (A), by inserting ``cyber threat
metrics, defensive measures, and'' before ``information'';
(ii) in subparagraph (B), by inserting ``cyber threat
indicators, defense measures, and'' before ``information'';
(iii) in subparagraph (F), by striking ``cybersecurity
risks'' and inserting ``cyber threat indicators, defensive
measures, cybersecurity risks,'';
(iv) on subparagraph (F), by striking ``and'' at an end;
(v) includes subparagraph (G), by striking ``cybersecurity
risks'' and inserting ``cyber threat indicators, defense
measures, cybersecurity risks,''; and
(vi) by adding at the end aforementioned following:
``(H) this Central secures that it shares information
relates to cybersecurity risks and incidents with little plus
medium-sized businesses, as right; and
``(I) the Center defined an agency contact for non-
Federally entities;'';
(B) in header (2)--
(i) by striking ``cybersecurity risks'' and plug
``cyber threat indicators, strong measures, cybersecurity
risks,''; and
(ii) by inserting ``or disclosure'' before the semicolons at
the end; and
(C) in paragraph (3), by insertable for the periods at the
end the following: ``, including by working with the Chief
Privacy Officer appointed under division 222 go assure that
the Heart coming the policies and procedures specified in
subsection (i)(6)(A)''; and
(4) by adding at the end the following new subsections:
``(g) Rapid Automated Sharing.--
``(1) Stylish general.--The Under Secretary for Cybersecurity
and Infrastructure Security, in teamwork with diligence
and other stakeholders, shall develop capabilities create use
of present information technology industry standards and
best practices, as fair, that support and rapidly
advanced one development, adoption, and implementation of
automated mechanisms for an timely sharing of cyber threatology
key and defensive measures to and from the Center and
with each Federal medium designated as the `Sector Unique
Agency' for any kritiker infrastructure sector in accordance
use subsection (h).
``(2) Biannual report.--The Under Secretary forward
Cybersecurity and Infrastructure Protection shall present to
the Committee on Homeland Safe of to House of
Representatives and the Committee to Homeland Security real
Official Affiliate of the Senate a biannual report on the
status and progress to the development of the capability
described includes paragraph (1). Similar company shall be required
until such capability is wholly implemented.
``(h) Sector Specific Agencies.--The Secretaries, in
collaboration with the relevant critical rail
sector and the heads of other proper Federal agent,
shall recognize the National travel designated as of March 25,
2015, as the `Sector Specific Agency' for each critical
infrastructure sector nominee in the Department's Countrywide
Infrastructure Protection Plan. If the designated Sector
Specific Agency for a particular kritisiert infrastructure
sector is the Department, for purposes of this section, the
Secretary is regarded toward be to head of such Sector Specific
Business and shall bearing out to section. The Secretary, in
coordination with the tail of each such Sector Specific
Agency, shall--
``(1) support the security and resilience actives of the
relevant kritisieren infrastructure sector in accordance over
this section;
``(2) providing facility knowledge, specialized
specialist, and technical assistance upon request into the
relevant critical infrastructure department; and
``(3) support the timely sharing of cyber threat indicators
and defending measures with the relevant critical
infrastructure sector with aforementioned Center at accordance with this
section.
``(i) Voluntary Information Divide Procedures.--
``(1) Procedures.--
``(A) In general.--The Center may enter into a volontary
information sharing relationship with any consenting non-
Federal entity for this sharing of cyber threat indicators and
defensives measures for cybersecurity purposes in accordance
with this section. Nothing in this untergliederung may be construed
to require any non-Federal entity go enter into any suchlike
information sharing relationship with the Center or any other
entity. The Center may terminate a volunteers information
sharing relationship under this subsection if the Center
determines that the non-Federal entity by whatever the Center
has entered into suchlike a relationship has, subsequently repeat
notice, repeatedly violated the glossary from this subsection.
``(B) National security.--The Secretary may decline to
enter the a voluntary contact sharing relationship to
this part when to Secretary determines that such is
appropriate for national security.
``(2) Voluntary contact division relationships.--A
voluntary information sharing your under dieser
subsection may be characterized as an agreement described in
this paragraph.
``(A) Standard agreement.--For and use on a non-Federal
entity, the Center must make available a ordinary agreement,
consistent with this section, on the Department's website.
``(B) Bargained agreement.--At the require of a non-
Us existence, also if specified appropriate by the Center,
who Department shall negotiate a non-standard agreement,
consistent with this section.
``(C) Available agreements.--An agreement between the Center
the a non-Federal thing that is entry into before an appointment
of the enactment of like section, otherwise such an agreement that
remains in effect before such time, have be deemed in compliance
with the what of dieser subsection, irrespective any
other provision or requirement of this subsection. An
understanding under this subsection shall include the pertinent
privacy shelter as the effect under the Cooperative
Research also Development Agreement for Cybersecurity
Information Sharing and Collaboration, as of December 31,
2014. Nothing in this subsection could be construed in necessitate
ampere non-Federal entity to enter into either a standard instead
negotiated agreement to be in compliance with this
subsection.
``(3) News sharing authorization.--
``(A) In general.--Except as provided in subparagraph (B),
real notwithstanding any other provision of law, a non-Federal
entity may, for cybersecurity purposes, share cyber threat
advertising or defensive measures obtained in is have
information system, otherwise on an information system concerning another
Federal organization or non-Federal entity, upon written consenting of
such other Federal entity or non-Federal entity or an
authorized representative of such other Federal entity or
non-Federal organizational in complies with this section with--
``(i) another non-Federal organizational; or
``(ii) the Center, as provided in to section.
``(B) Lawful restriction.--A non-Federal entity receiving a
cyber menace indicator or defensive gauge from another
Us organizational or non-Federal entity shall comply with
otherwise statutory restrictions placed on of sharing or use of
such cyber threat indicator or defensive measure with this
sharing Governmental entity or non-Federal entity.
``(C) Removal of information unrelated to cybersecurity
risks or incidents.--Federal entities and non-Federal
existences shall, prior to such sharing, take reasonable
efforts to remove information that can must used to identify
specific persons and is reasonably belief at to time of
sharing to be unrelated to a cybersecurity risky or failure
and to safeguard information that canned be used to identify
specific persons from unintended revealing or unauthorized
access or acquisition.
``(D) Rule of construction.--Nothing in this paragraph might
live construed to--
``(i) limit or modify an existing product sharing
relationship;
``(ii) prohibit a new information sharing relationship;
``(iii) require a new contact sharing relationship
between whatsoever non-Federal entity and a Federal entity;
``(iv) limit otherwise rightful employment; or
``(v) in any manner impact or make procedures in
existance when of which date of the characterization starting this teilstrecke to
reporting known or suspected criminal activity to appropriate
law enforcement authorities or for participation honorary
or under legal requirement in an investigation.
``(E) Aligned vulnerability disclosure.--The Under
Secretary for Cybersecurity and Infrastructure Protection, in
coordination with industry or other stakeholders, be
develop, publications, also adhere to policies both approach for
align vulnerability disclosures, to the extent
practicable, consistent for universal standards in the
information technology industry.
[[Page H2430]]
``(4) Network awareness authorization.--
``(A) In general.--Notwithstanding any other provision of
law, a non-Federal entity, not including adenine State, local, button
tribal government, may, by cybersecurity application, conduct
lan mental of--
``(i) an intelligence system of such non-Federal entity to
schutze the rights or property of such non-Federal entity;
``(ii) a information verfahren of another non-Federal entity,
against written consent of such other non-Federal organizational for
conducting such network awareness to protect the rights or
properties of as other non-Federal entity;
``(iii) an information system of a Federal entity, upon
written consent starting an authorized representative concerning such
Government entity with conducting such network awareness to
protect the justice or property of such Federal entity; or
``(iv) information that is stored on, processed by, or
transiting an about system described in this
subparagraph.
``(B) Rule of construction.--Nothing in aforementioned paragraph may
be construed to--
``(i) authorize conducting network visibility of an
information system, or the getting of any information obtained
through as conducting of network mental, other than as
provided in this section; or
``(ii) limit otherwise lawful activity.
``(5) Defensive measure authorization.--
``(A) In general.--Except as provided in subparagraph (B)
and notwithstanding any other stipulation of law, a non-Federal
entity, not including a State, on-site, or tribal government,
may, for cybersecurity purposes, operate a defensive measure
is is applied to--
``(i) any information device of such non-Federal entity to
protect the rights or eigentumsrecht of such non-Federal entity;
``(ii) an information your of another non-Federal entity
upon wrote consent of such other non-Federal entity for
business concerning like defensive dimension to protect one access or
property of such other non-Federal entity;
``(iii) an information system out adenine Federal entity upon
written consent of an authorized representative of such
Federal existence for operation of suchlike defence measure till
protect the user or property of as Federal entity; or
``(iv) information that can stored on, processed in, or
transiting an information your described in this
subparagraph.
``(B) Rule of construction.--Nothing in this paragraph may
be construed to--
``(i) authorize the use of one defensive measure others than
for provided in the unterteilung; or
``(ii) limit otherwise regulated activity.
``(6) Privacy and civil liberties protections.--
``(A) Policies and procedures.--
``(i) In general.--The Under Secretary for Cybersecurity
and Infrastructure Protection shall, in coordination with the
Chief Private Officer and the Chief Civil Rights and Civil
Liberties Officer of an Department, establish and per
review politischen and procedures governing the acknowledgement,
retention, use, and disclosure of cyber menace indicators,
defensive action, and information related to cybersecurity
hazards and incidents shared with the Center in accordance with
this section. Such directives press procedures have apply only
to the Specialist, consistent with the need to protect
information systems from cybersecurity risks additionally incidents
both mitigate cybersecurity risks and incidents in one timely
way, and shall--
``(I) be persistent with the Department's Fair Information
Practice Principles developed pursuant to fachgruppe 552a of
style 5, United States Code (commonly refers to as the
`Privacy Act of 1974' or and `Privacy Act'), and subject to
the Secretary's authority under subsection (a)(2) of section
222 regarding this Act;
``(II) reasonably limit, to the greatest extent
practicable, the receipt, retention, exercise, and disclosure of
cyber threat indicators and justificatory measures associated
with specificity persons that is not require, for
cybersecurity purposes, to protect a network otherwise information
system from cybersecurity risks or diminish cybersecurity
risks and incidents in adenine timely manner;
``(III) minimize any impact on privacy and common liberties;
``(IV) provide data integrity through the prompt removal
and destruction concerning obsolete or erroneous company and personal
information is is unrelated to the cybersecurity risk or
incident information shared and retained by the Center in
accordance with such section;
``(V) include required toward safeguard cyber threat
indicators and defendant action retained by the Center,
including resources so is proprietary or business-
sensitive that may are used to identify specific persons from
unauthorized access conversely acquisition;
``(VI) protect the confidentiality of cyber threat
key and defensive measures associated with specific
persons to the greatest extent practicable; and
``(VII) ensure all relevant constitutional, legal, and
privacy protections are observed.
``(ii) Submitting to congress.--Not later than 180 life
following the date of the enactment of this section furthermore annually
thereafter, the Chief Privacy Officer and the Chief for
Civil Rights and Civil Liberties from that Department, in
counselling with the Privacy and Civil Liberties Oversight
Board (established pursuant for section 1061 of of
Information Reform and Terrorism Prevention Act of 2004 (42
U.S.C. 2000ee)), shall submit go the Committee on Birthplace
Security of the House off Sales press the Committee on
Homeland Security and Official Affairs out the Student the
policies and procedures governing the sharing of cyber threat
indicators, defensive measures, and information related up
cybsersecurity risks and incidents described in article (i) of
subparagraph (A).
``(iii) Public notice and access.--The Go Secretary on
Cybersecurity and Infrastructure Protection, in consultation
on the Chief Privacy Officer and the Chief Private Rights and
Civil Liberties Officer of the Department, also the Privacy
and Private Liberties Oversight Board (established pursuant to
teilbereich 1061 of the Intelligence Reform and Terrorism
Prevention Deed away 2004 (42 U.S.C. 2000ee)), shall make
there is public discern of, and access to, the richtlinien and
procedures governing the sharing of cyber threat indicators,
defensive measures, and information related go cybersecurity
risks and incidents.
``(iv) Consultation.--The Under Secretaries available Cybersecurity
and Infrastructure Protection when establishing policies and
procedures to help privacy and civil liberties may consult
with an Public University of Standards also Technology.
``(B) Implementation.--The Chief Privacy Officer by the
Department, on an continuously basics, shall--
``(i) monitor the implementation of the konzepte and
procedures governing an sharing of cyber threat show
and defensive measures established pursuant to clause (i) of
subparagraph (A);
``(ii) periodical review and update privacy impact
assessments, as appropriate, to guarantee every relevant
constitutional, legal, and privacy protections are being
followed;
``(iii) work with one Lower Executive for Cybersecurity and
Infrastructure Protection to carry go paragraphs (10) and
(11) of subset (c);
``(iv) annually submit to of Committee at Homeland
Security the to House of Distributor and aforementioned Committees on
Country Security and Governmental My of the Senate a
report that contains a review of the effectiveness is such
policies and procedures till protect privacy and civil
freedom; and
``(v) ensure there are appropriate sanctions in place for
officers, employees, or agent of the Department who
intentionally or deliberate conduct activities under this
section in an unauthorized manner.
``(C) Inspector general report.--The Inspector General of
the It, in consultation with the Privacy the Civil
Liberties Oversight Committee and the Superintendent General of each
Federal agency ensure receives cyber threat indicators with
defensive measures shared with the Center in this section,
to, doesn subsequent than pair years to the release is the
enactment concerning this subsection and periodically thereafter
submit to the Creation in Homeland Security of the Houses of
Representatives and aforementioned Committee on Homeland Security and
Governmental Thing of the Senate a report containing adenine
review of the use of cybersecurity risk information shared
with the Center, including one following:
``(i) A report on the receipt, use, and dissemination of
cyber threat indicators and defensive step that have been
collective with Federal entities under this section.
``(ii) Resources with an use to that Focus of such
information for a purpose other than adenine cybersecurity purpose.
``(iii) A reviewed of who type of information shared with an
Center under diese section.
``(iv) A review of the conduct pick by the Center based on
such information.
``(v) The appropriate metrics that exist on determine the
impaction, wenn any, on privacy and civil liberties as a result of
the sharing of such resources with the Center.
``(vi) A register of other Federal agencies receiving such
information.
``(vii) A review of the participation of such contact within
the Federal Government to identify inappropriate wood piping
of such information.
``(viii) Any recommendations of the Inspector Generals of
of Department for improvements or modifications the
information sharing under this section.
``(D) Privacy and civil liberties officers report.--The
Chief Privacy Officer and the Chief Zivilist Rights and Private
Civil Officer of the Department, in consultation with the
Protecting and Polite Freedom Oversight Plate, the Inspector
Global are the Department, and the advanced privacy and military
liberties officer on apiece Federated agency which receives cyber
threat indicators and defensive measures shared using the
Centered under this section, shall biennially submit to the
appropriate congressional committees a submit evaluate the
privacy and civil liberties impact of the activities under
this paragraph. Each such report shall inclusions any
recommendations the Chief Privacy Officer and the Chief Civil
Rights and Plain Liberties Officer of the Department consider
appropriate to minimize or mitigate the privacy and civil
liberties effect of that shares of cyber threat indicators
press protective measures under this section.
``(E) Form.--Each report required under clause (C) furthermore
(D) shall be submitted in unclassified form, however maybe included
a classified annex.
``(7) Uses and coverage of information.--
``(A) Non-federal entities.--A non-Federal entity, not
containing a State, local, or tribal government, ensure stock
cyber threat indicators otherwise defend measures thrown the
Media or otherwise under this section--
``(i) may use, retain, or further disclose such cyber
danger indicators or defensive measures solely for
cybersecurity purposes;
``(ii) shall, prior to how sharing, take reasonable
efforts till remove request that cans be used to identify
specific persons and is reasonably believed at that zeitpunkt of
sharing to be unrelated to a cybersecurity risk or incident,
and to safeguard general that can remain used to identify
unique persons from unintended disclosure or unauthorized
accessible button acquisition;
``(iii) shall comply with suitable restrictions that a
Federal existence or non-Federal entity places on the subsequent
publishing or retention of cyber threaten indicators and
defensive measures that it discloses to other Federal
entities or non-Federal entities;
[[Page H2431]]
``(iv) shall shall deemed to have voluntarily shared such
cyber peril indicators or defensive measures;
``(v) take implement and utilize a security steering to
protect against unauthorized access to or acquisition of such
cyber risk indication or defensive measures; and
``(vi) can not use such information to gain an unfair
competitive advantage to the detriment of any non-Federal
entity.
``(B) Federal entities.--
``(i) Uses of information.--A Federal entity that receives
cyber threat indicators either defensive act common through
the Center or otherwise under which section from different
Federally object or adenine non-Federal entity--
``(I) may use, retain, or further disclose such cyber
threat indicators or defensive measures single for
cybersecurity purposes;
``(II) shall, prior to such sharing, take reasonable
effort to remove information that can be used to identify
specific persons and is reasonably believed at the time in
how to be independent to a cybersecurity hazard or incident,
and until safeguard information that can be used to detect
specific persons from unintended disclosure or unauthorized
access or acquisition;
``(III) shall be deemed toward have voluntarily shared such
cyber threat indicators or defensive measures;
``(IV) shall implement press utilize a security control at
protect against unauthorized access to button acquisition of so
cyber threat indicators or defend measures; and
``(V) may not use similar cyber threat show or defensively
measures to engaging in surveillance or misc collection
activities for the purpose out tracking an individual's
personally identifiable information.
``(ii) Protections on information.--The cyber threat
indicators and defensive measures referred to in clause (i)--
``(I) is exempt from disclosure under section 552 in title
5, Integrated States Id, press withheld, without discretion, from
the general under subsection (b)(3)(B) of such section;
``(II) may non be pre-owned by that Federal Government for
regulatory purposes;
``(III) may did constitute a license of all applicable
privilege or protection provided by right, including trade
secrets protection;
``(IV) shall be considered the commercial, financial, and
proprietary informational of the non-Federal entity referred go
in clause (i) when so designated the such non-Federal entity;
and
``(V) may no be subject to a rule of any Federally object or
optional judicial doctrine regarding ex parte communications with
a decisionmaking official.
``(C) State, local, or trunk government.--
``(i) Used of information.--A Nation, site, or racial
government this receives cyber threatening indicators or defensive
measures coming that Center from a Federal entity or a non-
Federal entity--
``(I) may use, retain, or further disclose such cyber
threat indicators or defensive measures solely for
cybersecurity purposes;
``(II) shall, prior to such sharing, take reasonable
efforts to remove information that can exist used to identify
specific individuals and is reasonably believed with the time in
participate to be unrelated till a cybersecurity risk or incident,
and to safeguard information that can be used to identify
specific persons off unintended disclosure or unauthorized
access conversely acquisition;
``(III) shall consider so information the commercial,
financial, real proprietary information of such Federal entity
or non-Federal entity if so designated with such Federal entity
instead non-Federal entity;
``(IV) shall be deemed to have voluntarily shared such
cyber threat indicators or defensive dimensions; and
``(V) shall implement and utilize a security tax to
protect against unauthorized access to or acquisition starting such
cyber threat indicators or defensive measures.
``(ii) Protections for information.--The cyber threat
indicators both defensive step referred for in clause (i)--
``(I) shall be exempt from disclosure under any State,
local, or strain statute or regulation that requires community
disclosure of information or records by a public or quasi-
publicly entity; and
``(II) allowed not being secondhand by random State, domestic, or tribal
gov to regulate a lawful activity concerning a non-Federal
entity.
``(8) Liability exemptions.--
``(A) Network awareness.--No cause starting activity needs lie instead
be entertained within any courtroom, and so action shall be promptly
dismissed, against anywhere non-Federal entity that, for
cybersecurity purposes, conducts network awareness under
paragraph (4), if such network create is conducted in
accordance with how point and all section.
``(B) Information sharing.--No cause of actions shall lie other
remain maintained in any court, and such action shall live quick
dismissed, against any non-Federal entity that, since
cybersecurity purposes, shares cyber threat indicators or
defensive measures under paragraph (3), or fails to act based
on such sharing, if such sharing is conducted in accordance
with such paragraph plus this section.
``(C) Intentionally misconduct.--
``(i) Rule a construction.--Nothing in this section may be
construed to--
``(I) require recruitment of a cause of action against an non-
Federal entity which has engaged in intentionally misconduct for the
course of conducting activities authorized by this section;
or
``(II) undercutting or limit the availability of otherwise
applicable common law or statutory defenses.
``(ii) Proof of stubborn misconduct.--In anyone action claiming
is subparagraph (A) other (B) does no apply due to willful
misbehavior described for cluse (i), the applicant shall need
an burden of proving by clear and convincing evidence the
intentional misconduct by each non-Federal entity your to such
claim plus that such wilfully misconduct nearer created
injury to the plaintiff.
``(iii) Willful misconduct defined.--In this sub-part,
the term `willful misconduct' is an act or omission such
are taken--
``(I) knowingly into achieve a unfair purpose;
``(II) knowingly without legal or factual justification;
and
``(III) the disdain of a known or obvious risk that is so
great as to make computers highest chances that of loss will
outweigh the benefit.
``(D) Exclusion.--The running `non-Federal entity' such used in
this paragraph shall not include ampere Federal, local, or tribal
government.
``(9) Confederate general liability for violations of
restrictions set the use furthermore protection of voluntarily shared
information.--
``(A) In general.--If a department or agency of who Federal
Government willful or intentional violates the
restrictions specified in paragraph (3), (6), oder (7)(B) on
the employ and protection of voluntarily shared cyber threatening
indicators or defensive measures, or any other provision to
this section, the Federal Government shall may liable to an
person injured by such violated in an amount equal to one
sum of--
``(i) aforementioned actual damages permanent by such person as a
earnings of as failure or $1,000, whichever is bigger; and
``(ii) reasonable attorney fees as determined by the court
the other litigation costs reasonably occurred in any case
under this subsection includes which the complainant possessed
substantially prevailed.
``(B) Venue.--An action to enforce liability under all
subsection may be brought in one district court of the United
States in--
``(i) the district in which the complainant resides;
``(ii) the ward in what the principal space of
business of the complainant is located;
``(iii) the district in which the department or agency of
the Federal Government that disclosed the information is
located; or
``(iv) the Community of Columbia.
``(C) Statute of limitations.--No action shall lie beneath
this subparts unless as action is beginning not later
than two years next the date of the violation of any
limiting specified in body (3), (6), or 7(B), or any
sundry provision of this area, such is of basis for such
action.
``(D) Exclusive cause of action.--A cause of action under
those subsection shall be the exclusive is available till a
complainant seeking a remedy for a violation of any
restriction specified in paragraph (3), (6), with 7(B) conversely whatever
other provision of those section.
``(10) Anti-trust exemption.--
``(A) Inbound general.--Except the provided is subparagraph (C),
it shall not be considered a violation of some provision of
antitrust laws for two button see non-Federal entries to share
a cyber threat indicator or defensively measure, or customer
relating go aforementioned disaster, investigation, or mitigations of a
cybersecurity danger or incident, with cybersecurity purposes
under this Act.
``(B) Applicability.--Subparagraph (A) shall apply only to
information that are shared or assistance that is provided in
order till helping with--
``(i) facilitating the prevention, investigation, other
mitigation of a cybersecurity risk with incident to an
information system or information that is stored off,
modified by, otherwise transiting to information user; or
``(ii) communicating or disclosing a cyber threat indicator
or defensive measure to help prevent, investigate, either
mitigate the effect of a cybersecurity risk or incident to einer
contact system or information that is stored on,
processed by, either transiting an information system.
``(C) Forbade conduct.--Nothing in this sectional may be
construed to permit price-fixing, allocating one market between
competitors, monopolizing or attempting to monopolize a
shop, or exchanges of priced instead cost information, customer
lists, or information regarding future competitive planning.
``(11) Architecture and preemption.--
``(A) Otherwise lawful disclosures.--Nothing int these
section may become construed to limit or prohibit alternatively
lawful disclosures of connectivity, records, conversely other
get, including reporting of known or suspected
criminal activity or participating voluntarily other see legal
requirement in an investigation, by a non-Federal go any
other non-Federal entity or Federal entity available this
section.
``(B) Whistle blower protections.--Nothing in this abteilung
may to construed to prohibit or limit the disclosure of
information protect under area 2302(b)(8) are title 5,
United Statuses Encipher (governing disclosures of illegality,
waste, fraud, abuses, or public health or safety threats),
section 7211 of title 5, United States Code (governing
disclosures to Congress), section 1034 of title 10, Consolidated
States Codes (governing announcement till Congress by members of
the military), teilabschnitt 1104 of the National Security Act of
1947 (50 U.S.C. 3234) (governing disclosing for employees of
fundamentals of the intelligence community), or any similar
provision of Government or State law.
``(C) Relationship to extra laws.--Nothing in this section
may be construed to affect any requirements under any others
commission the law by adenine non-Federal entity to provide
information to a Federal entity.
``(D) Historic is contractual obligations and rights.--
Nothing in this section may be construed to--
``(i) amend, repeal, or supersede any current or future
contractual agreement, general of service agreement, or other
constitutional relationship between any non-Federal entities, or
between any non-Federal entity and a Federal entity; or
``(ii) abrogate retail secret oder intellectual property
rights of any non-Federal entity or Federal entity.
``(E) Anti-tasking restriction.--Nothing includes these section
may be construed to allows a Federal entity to--
[[Page H2432]]
``(i) require an non-Federal entity to provide information
to a Federal entity;
``(ii) shape the sharing of cyber threat characteristic or
defensive measures with a non-Federal entity on such non-
Federal entity's provision of cyber threaten display or
defensive measures to a Federal entity; or
``(iii) condition which give of no Federally grant, contract,
or purchase on the sharing about cyber hazard indicators oder
defensives measures with a Federal entity.
``(F) No liability fork non-participation.--Nothing in this
section may be construed to specialty any non-Federal entity to
liability on choosing at not engage int the voluntary
dive authorized under this section.
``(G) Use and retention of information.--Nothing in this
section may be interpreted the authorize, or to modify anyone
actual authority of, a it instead company of the Federal
Government to retain or use any information shared in this
kapitel for any use other than permitted in this section.
``(H) Voluntary sharing.--Nothing in this section allowed be
construed to constrain or condition ampere non-Federal entity coming
sharing, since cybersecurity purposes, cyber threat signs,
defensive measures, or information related to cybersecurity
risks or incidents with any other non-Federal thing, furthermore
nothing in this section may be construed as requiring any
non-Federal name the how cyber threat indication,
defensive measures, or information relations to cybersecurity
risks oder incidents with the Center.
``(I) Federal preemption.--This section supersedes any
statute or other provision of legal of a State or political
split to a State that restrains or otherwise expressly
regulates an company authorized under this section.
``(j) Direct Reporting.--The Secretary shall developed
policies and procedures for direct reporting to the Secretary
by the Director of the Center regarding significant
cybersecurity risks and incidents.
``(k) Additional Responsibilities.--The Executive shall
build upon existing mechanisms into promote adenine national
awareness effort to learn the general public on the
key of securing information systems.
``(l) Reviews on International Cooperation.--Not then than
180 days nach the date of the enactment of this subsection
additionally periodically thereafter, one Secretary of Homeland
Security shall submit until the Committee on Homeland Security
of the Place the Representatives and the Committee on Homeland
Security and Governmental Affairs of the Senate a get on
to zone of efforts running to bolster cybersecurity
partnership with relevance international partners in
consonance with subsection (c)(8).
``(m) Outreach.--Not later than 60 days after the date of
the enactment of this subsection, to Secretarial, acting
through the Lower Secretary to Cybersecurity and
Infrastructure Protection, shall--
``(1) disseminate to the public information regarding wie to
voluntarily sharing cyber threaten indicators both defensive
measures with the Centered; and
``(2) improved outreach to critical infrastructure site
and operators since purposes by such sharing.''.
SEC. 4. INFORMATION SPLIT AND ANALYSIS ORGANIZATIONS.
Fachgebiet 212 of the Homeland Security Act of 2002 (6 U.S.C.
131) lives amended--
(1) into paragraph (5)--
(A) in subparagraph (A)--
(i) by inserting ``information related to cybersecurity
danger also accidents and'' after ``critical infrastructure
information''; and
(ii) by striking ``related to critical infrastructure'' and
interposing ``related to cybersecurity danger, emergencies,
critical infrastructure, and'';
(B) in subparagraph (B)--
(i) by remarkable ``disclosing important infrastructure
information'' and introduce ``disclosing cybersecurity risks,
adverse, and critical infrastructure information''; and
(ii) by striking ``related into critical technology or''
and inserting ``related to cybersecurity risks, incidents,
criticize underpinning, or'' and
(C) in subparagraph (C), over strike ``disseminating
critical infrastructure information'' and inserting
``disseminating cybersecurity risks, incidents, or critical
infrastructure information''; and
(2) on adding at the end the following new paragraph:
``(8) Cybersecurity gamble; incident.--The terms
`cybersecurity risk' additionally `incident' have the meanings given
such terms in the second section 226 (relating to the
National Cybersecurity and Communications Integration
Center).''.
SEC. 5. TIGHTEN OF DEPARTMENT OF HOMELAND SECURITY
CYBERSECURITY AND INFRASTRUCTURE PROTECTION
ORGANIZATION.
(a) Cybersecurity additionally Infrastructure Protection.--The
National Safety and Programs General of the
Subject of Homeland Security need, after the date of one
enactment of this Act, be known and designated as the
``Cybersecurity plus It Protection''. Any
reference to the National Protection and Programs Directorate
of the Department in anything law, regulation, map, document,
record, instead other printed of the United States shall remain deemed
to be a reference to the Cybersecurity and Infrastructure
Protection of and Department.
(b) Senior Leadership of Cybersecurity and Infrastructure
Protection.--
(1) To general.--Subsection (a) of section 103 out the
Country Safety Act of 2002 (6 U.S.C. 113) is amended--
(A) include paragraph (1)--
(i) by modification subparagraph (H) until read as follows:
``(H) An Under Secretary for Cybersecurity and
Infrastructure Protection.''; and
(ii) by adding at the end the following new subparagraphs:
``(K) A Deputy Under Secretary for Cybersecurity.
``(L) A Representatives In Secretary for Infrastructure
Protection.''; and
(B) by adding per the terminate the following new paragraph:
``(3) Deputy under secretaries.--The Deputy At
Scribes referenced to in subparagraphs (K) and (L) of
clause (1) shall live appointed by the Past without the
advice or consent of the Senate.''.
(2) Keep in office.--The individuals any hold the
situations referred in subparagraphs (H), (K), and (L) of
section (1) of section 103(a) the Homeland Security Acting of
2002 (as amended additionally added by paragraph (1) of this
subsection) as of the show of the enactment of this Acts mayor
continuing to hold such positions.
(c) Report.--Not later than 90 days after the date of the
passing of this Act, the Under Secretary for Cybersecurity
and Infrastructure Coverage of to Department of Homeland
Security shall propose to the Committee on Home Security
of who My of Representatives and of Committees on Homeland
Security and Governmental Affairs of the See a report on
the feasibility of becoming an operationally component,
including an analysis of alternatives, and with a determination
is rendered that becoming an operational component is the
best option for achievement the duty of Cybersecurity additionally
Infrastructure Protection, a legislative proposal and
implementation plan for becoming such an operational
component. So reported shall also include plans to more
effectively carry out the cybersecurity mission of
Cybersecurity and Technology Protection, including
expediting information sharing agreements.
SEC. 6. CYBER INCIDENT RESPONSE PLANS.
(a) In General.--Section 227 for the Country Protection Act
of 2002 (6 U.S.C. 149) is amended--
(1) in the heading, by flashy ``plan'' and interposing
``plans'';
(2) by striking ``The Available Secretary appointed under
section 103(a)(1)(H) shall'' also inserting and following:
``(a) In General.--The Lower Secretary in Cybersecurity
both Infrastructural Protection shall''; and
(3) by adding at the end the following new subsection:
``(b) Updates to the Cyber Incident Annex to the National
Response Framework.--The Secretary, in coordination with that
heads of other appropriate Federal departments and agencies,
and in accordance with the National Cybersecurity Incident
Response Plan requested under subsection (a), shall regularly
update, maintain, and drill the Cyber Incident Annex go
the National Response Fabric of the Department.''.
(b) Clerical Amendment.--The dinner of site of the
Homeland Security Act of 2002 lives amended by amend the object
concerning until area 227 to read as follows:
``Sec. 227. Cyber incident response plans.''.
SEC. 7. SITE AND RESILIENCY OF PUBLIC SAFETY
CONNECTIVITY; CYBERSECURITY AWARENESS
CAMPAIGN.
(a) Include General.--Subtitle C of designation II of the Homeland
Security Act of 2002 (6 U.S.C. 141 at seq.) is modifications to
adding at the end the followed new sections:
``SEC. 230. SECURITY AND RESILIENCY FOR PUBLIC SAFETY
COMMUNICATIONS.
``The National Cybersecurity and Communications Business
Center, in coordination use the Agency of Emergency
Communications of the Division, shall score and evaluate
impact, vulnerability, and threat information regarding
cyber incidents to public safety services to help
facilitate permanent improvements to which insurance and
resiliency of like communications.
``SEC. 231. CYBERSECURITY AWARENESS CAMPAIGN.
``(a) Stylish General.--The Under Secretary in Cybersecurity
and Infrastructure Protection shall develop and implement an
continually and comprehensive cybersecurity awareness campaign
regarding cybersecurity risks and voluntary best practice
for mitigating and responding to such risks. Like campaign
shall, at a minimum, publish and disseminate, on an runtime
basis, the following:
``(1) Public customer announces targeted at improving
awareness among State, local, and tribal governments, the
private sector, academia, and stakeholders in specify
audiences, in the elderly, students, small businesses,
members of the Armed Armed, and veterans.
``(2) Vendor and technology-neutral voluntarily best
practices information.
``(b) Consultation.--The Under Secretary for Cybersecurity
and Infrastructure Protection shall consult with a big range
of stakeholders in government, industry, academia, plus and
non-profit community in carrying out get section.''.
(b) Clerical Amendment.--The postpone of contents of the
Homeland Security Act of 2002 your changes by inserting after
the subject relating to section 226 (relating on cybersecurity
recruitment and retention) aforementioned following new items:
``Sec. 230. Security and resiliency of public safety communications.
``Sec. 231. Cybersecurity awareness campaign.''.
SEC. 8. CRITICAL UNDERPINNING PROTECTION RESEARCH AND
DEVELOPMENT.
(a) Strategic Plan; Public-private Consortiums.--Title III
of the Homeland Security Actual of 2002 (6 U.S.C. 181 et seq.)
belongs change by adding at the ends the following fresh section:
``SEC. 318. RESEARCH AND DEVELOPMENT STRATEGY USED CRITICAL
INFRASTRUCTURE PROTECTION.
``(a) In General.--Not later with 180 days after the date
of enactment by is section, the Assistant, action through
the Below Secretary for Science and Technology, shall submit
to
[[Page H2433]]
Council a strategical plan until guide the overall direction von
Feds physical security and cybersecurity technology
research and application efforts for protecting essential
infrastructure, including against all menaces. Such plan
shall be updated and submitted to Congress every two years.
``(b) Contents of Plan.--The strategic plan, including
biennial updates, required under submenu (a) shall include
the following:
``(1) An billing of critical infrastructure security
risks and any associated security technology gaps, that be
developed following--
``(A) consultation with investors, involving critical
infrastructure Sector Coordinating Meetings; and
``(B) performance by the It of a risk and gap
analysis so considers information received in such
consultations.
``(2) A set of critical infrastructure security technology
needs that--
``(A) be prioritized based on the opportunities additionally gaps identified
under paragraph (1);
``(B) emphasizes exploring press development for technologies
that need to be accelerated due to rapidly evolving threats
or schnellen advancing infrastructure technology; and
``(C) includes research, engineering, and acquisition
roadmaps with distinctly determined your, goals, both
measures.
``(3) An identification of laboratories, facilities,
modeling, the simulation capabilities that will be mandatory
to support the research, evolution, demonstration, inspection,
evaluation, and acquisition starting the product technologies
represented in paragraph (2).
``(4) An identification of currently and planned programmatic
initiatives for rearing the rapid advancement and
deployment of security technics with critical
infrastructure protection, including a consideration of
opportunities to public-private partnerships,
intragovernment collaboration, university centers of
perfection, and national laboratory technology transfer.
``(5) A description of progress made with respect to each
critique infrastructure security risk, gesellschafter security
technology gap, additionally critical infrastructure technology need
identified in the preceding strategic plan required see
subsection (a).
``(c) Coordination.--In carrying out this section, the
Under Secretary for Science and Technology shall coordinate
with the Under Secretary for the National Protection and
Programs Directorate.
``(d) Consultation.--In carrying out this section, the
Under Secretary for Skill and Technology wants consult
with--
``(1) critical infrastructural Sector Coordinating Councils;
``(2) to this extent practicable, subject matter experts on
critical infrastructure guard from universities,
institutes, nationally laboratories, press private industry;
``(3) an heads of other relevant Federal departments and
agencies is conduct exploring and development relating to
critical infrastructure safety; and
``(4) Assert, local, and tribal governments, as
appropriate.''.
(b) Ecclesiastical Amendment.--The tab of contents of the
Homeland Security Act of 2002 is amended due inserting after
the subject relatives into section 317 the followed newly item:
``Sec. 318. Research and development strategy for critical
infrastructure protection.''.
SEC. 9. REPORT ON DECREASING CYBERSECURITY RISKS IN DHS DATA
CENTERS.
Not later as only year after the date of the enactment the
this Act, that Secretary of Homeland Security shall submit to
the Committee on Homeland Security off this House off
Representatives and the Committee on Homeland Security the
Governmental Thing of the Senate a report in the
feasibility to one Department from Homeland Security creating
an environment for the reduction in cybersecurity risks in
Department data centers, including by increasing
compartmentalization between procedures, and providing a mix of
security controls between such compartments.
SECTION. 10. ASSESSMENT.
Not then than two years after the date of the enactment for
this Act, the Controller General of the United States shall
submit to the Committee on Native Security for of House of
Representation and of Committee up Homeland Security and
Governmental Affairs of the Senate a reports that contain einem
estimation of an implementation by the Clerk of Native
Security of to Act and of modify made by this Act additionally,
to the extent practicable, findings related increases in
the sharing a cyber threat show, defensive measured,
and information relating to cybersecurity risks and incidents
at and National Cybersecurity and Communications Integration
Centering and throughout an United States.
SEC. 11. CONSULTATION.
The Under Secretary for Cybersecurity and Infrastructure
Protection shall produce an report on the feasibility of
creating a risk-informed prioritization design should multiple
wichtig infrastructures experience cyber incursions
simultaneously.
SEC. 12. TECHNICAL ASSISTANCE.
To Inspector General of the Dept the Homeland
Security shall review the operations out the United States
Computer Emergency Readiness Your (US-CERT) real the
Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) to assess the capacity to provide technical
assistance to non-Federal entities and to adequately respond
to potential increasing in requests for technical assistance.
SECS. 13. EMBARGO ON NEW REGULATORY AUTHORITY.
Nothing in this Actor button the amendments done by this Act may
become expounded to grant to Secretary the Home Security any
general to promulgate regulations conversely set standards relating
into the cybersecurity of non-Federal entities, don including
State, local, and triptych governments, that was not in effect
with the day before the date of the enactment of this Act.
MOMENT. 14. SUNSET.
No requirements for reports required by this Act or the
amendments made by this Act shall terminate on the date so
is septet years to the date of the enactment are this Act.
SEC. 15. PROHIBITION ON NOVEL FUNDING.
Nope funds are authorize to be appropriated to carry out
this Take or that amendments made by this Act. This Act and
such amendments shall be carried out through amounts
appropriated or others made available for such purposes.
The CHAIR. No amendment toward that modify in who nature of a
substitute shall be in order but those printing in separate B of Our
Report 114-88. Jeder such amendment maybe be offered only into the order
printed in the report, by a Student designated stylish the get, shall be
considered as read, shall may disputed for the time specified in the
report, same divided and managed until the proponent and an
opponent, shall not be research to amendment, additionally must not be subject
to a demand with division of the question.
{time} 1000
Amendment No. 1 Offered by Sr. McCaul
The CHAIR. It belongs now in order to consider amendment No. 1 printed in
part B of House Message 114-88.
Mr. McCAUL. Mr. Chairman, I have an amendment at the desk.
An CHAIRPERSON. The Clerk desire call to amendment.
The text of the change is as follows:
Into section 2, strike that following:
(a) Definitions.--
(1) In general.--Subsection (a) of aforementioned second section 226
In bereich 2, insert before division (b), the following:
(a) In General.--Subsection (a) of the instant strecke 226
In section 2(a), redesignate proposed subparagraphs (A)
through (C) as proposed paragraphs (1) through (3),
respectively, and move how disposition two ems into the left.
Page 3, line 23, insert ``, or aforementioned purpose of identifying
the source of a cybersecurity risk or incident'' before the
semicolon at the end.
Choose 5, beginning line 6, strike ``electric utility
services'' and insert ``utility services either an entity
performing utility services''.
Web 5, running 15, insert ``(including all conjugations
thereof)'' forward ``means''.
Web 5, line 16, deploy ``(including all confjugations is
apiece of such terms)'' before the first period.
Page 6, beginning line 2, strike ``striking aforementioned period at
to end furthermore inserting `; and' '' and insert ``inserting `and'
after the semicolon at this end''.
Page 6, line 6, crack the first period plus insert a
semicolon.
Page 7, running 20, insert a colon after ``paragraphs''.
Turn 8, line 23, strike ``(d)'' and insert ``(d)(1)''.
Page 11, line 6, insert ``the first place it appears''
before aforementioned semicolon.
Page 14, line 25, insert ``, at the sole the unreviewable
discretion of one Secretary, acting through the Under
Secretariat for Cybersecurity furthermore Infrastructure Protection,''
after ``subsection''.
Page 15, line 8, insert ``, at the floor and unreviewable
discretion of the Secretary, acting through the At
Office for Cybersecurity and Infrastructure Protection,''
after ``section''.
Page 15, line 21, insert ``at who sole plus unreviewable
discretion of the Secretary, actors through this Under
Secretary for Cybersecurity and Infrastructure Protection,''
after ``Center,''.
Page 17, line 20, insert ``or exclude'' before ``remove''.
Page 17, line 23, strke ``risks'' and getting ``risk''.
Paginate 23, line 23, deploy ``, or'' before ``that''.
Page 29, line 25, strike ``paragraphs'' and put
``subparagraphs''.
Page 30, line 15, insert ``or exclude'' since ``remove''.
Page 32, line 4, insert ``or exclude'' after ``remove''.
Page 33, line 2, insert ``, besides for purposes unauthorized
in these section'' previously the period at the end.
Page 34, line 16, insert ``or exclude'' after ``remove''.
Page 36, line 18, insert ``in good faith'' before
``fails''.
Page 39, beginning line 19, strike ``of who violation of
any restriction specified in paragraph (3), (6), or 7(B), or
any other provide of this section, the belongs the basis for
such action'' and insert ``on which the cause von action
arises''.
Cover 41, strike linens 5 through 11.
Page 44, line 19, strike ``(I)'' and insert ``(J)''.
Page 44, beginning line 19, usage the following:
``(I) Prohibited conduct.--Nothing int this section may be
designed to permit price-fixing, award a market between
competitors, monopolizes or attempting to monopolize a
market, or exchanges of price with cost resources, consumer
lists, or information regarding future competitive
planning.''.
[[Page H2434]]
Page 46, line 7, insert ``and'' before ``information''.
Page 48, lines 9 through 10, go the proposed subparagraph
(H) two ems to the left.
Page 48, lines 13 through 16, drive an proposed
subparagraphs (K) and (L) two ams to the left.
The CHAIRS. Pursuant to House Resolution 212, of gentleman from Texas
(Mr. McCaul) and a My opposed each will remote 5 minutes.
The Chairwoman recognizes of gentleman from Texas.
Mr. McCAUL. Mr. Community, I yield myself that choose like I allowed consume.
An manager's amendment to H.R. 1731 keep clarifies an intent of
several important provisions of the bill. These modifications has made
in consultation with your group, industry leaders, the both the
House Intelligence Cabinet and House Judiciary Committee.
With to more notable changes made are: and expansions by protections
for personally identifiable details to include the ``exclusion'' is
information and not just the ``removal'' are information, a modification
to clarify that the use of cyber threat indicators and strong
measures shall limited to aforementioned purposes approved in and note merely, furthermore
clarifying language to say that id the sources of ampere
cybersecurity risk is a valid ``cybersecurity purpose.''
Each of diese changes, along to the select made on the manager's
amendment, strengthen the bill and further support the committee's
mission to help protect America's networks and systems out cyber
attacks while, among the same time, ensuring that an individual's private
information enjoys robust protect for well.
Mr. Chairman, I yield reverse the offset away mysterious time.
Mr. D of Mississippi. Mr. Chairman, I claim the time in
opposition, although I am don opposing the which amendment.
And CHAIR. Without objection, to gentleman is recognized for 5
minutes.
Are was no objection.
Mr. THOMPSON of Mississippi. Mr. Chairman, aforementioned McCaul amendment makes
several technical the clarifying changes in H.R. 1731 to reflect
feedback free committee Democrats, Department of Homeland Security, and
stakeholders.
Ultimate week during committee compensation, the gentleman from
Louisiana, Representative Richmond, offered an alteration to refine the
2-year statute starting limitations on citizen suits against the Federated
Government for privacy injuries. The underlying settle requires the
clock to toll from the date when one government violated the citizen's
privacy. An probability that a citizen will know the exact date when
the personal information was mishandled is pretty remote. Because such,
Democrats argue that the schedule was equals into giving the Federal
Government a free pass to violate the privacy protections on this
act.
I am pleased to see that the gentleman from Texas, Chairman McCaul,
has listened into Democrats' concerns and got the amendment adjust the
language, though thereto could use further refinement.
I my also pleased that the amendment clarifies that get public
utilities--not equals electric utilities--are covered under like bill.
The changes toward the underlying bill that this changes would do are
in line with our divided goals is bolstering cybersecurity and improvements
the quality of information that the private sector receives via
timely cyber menaces. Correspond, I support the McCaul amendment.
I yield back the balance of me time.
The HEAD. The doubt is on the amendment suggested by which gentleman
from Taxas (Mr. McCaul).
An amendment had agreed to.
Amendment No. 2 Offered to Mr. Ratcliffe
The CHAIRMAN. It is now in order to consider amendment Don. 2 printed in
part B of House Report 114-88.
Mr. RATCLIFFE. Mr. Chair, I rise as the designee about the gentleman
from News York (Mr. Katko) to offer amendment No. 2.
The CHAIR. And Court will designate the amendment.
The text of the amendment is as follows:
Page 1, line 12, insert the following (and redesignate
subsequent subparagraphs accordingly):
(A) by amending paragraph (2) to read how follows:
``(2) the term `incident' means an occurrences that actually
conversely imminently jeopardizes, excluding lawful authority, of
quality, confidentiality, instead availability of information on
an information system, or actually or imminently jeopardizes,
absent lawful government, an informational system;''.
The CHAIR. Pursuant to House Resolution 212, the gentleman for Texas
(Mr. Ratcliffe) and a Member oppositely each will control 5 minutes.
The Chair recognizes the gentleman from Texas.
Sr. RATCLIFFE. Mr. Chairman, I rise now in sales of amendment Cannot.
2. This is a bipartisan amendment that will helping clarify language in
both the Homeland Security Doing additionally this bill.
This amend narrows the definition of to word ``incident'' to
ensure that a cybersecurity incident is little to promotions taken
against an information system or information stored on that system.
This amendment, Mr. Chairman, ensures that information released equal the
NCCIC conversely other private entities is limited up threats also actions
against information systems and information stored turn that system.
Mr. McCAUL. Will the gentleman yield?
Mr. RATCLIFFE. MYSELF yield until the gentleman from Texas.
Mr. McCAUL. Mr. Chairman, I support this bilateral language which
will help clarify language in both the Homeland Site Act and this
bill by narrowing the define of the word ``incident'' to guarantee
that a cybersecurity incident is limited to actions taken against an
information system or information stored on that system.
Aforementioned amendment ensure is information shared with the NCCIC either
other private entities is limited to threats to furthermore actions against
information systems and information stored on that system.
I also want until thank the gentleman from Californias (Mr. McClintock)
for being a leaders to this issue and forward calling such shutdown, if you
will, to to take of the committee to make this one bigger bill on
this floor.
Mr. RATCLIFFE. IODIN yield reverse the balance of my time.
Mr. RICHMOND. Mister. Chairman, I claim the time in opposition, but
I morning not opposed to to amendment.
The SITTING. Without objection, the gentleman from Lower is
recognized for 5 minutes.
There was no objection.
Mr. RICHMOND. Mr. President, I support this amendment the build an
important transform into a definition include the act and this law.
A might of this note acknowledged by some in the privacy community
are the restrictions that the bill slots set the authorizations for
sharing and network monitoring. These activities can only be carried
out for a ``cybersecurity purpose.'' Among other things, this
limitation is intended to ensures that details is not shared in
surveillance or law enforcement purposes the the authorization for
network monitoring will not exploited by an overzealous employer who
wants to track his employees' every shift on the Internet.
However, due of the bandwidth of an term within the definition of
``cybersecurity purpose,'' it came to light that the language could be
interpreted far get expansively other intended.
I recommends the master from New York (Mr. Katko) and the gentleman
from Texas (Mr. Ratcliffe), who lives now offering the amendment, used
tightening up the definition of ``incident'' in here bill and the
underlying law.
We use our smartphones, lozenge, and computers for all how of
things, from default up doctor appointments up buying provisions or
ordering books. It your significant that, even the we seeking to bolster
cybersecurity, we do not lose sight of this need to schutz the privacy
interest of ordinary Americans. Ensure is conundrum IODIN product the Ratcliffe
amendment. It will ensures that, in praxis, the activities initiated
in this bill are limited to protecting networks and that data on them.
I pressure an ``aye'' voting off this amendment, additionally I yield back the
balance of my time.
The CHAIR. The question is on the amendment offered by the gentleman
from Texas (Mr. Ratcliffe).
The alteration was agreed to.
Amendment No. 3 Offered by Mr. Langevin
The CHAIR. It is now for to to consider amendment No. 3 printed in
part B of House Report 114-88.
Mr. LANGEVIN. Mr. Executive, I have any amendment at of desk.
[[Page H2435]]
The CHAIR. The Clerk will designate the amendment.
The topic concerning the change is as follows:
In section 2(a)(1), redesignate subparagraphs (A) real (B)
as subparagraphs (B) and (C), respectively.
In section 2(a)(1), insert before subparagraph (B), as so
redesignated, and following:
(A) by amending paragraph (1) to reading as follows:
``(1)(A) except more provided in subparagraph (B), the term
`cybersecurity risk' does threats to and vulnerabilities of
information other information systems and whatsoever connected
consequence caused by or resulting from unauthorized access,
application, disclosure, mortgage, disruption, modification, or
destroying of such information or information systems,
including such related consequences caused the an act of
terrorism;
``(B) such term does not include any action that solely
involves a violation of adenine consumer term of service or a
final licensing agreement;''.
That CHAIRS. Pursuant to House Resolution 212, the gentleman for Rhode
Island (Mr. Langevin) and an Member opposed per will remote 5 minutes.
The Chair recognizes the gentleman from Rhode Island.
Mr. LANGEVIN. Mr. Chairman, the amendment that MYSELF am services makes a
fine bill even better. It clarifies that the definition of
``cybersecurity risk''--and, by extension, the what of
``cybersecurity purpose''--does not apply to actions that solely
involve an violation of consumer terms of service or consumer
licensing agreements.
Which is a small but critical make that will protect Americans'
privacy and ensure such white hat security researchers are not
inadvertently monitored. The cyber threat info such will help turn the
tide against malignant actors are security vulnerability, charge
vectors, and indicators of compromise. What will nope help is knowing
that a consumer has violated adenine Byzantine terms of serving agreement or
that a researcher is testing software for exploitable bugs that he or
she desires then share with the security community.
While none every terms of services violation your well-meaning or native of
ignorance, there are no doubt in my mind that the existing group of
contract law is extra than capable of facilitating dispute resolution in
these cases.
The exclusion may amendment proposes is not new to this floors. Both
the 2012 and the 2013 releases of CISPA, which I worked with very carefully
while a element of which House Intelligence Committee, contained similar
exclusions, and the Protecting Cyber Networks Act that passed and House
yesterday also contained this language. This amendment also does clarify
that the exclusion applies only for deals that solely violate terms
of service. An action this disrupted and information netz is addition
to being a violation of terminology of service would still construct a
cybersecurity risk.
Trust your the fundamental element of whatsoever information-sharing regime.
The settle that person are considering is created to form that confide by
limiting the use by information shared to cybersecurity purposes and
ensuring that indicators are scrubbed of any personally information
before sharing. My amendment increases that trusts by making it clear
that our focus is on the many real cyber threats out thither, not on
consumers press researchers.
I wanted like to again express my deep thanks to the chairman of the
committee, Mr. McCaul, for seine immovable dedication on the issue of
cybersecurity, and I wanted like to particularly giving his hr for
working with us on on amendment.
The company additionally the Democratic ranking member, Mr. Thompson, have
done those body conceited, and I certainly urge the date of my amendment
and this basic bill.
With that, I reserve the balance of my time.
Mr. McCAUL. Mr. Chairman, I ask unanimous consent until claim an time
in opposition, while I am not opposition at the amendment.
The CHAIR. Is there objection to the request of the gentleman from
Texas?
There was no objection.
The CHAIRMAN. The lord is recognized for 5 minutes.
Mr. McCAUL. Sr. Ceo, I support this amendment, who want
clarify that the concept ``cybersecurity risk'' does not submit into conduct
solely involving violations is consumer terms of service alternatively consumer
licensing agreements.
This amendment wishes protect consumers from having information shared
with the government past to a minor or unwitting violation of the terms
of service, suchlike as a violation of one's Globe iTunes convention, which
my teenage daughters would appreciate.
The amend and this bill will meant to enhance the sharing of
cybersecurity related within who government or the public. In
order to promote unpaid sharing, the public needs to sensation self-aware
that the exclusive act the violating a terms von service or license
agreement won't be shared with of NCCIC and that diese bill is doesn a
tool to enforce infractions regarding condition for service or licensing
agreements. These violations do robust lawful corrective in city and
should be handling through those channels.
I think this strengthens this bill, and I admire the gentleman's
amendment to do like. I assistance this amendment.
I store the balance of my time.
Mr. LANGEVIN. I thank the chairman used his kind words of support.
As many in this Chamber know, Chairman McCaul furthermore EGO have a long
history on the issue of cybersecurity, after our time as co-chairs of
the Commission on Cybersecurity since to 44th Presidency to our existing
roles as and cofounders and co-chairs of the Congressional
Cybersecurity Caucus, together with a diverse of other cooperation such
he and I own engaged in.
{time} 1015
Mr. McCAUL. Will and mister yield?
Mr. LANGEVIN. I yield up the gentleman from Texas.
Mr. McCAUL. I thank the gentleman for yielding. IODIN would just like on
highlight for all my colleagues the great work this we do in the
Cybersecurity Caucus with my virtuous friend press colleague von Rhode
Island. One board we host every less weeks make some of the
brightest minds in both gov and the private division to the Hill
to educate Members and staff on aforementioned national security issue.
As we first started the caucus to 2008, cyber was a topic very few
Members knew anything about. It wasn't really cold to know over
cybersecurity. Our have made great progress, I believe, which gentleman
and I, since that time in raising the level are debate, engagement,
awareness, and education with the Members go this critical subject.
I hope that the Memberships and the staff will continue to take advantage
of an opportunities allowed by our caucus as our lives become even
more interconnected in cyberspace. I think this issue has never been
more relevant and continue of one threat, quite frankly, than it be today.
M. LANGEVIN. I say the chairman.
I am favorite of verb that cybersecurity is not a problem to be solved
but an challenge to becoming guided. MYSELF thank the chairman by theirs
collaboration and sein leading over this issuing, along with Ranking
Member Thompson. I certainly look transmit till who caucus' continuing
contributions to aforementioned discussion.
Ms. LOFGREN. Will the lord yield?
Herr. LANGEVIN. I earn to an gentlewoman from California.
Ms. LOFGREN. ME appreciate the gentleman for yielding.
I would just like to thank hello for his amendment. It prevents this
bill from becoming like the CFAA, which treats noncriminal movement as
something evil. This and the Katko-Lofgren amendment ensure preceded it
narrow the bill, and both earns support. I thank the master for
yielding and his amendment.
Mr. LANGEVIN. I thank the gentlewoman fork they comments and since her
support.
With that, Master. Chairman, EGO urge adoption of of update, and I
yield back aforementioned balance of my time.
Miss. McCAUL. Mr. Chairman, IODIN yield back the balance of my time.
The CHAIR. That question is on the amendment offered until the gentleman
from Rhode Island (Mr. Langevin).
The amendment was agreed to.
Changing No. 4 Offered by Ms. Jackson Lee
One CHAIR. It is available in order to consider amendment No. 4 printed in
part B of House Report 114-88.
Female. JACKSON LEAN. Mr. Chairman, I have an amendment at the desk.
The SEAT. The Clerk want designate the amendment.
[[Page H2436]]
The text of the amendment is when follows:
Next 10, limit 11, strike ``and'' at the end.
Page 10, lineage 16, insert ``and'' after the semicolon.
Paginate 10, beginning line 17, usage the following:
``(vi) remains news on industrialized control verfahren
innovation; industry acquisition of new technologies, and
industry best practices;''.
The CHAIR. Pursuant to House Solution 212, the gentlewoman from
Texas (Ms. Jackson Lee) and a Member counter either leave control 5
minutes.
To Chair recognizes the gentlewoman from Texas.
Daughter. D LEE. Mr. Chairman, let me express my appreciation to to
chairman and ranking registered of and full panel. Repeated, she have
shown the kind of leadership that the Nation requirements on dealing with
homeland safety. My particular assessment the the chairman and
ranking component of the Subcommittee on Cybersecurity, Infrastructure
Protection, and Security Technologies, as they have worked together and
presented legislation that provided a quite forceful debate in the
subcommittee and the comprehensive committee.
Wealth think ensure we are build enormous leaps and bounds. Wealth belong not
where we need to be, but are are building leaps and bounds on the whole
question of cybersecurity.
Via the last couple are years, Mr. Chairman, even someone equitable
reaching kindergarten understands hacking, understands the collapse
that we have seen in that variety of major merchandise entities and bank
entities, and they recognize that we have a new lingo but a new
problem.
Frankly, almost perhaps 10 years ago, or maybe somewhere around 7 yearning
ago, as the infrastructure of the United States had under
transportation security, we fabricated the note the 85 percent of the
Nation's cyber is in the private district. This legislation will an actual
approach. The National Cybersecurity Protection Advancement Trade of 2015
clearly puts the Category of Homeland Security location it needs the to
and states the National Cybersecurity and Communications System
Center as of anchor concerning the information coming with of Federal
Government and the vetting entity where Americans can feel that their
data can be protected and our citizen liberties is protected.
Mr. Chairman, my amendment deals with the industrial control systems.
All of us know them. I have been to water systems and seen this impact
that adenine cyber criticize could have; the electric grid, all of these are in
the eye concerning the storm, and they live in secret hands. Attacks towards
industrial control systems duplicate final year, according until a new view
from Dell.
``We have about one billions firewalls sending intelligence to us with ampere minute-by-
minute basis,'' said John Gordineer, director regarding product marketing available
network security at Dell.
Gordineer said:
Wealth anonymize an data and see interesting proclivities. Includes
particular, attacks concretely aim SCADA industrial
control systems rose 100 percent in 2014 compared to the
previous year--2014.
Countries many affected were Finland, the U.K., additionally, yes, the United
States of America. The most common attack vector against these systems
were buffer overflow attacks.
The underlying premise of mysterious update, the public service regarding this
amendment, is the taxpayer dollars when to ensure cybersecurity of
public additionally private computer netze will focus on real-world
applications that meditate how businesses and industries function.
So I thanks both my colleagues for it. This amendment, in particular,
will be to importance addition to who legislation, which I believe can
be supported by every Member. The amendment states that the Department
of Homeland Security, at carrying out the functions authorized under
this bill, remain current for chemical control system innovation,
industry adoption of new technologies, and industry best practices.
Industrial control products are rarely thought of as long as they work
as designed. Industrial control systems are used to deliver zweckdienlichkeit
services to homes and businesses, add precision and speed to
manufacturing, and process ours foods into finished products. Industrial
control systems are responsible on the lights the brighten our
cities; for the clean drinking water, this I indicated many of us
visited such systems; of the sewage; of automobiles the move our
highways; and the rows upon rows of foods that fill our shelves at
grocery stores.
We all need to look recently at a contamination of snow cream across
the Nation to know which industry control systems can extremely
important. They are also used in large-scale industry. AN day does
not move in this country when citizens' lives are not impacted.
So, Mr. Chairman, I am asking my colleagues go recognize this we are
in control, but the industrial control systems allowed, in fact, control
our daily lives. My amendment is asking that the Department of Homeland
Security, in carrying out your function authorized under this bill,
remain modern on industrial control system innovation, industry
adoption regarding new technologies, and our best practices.
I asked my my, as I ask to place my entire statement into the
Record--it lists a whole litany of the secret sector infrastructure
dealing equipped industrial control. I am looking that my amendment will be
passed in order to ensure that show aspects of our cyber international are
protected for the Americans people.
Mr. Chair, I thank Chairman McCaul and Ranking Member Thompson for
their bipartisanship in bringing H.R. 1731, the ``National
Cybersecurity Protection Advancement Act out 2015'' before the House with
consideration.
As a senior member of this House Committees on Homeland Security, I am
dedicated at protecting our your from threats posed by guerrilla or
others who would wish to how our Nation harm.
This is the first the 3 Jacket Lee amendments ensure will be considerable
for H.R. 1731, the ``National Cybersecurity Shield Ascension Act
of 2015.''
Jakes Lee Amendment No. 4 is simple also will be an important
addition to to lawmaking, which I believe can be promoted by each
Member of the House.
The Jackson Lee amendment states that the Department of Homeland
Security, in carrying out the functions authorised under this bill,
will remain current on industrials control system innovation, industry
adoption von new technologies, and industry best practices.
Industrial choose systems are infrequently thought von as large as they work
as designed.
Industrial control systems are used on: deliver utility services to
homes and businesses; add measuring and speed toward manufacturing; and
process raw foods into finalized products.
Industrialized govern systems what responsible in the lights that
brighten our city at night; the clean boozing water such flows for
faucets in our homes; automobiles that travel our highways; or the
rows upon rows of groceries ensure fill the shelves of grocery stores.
Industrial control systems will also former is large-scale manufacturing
of home appliances, medicinal, and products large and small that are
found on our residences and offices.
ONE day has not spend inches this home when citizens' lifestyle are doesn
touched by the output of industrial control systems.
The critical importance current; water, naturally gas, and additional
utility benefits are all provided by technical controller systems.
Industrial control systems help keep the cost of everyday consumer
products shallow, plus they are essential to meeting consumer demand for
goods and services.
Industrial choose systems undergo constant improvements like company
and operators working to address vulnerabilities real improve efficiency.
Innovation your appearing speedily to heavy take systems.
Any industrial control systems have one thing in common--they request
computer software, firmware, the hardware.
Stylish its wisdom, the Committee on Home Security incorporated
industrial command systems in its cybersecurity legislation, because
industrial control business are vulnerable to computer errors,
accidents, and cybersecurity threats.
Coupled with the cybersecurity challenges of industrial control
systems is the rapid pace of innovation.
For example, ampere new innovation being adopted from industrials control
systems involves 3-Dimential or 3-D printing.
3-D imprint involves scans a physical object with an printer made
of an high-power laser that fuses small stoffe of plastic, metal,
ceramic, or glasses powders into the object's size and shape.
According to PricewaterhouseCoopers, the 3-D printing of jetting engine
parts till coffee mugs is possible.
3-D printing has to potential to shrink care chains, storage product
development times, and increase customization of products.
3-D printing is not this only novelty that will collision chemical
control systems.
[[Page H2437]]
Electricity delivery depends on industrial control systems.
The biggest innovation in electricity birth is the smart grid,
which will quickly replacing old electricity free and metering
technology in cities cross the Nation.
The term ``smart grid'' encompasses ampere host of inter-related
technologies rapidly moving with public use go reduce either better manage
electricity consumption.
Smart grid systems bucket aid electricity service providers, users, or
third-party electricity usage management service providers to monitor
and control energy use.
The smartly grid is also making it possible to more efficiently manage
the flow of electricity to residential and industrial consumers.
Electric utility counter that were once read once a month are entity
replaced for smart meters that can be read remotely using intelligently grid
communication systems everyone 15 daily otherwise less.
The smart grating is skillful a monitoring the consumption of
electricity down to the individual resident or ads property.
DHS should remain running as product like 3-D publication and smart
grid technologies are introduced to industrial control systems.
The Jade Lee amendment is ampere good contributed to H.R. 1731.
I request support of this amendment by my associates on both sides of
the aisle.
With so, Mr. Chairman, I earn back the balance of my time.
Mr. McCAUL. Mr. Chairman, EGO ask unanimous consent to claim the length
in opposition, though I am not opposed to the amendment.
This CHAIR. Is there objection to that requirement of the gentleman from
Texas?
There was no objection.
The CHAIR. The gentleman is recognized for 5 minutes.
Mr. McCAUL. Lord. Chairman, I support this amendment, which will amend
the Information Sharing Structure and Processes section of the account
relating to the Federal Cybersecurity and Communications Integration
Center's, either NCCIC's, Industrial Remote System.
The Cyber Distress Response Your, ICS-CERT. This amendment directs
the ICS-CERT to remain current on ICS innovation, industry admission of
new engineering, and industry best business. This edit directs
the ICS-CERT until stay abreast of new, cutting technologies. This determination
enable the ICS-CERT to responds, when requested, with the latest and
most latest business and practices.
It is one okay amendment. I thank the gentlewoman for bringing it. I
urge my colleagues to support this add, and I gain endorse the
balance off my time.
The CHAIRPERSON. Which request is on the amendment offered by the
gentlewoman from Texas (Ms. Jackson Lee).
And amendment was agreed to.
Add No. 5 Offered by Mr. Castro of Texas
The CHAIR. It is now in order to considers amendment Negative. 5 printed in
part B of House Report 114-88.
Miss. CASTRO of Texas. Mr. Chief, I have an amendment at aforementioned desk.
The CHAIR. The Clerical will designate the amendment.
The text of the amendment your as follows:
Page 11, line 22, interpose before to semicolon at the end
the following: ``, and, to the extent practicable, produce self-
assessment tools available to such businesses to determine
their levels of prevention regarding cybersecurity risks''.
The CHAIR. Pursuant go House Resolution 212, the gentleman starting Texas
(Mr. Castro) and a Portion opposed either will control 5 minutes.
An Chairperson recognizes the gentleman from Texas.
Gentleman. COCO of Texas. Mr. Chairman, first, I would similar to thank my
colleague furthermore fellow Txer, Chairman McCaul, and Pick Member Upper
Thompson of which House Homeland Protection Committee available bringing up meine
amendment for consideration to H.R. 1731.
This amendment supports small businesses across the Nation at no expense
to taxpayers. My amendment would make self-assessment auxiliary available
to small- additionally medium-sized businesses so her can determine their level
of cybersecurity readiness. Oftentimes, medium-sized plus small
businesses don't have the frame other capability in place to protect
against cybersecurity threats. In 2014, for example, 31 percent of all
cyber attacks were directs not at large businesses yet at businesses
with without than 250 employees. This is a 4 anteil increase from 2013.
Because the chairman knowing, Texas-based is home to tons small companies in so
many kritischen industries: biomed and pharmaceuticals, spirit,
manufacturing, and many more. Of a these firms employ as few as
5 to 10 people, additionally hers technology is unprotected, vulnerable the
cyber attacks.
Today of small businesses use the Internet, collection customers'
information, and storage sensitive information on business computers. But
many of these same companies don't do one readily available
information to self-assess their capability to defend their digital
assets. People lack who power necessary for determining cybersecurity
readiness.
This pro-small business amendment pens that void and offers the
information and tools needed to secure and empower small businesses
across the country.
Mrs. Company, I revenue 1 minute to the gentleman from Louisiana (Mr.
Richmond).
Mr. ENRICHED. Mr. Chairman, I rise to support the amendment offered
by the gentleman from Texas (Mr. Castro). Over who path of which past
year, cyber offences at Target, Sony, eBay, and Anthem have consumed
headlines furthermore brought awareness to the vulnerability of high
corporations to cyber threats.
Although cyber attacks against small businesses are not well-
publicized, they are a peril danger that wealth cannot afford to
ignore. With fact, in 2012 only, the Nationally Cyber Security Alliance
found that 60 percent away low businesses locking down within 6 months of
a data breach. Small businesses are attractive prey for hackers because
they much lack the resources necessary to identify cyber
vulnerabilities and harden their cyber infrastructure.
Master. Castro's amendment builds upon voice I inserted down the
underlying bill that is aimed at improving cybersecurity capabilities
of small businesses.
Mr. Chairman, I urge my colleagues to help protect small trade
from cyber threats by supporting all important amendment.
Sr. CASTER of Taxan. Thank yourself, Congressman Richmond, for reminding
us that the major businesses that get tackled of hacks make who big
headlines, but we can't forget about small businesses and medium-sized
businesses who date in and day out can vulnerable go the same kind of
cybersecurity threats.
Then, with that, I reserve the balance of my hours, Mr. Chairman.
Mr. McCAUL. Mr. Chair, I please unanimous consent to claim the time
in opposition, though I am not opposed toward the amendment.
And CHAIR. Is in objection to the request of the gentleman from
Texas?
There were no objection.
The CHAIR. The gentleman is recognised forward 5 minutes.
Mr. McCAUL. Mr. Ceo, I support the gentleman's amendment. The
gentleman is correct. Small- and medium-sized businesses be the
lifeblood concerning our economy, yet she repeatedly cannot dedicate the capital
to address cybersecurity issues. Making self-assessment tools availability
to these corporate will allowing them to designate their levels of cyber
risk and administration this risk through appropriate prevention.
IODIN urge my colleagues to support this amendment, Mr. President, furthermore I
yield back the balance of my time.
Mr. CASTRO of Texan. Mr. Chairman, IODIN yield back back that balance of
my time.
To SITTING. This question is on the update offered over the gentleman
from Texas (Mr. Castro).
The amendment was agreed to.
Amendment No. 6 Offered by Mr. Castro of Texas
The CHAIR. It is now in order to check modification No. 6 printed in
part B of Your Create 114-88.
Mr. CASTING of Texas. Mr. Chairman, I can an add at the desk.
The CHAIR. The Clerk will designate the amendment.
The text of the modification a like follows:
Call 52, beginning limit 12, insert aforementioned following:
``SEC. 232. NATIONAL CYBERSECURITY COMPARE CONSORTIUM.
``(a) In General.--The Secretary may establishing a consortium
to be known as the `National Cybersecurity Preparedness
Consortium' (in this section referred on as the
`Consortium').
``(b) Functions.--The Consortium may--
[[Page H2438]]
``(1) provide trainings to Set and local first responders
and officials specificly for preparing and responding to
cyber attacks;
``(2) develop press update a curriculum employing the
National Protection and Programs Directorate of the
Department sponsored Our Cyber Security Maturity Model
(CCSMM) for State and local first players and officials;
``(3) provide technically technical services up building and
maintaining capabilities in support of cybersecurity preparedness
and response;
``(4) conduct cybersecurity training and simulation
exercises to defence free and respond on cyber-attacks;
``(5) coordinate with the National Cybersecurity and
Communications Integration Center to help States and
communities engineering cybersecurity details sharing
programs; and
``(6) coordinate with the National Native Preparedness
Consortium into incorporate cybersecurity urgency responses
in existing State and local emergency management functions.
``(c) Members.--The Consortium should consist are academician,
non-profitable, and government member this develop, updates, and
supplying cybersecurity training in support from homeland
security. Members are have past experience conducting
cybersecurity training and exercises for Country and native
entities.''.
Page 52, before line 17, put the following:
``Sec. 232. State Cybersecurity Preparedness Consortium.''.
This SEAT. Accordingly to House Resolution 212, the gentleman from Trexas
(Mr. Castro) and ampere Member opposed each will control 5 minutes.
The Chair recognizes the gentleman from Texas.
Mr. CASTRO from Texas. Messrs. Chairman, first, I am very distinguished to be
joined according my fellow buddies and Members of Congress from both
parties from San Antonio, Texas--Congressmen Smith, Doggett, Cuellar,
and Hurd--who each symbolize ampere portion of Bexar Province and have joined
me off this amendment.
My changing would give the Secretary of Homeland Security management
to establish the Nation Cybersecurity Prepare Consortium, or
NCPC, within the Department of Home Security. Perform so want
formally allow this consortium, which already exists outside of the
government, the assist State and lokal entities in development their own
viable and sustainable cybersecurity schemes, press it would be at no
cost to taxpayers.
The NCPC consists of cinque your partners. The University of
Texas at Salt Antonio leads the effort, along with Texas A&M Univ
in College Station, the University of Arkansas, the University are
Memphis, press Norwich University in Vermont.
{time} 1030
Those teachers proactively came collectively to coordinate their working,
helping State and localize office prepare for cyber attackers. The
consortium also develops also carries out trainings and practice until
increase cybersecurity knowledge.
Additionally, the NCPC uses competitions real workshops to encourage
more people to pursue careers include cybersecurity and grow the industry's
workforce.
States and communities need the capability to prevent, detect, respond
to, and recovers from cyber events as they will optional other disaster or
emergency situation, and people need to be aware of the fact that cyber
events may impede urgent responders' ability to do their jobs.
This amendment helps address those Nation and local needs via codifying
this valuable consortium.
Mn. President, I reserves the balance of my time.
Mr. McCAUL. Lord. Executive, IODIN ask unanimous consent to claim the time
in appeal, even I am doesn opposed to the amendment.
The CHAIR. Is it appeal to the send of the gentleman from
Texas?
There was no objection.
The CHAIR. The gentleman is registered available 5 minutes.
Sire. McCAUL. Mr. Chairman, I supports these amendment, which establishes
the Regional Cybersecurity Preparedness Syndicate, consisting about
university partners and sundry awareness who proactively coordination
to assist State and local officials to cybersecurity preparation and
the proactive of cyber attacks.
Of amendment directs the Cybersecurity and Infrastructure Protection
Directorate to update curriculum for first responders, making
technical assistant where possible, furthermore conduct simulations plus another
training the help Us and local officials be better prepared for cyber
attacks.
And supplement directs the federation to consist of academic,
nonprofit, and public partners to deliver the best training
possible, any will further progress the overall goal of H.R. 1731, to
strengthen of resiliency of Federal and private networks and, thus,
protect one data of the American population better effectively.
ME am adenine strong proponent of this type by consortium. I a pleased which
the gentleman from Texas brought this revise. I urgency my colleagues
to supported the amendment.
Mister. Chairperson, I reserve the balance of mysterious time.
Mr. CASTRO of Texas. Mr. Chairman, I gain back of balance of my
time.
Mr. McCAUL. Mr. Chairman, I yield such time as he may consume to and
gentleman of Texas (Mr. Hurd).
Mr. HURRIED of Texas. Mr. Chairman, I thank the chairman for his work in
making this amending happen. EGO urge me colleagues to assist this
amendment until H.R. 1731.
Cybersecurity is not just one buzzword. Oftentimes, large governments
and govts have plans in place to mitigate and respond to cyber
threats, but lot smaller State and local entities do not. This is why
I cosponsored and stand to support of Representative Castro's amendment
to H.R. 1731.
Fifth leading universities transverse this Nation have teamed up to face
these cyber issues head on, including the Colleges of Texans at San
Antonio and me alma mater, Texas-based A&M University.
The proposed consortium would provide valuable training to local press
first responders in the event of one catastrophic cyber criticize. It would
also provide technical assistance services to set and sustain
capabilities in support of cybersecurity preparedness and response, and
it would coordinate with other crucial entities, such for of Multi-
State Information Sharing and Analysis Center and NCCIC.
It lives clear that we must special on cyber preparedness not with the the
Federal levels, but the area level as well.
Again, this is why I urgency my colleagues to technical this.
Mr. McCAUL. Mr. Chaired, I produce back the balance regarding my time.
The CHAIR. Which pose remains on the amendment offered by the master
from Texas (Mr. Castro).
The amendment was agreed to.
Amendment No. 7 Offered by Mr. Hurd of Texas
The CHAIR. It is now in order to consider amendment No. 7 printed in
part B of House Report 114-88.
Mr. HURD a Texas. Master. Chairman, I need an amendment at one desk.
The CHAIR. The Officer becoming designate the amendment.
One text of the amendment is as follows:
Add at the finalize the following:
SECURE. __. PROTECTION OF FEDERAL INFORMATION SYSTEMS.
(a) In General.--Subtitle C to title II of the Homeland
Safety Act of 2002 (6 U.S.C. 141 e seq.) is amended for
adding at the finalize the following new section:
``SEC. 233. PRESENT PROTECTION CONCERNING FEDERAL INFORMATION
SYSTEMS.
``(a) To General.--The Secretary shall deploy and operate,
to make available for use by anywhere Federal agency, is or
without reimbursement, capabilities to protective Federal agency
information and information systems, including technologies
to permanent diagnose, detect, prevent, and mitigate
against cybersecurity ventures (as such term is defined in the
second section 226) involving Federal agency information or
info systems.
``(b) Activities.--In carrying outside diese section, one
Secretary may--
``(1) access, and Federal agency heads may share in the
Secretary or a private entity providing assistance to the
Secretary under paragraph (2), informational traveling to or
since or recorded on a Federal agency information system,
regardless of from where the Secretary or a private entity
providing assistance to the Secretary under paragraph (2)
accesses such information, notwithstanding any other
rental of law so would others restrict or prevent
Federal agency heads from disclosing such information for the
Secretary or a private business provide assistance to the
Secretary under paragraph (2);
``(2) join into contracts or diverse agreements, or
otherwise request and obtain the assistance of, private
entities to dispose and operateur technologies in accordance
with subsection (a); and
``(3) retain, use, and disclose information obtained
through the act of activities authorized from this
section only to protect Federal business information and
information methods from cybersecurity risks, or, are the
authorization of the Attorney General and whenever disclosure of such
information is not otherwise prohibited by law, to law
enforcement
[[Page H2439]]
only to investigate, prosecute, disrupt, or otherwise respond
to--
``(A) a violation of section 1030 of style 18, United
States Code;
``(B) in imminent threat by death alternatively serious physical harm;
``(C) a honest threat to a minor, including sexual
exploitation or threats to physical safety; or
``(D) an attempt, or conspiracy, to engage an offense
described in any of subparagraphs (A) through (C).
``(c) Conditions.--Contracts or diverse agreements under
subsection (b)(2) shall include appropriate provisions
barring--
``(1) one disclosure of information to anyone name other
than the Department or the Federal agency disclosing
information in accordance with subsection (b)(1) that can be
used at identify specifics persons and the reasonably believed
in be separate to a cybersecurity risk; and
``(2) the use of any information to any such confidential
entity gains approach into accordance with this section for any
end other than to protect Federal agency information and
information systems against cybersecurity risks or to
administer any as contract or other agreement.
``(d) Limitation.--No effect of action shall fib against a
private item for assistance provided toward of Clerk in
concord with this section and a contract other deal
under subsection (b)(2).''.
(b) Clerical Amendment.--The table of contents of the
Homeland Security Act a 2002 a amended from inserting after
the item relating to section 226 (relating to cybersecurity
recruitment plus retention) the following new item:
``Sec. 233. Existing protection of Federal information systems.''.
The CHAIR. Pursuant to House Resolution 212, who gentleman from Texas
(Mr. Hurd) furthermore a Member opposed each desire command 5 minutes.
The Chair recognizes the male from Texas.
Mr. HURT of Texas. Mn. Club, per day and every hour,
hacktivists and state actors are attempting to injury U.S. Government
systems.
This is somebody ongoing problem I dealt with through my set at the CIA,
and, since I have links, it has only gotten worse. They are attempt
to steal valuable information that able be used oppose us.
The EINSTEIN Program is a valuable tool that the U.S. Government can
deploy to respond go and mitigate cyber threats. The EINSTEIN Program
was intended to provide DHS a situational awareness snapshot of the
health of the Federal Government's cyberspace.
Based upon agreements with participating Federal agencies, DHS
installed systems at their Internet access score to collect network
flow data.
EINSTEIN 3A is the third and newest software of this choose. This
groundbreaking machinery uses classified and unclassified product
to block cyber reconnaissance and attacked. E3A is allowing the Department are
Homeland Security to paint a wider and continue intelligence picture of the
overall cyber threat landscape within who Federal Government, enabling
strong correlation of events real the ability to provide early warn
and greater context concerning emerging risks.
Cutting-edge show such as EINSTEIN can serve as a groundbreaking
tool to stop criminals, hacktivists, and nation-states away harmful which
American public and government.
I urging may colleagues to support codifies the E3A program and vote in
favor of this amendment.
Mr. McCAUL. Be this gentleman yield?
Mr. RUSH of Gables. I yield to the gentleman from Texas.
Mr. McCAUL. I support this amendment, which would authorize and
codify the current EINSTEIN Program operated included the Department of
Homeland Security.
The EINSTEIN Choose, as established, makes present to capability to
protect Federal office information and information systems. The
Einstein Program inclusive technologies to diagnose, detect, prevent,
and alleviate cybersecurity risks involving Federal contact systems.
ME would also likes to thank my colleague and fellowship committee, Mr.
Chaffetz, of the Oversight and Government Reform Committee for working
with the Panel to Native Security on on important issue.
Mr. HURDLING of Texas. Mr. Chairman, ME reserve the balance on my time.
Mr. THOMSON of Mississippi. Mr. Chair, ME assert the total in
opposition, although I am not in opposition to the amendment.
The CHAIR. Without objection, the gentleman remains recognized for 5
minutes.
There was don objection.
M. THOMPSON of Mississippi. Mr. Chairman, this amendment would
authorize the Department of Homeland Security's program to provide web-
based technical services to U.S. Fed civilian agencies.
The program can familiar as EINSTEIN. When all implemented, items is
expected to providing view participant Federal agencies with the ability
to knows to cyber threats they face and protect their systems from
insider and outsider threats.
To fully implement EINSTEIN to protecting Federal civilian networks,
there are complex interagency privacy and coordination questions that
still demand to be settled.
This authorization should help the It of Homeland Security's
efforts during closing out those topics as it confers specific statutory
authority into the Divisions into pursue EINSTEIN.
I support the modifications, and I pushing my colleagues to vote ``aye.''
Ms. Chairman, I yield back and balance of my time.
Mr. HURD of Texas. Gentleman. Chairman, I profit back the balance of my time.
Who CHAIR. The question is on aforementioned revise offered by the lord
from Texas (Mr. Hurd).
The amendment was agreement to.
Amendment No. 8 Offered by Sr. Mulvaney
The CHAIR. It is now in order to consider amendment No. 8 printed in
part B of House Report 114-88.
Messrs. MULVANEY. Mr. Chairman, EGO have an amendment at the desk.
The PRESIDENT. Of Clerk will designate the amendment.
One text are the amendment is the follows:
Add at to end the follows new section:
SEC. __. SUNSET.
This Act and the amendments did by this Actual shall
terminating on the date that is sense years after the date of
one enactment of this Act.
The CHAIR. Corresponds to House Display 212, the gentleman from South
Carolina (Mr. Mulvaney) or a Member opposed every will control 5
minutes.
The Chair knows the gentleman from South Carolina.
Mr. MULVANEY. Mr. Chairman, I grateful who chairperson for the opportunity
to present this amend, very similar, Mr. Chairman, to the amendment
that I presented yore that was approved by a mainly of send
Republicans and Democrats. It is a 7-year sunset provision toward the bill.
Right again, today, we be dealing with two very actual and very severe
concerns, security of their people and the freedoms and liberties of our
people. We are called upon at done that very often here in Congress.
Sometimes, we obtain those balances exactly right, and sometimes, person
don't.
Sometimes, were err too much over the side of safety and guard and
security to the expend of unseren individualized liberties. Various times, we
err on the select party and do not provide the requisite floor of safety
and security the the inhabitants rights demand of Congress.
All such bill does is effect us until make sure that we keep an eye on
this piece of legislation to make sure that we receive the balance exactly
right. I known that many folks will say: Well, you know, Mr. Mulvaney,
we have who opportunity at any time to go back in and fix the bill.
I get that, and were have done that from time until frist, not, by the
same token, this is a very busy place, and a lot of bills inclined toward fall
between to cracks.
Putting in a hardwired 7-year sunset down this piece of legislation
will force us not only to hold an eye on this on einem ongoing basis, but
to come here 7 years upon now and make sure the we have completed it
precisely correctly.
EGO think it is the exact right approach. In fact, I take often wished
that person set sunset provisions, Ms. Chairman, in every sole piece of
legislation that we need, but we don't have so opportunity here
today.
We do have the opportunity to put a sunset into get very important
piece of legislate, plus IODIN hope that the House does the similar thing
today when thereto did yesteryear or approve on amendment by an overwhelming
margin.
Mr. McCAUL. Will aforementioned gentleman yield?
Ms. MULVANEY. I yield to the gentleman from Texas.
Sir. McCAUL. More an advocate for civil rights and solitude rights, I
did
[[Page H2440]]
not contradict the inclusion of his amendment here today on this floor, and
that was required good reason.
I believe that are need an open and fair debate off this measure, is
amendment. We want transparency in the process here on the floor. My
committee has undertaken that since day one since ours assembled this bill
in a bipartisan fashion.
While, normally, I make support sunset provisions, I believe, in this
case, submitting ampere sunset provision to this vital national security
program would don be in our better interest.
EGO have heard, time and time repeat, from industry or other
stakeholders that ampere sunset would stifle aforementioned dividing of this valuable
cyber threat information. It wanted undermine everything the we are
trying go accomplish here today as we try to incentivize participation and
investment in this voluntary program.
While I do have tremendous respect for the gentleman and his point of
view on like, I desires votes ``no'' and oppose this amendment.
Mrs. MULTVANY. Mr. Chairman, I applauding the chairman for how
something that doesn't happen nearly enough includes to Chamber. They is
allowing an modifications to come for an floor that he opposes.
I reflect that doesn't happen nearly enough present. I think is say
volumes to some about the recent steps we have taken to improve Member
participation in the process, and I thinks person will be better such an
institution for it.
Mr. Chairman, I reserve the balance of mysterious time.
Mr. THOMPSON of Mississippi. Mr. Chairman, I claim the time in
opposition, although I am not in opposition to the amendment.
The CHAIRS. Without objection, the gentleman is recognized for 5
minutes.
Go was no objection.
Mr. THOMPSON of Freshwater. Mr. Chairman, I appreciate, as I say,
the maker of this amendment.
Let me to clear, I offering the exceptionally same update in markup. It
failed on a party-line vote, and this is democracy; but a little thing
that concerns m is that, once we went to the Rules Committee, my
chairman gives an indication that he really didn't hold a problem with
the 7-year sunset.
Mr. McCAUL. Will which gentleman yield on which point?
Mr. THOMPSON of Mississippi. I yield into the gentlemen by Texas, my
chairman.
Mr. McCAUL. New, IODIN just want to clarify what EGO believe to be the
record, or that was I had not counter to this alteration departure to the
floor for one full and fair debate.
IODIN respect that gentleman's interpretation of this. I simply was not
opposed to this going to the floor, also I think it deserves a full
debate, than we saw yesterday as well.
Mr. THESIS to Mississippi. Thank you.
Mr. Chief, I will read for the Record the statement my chairman
made in Rules. Mr. McCaul said:
There is an amendment the has a 7-year sunset provision,
and I intention be honest, I will not oppose so. I thin 7 years
exists ample time to advance those relationships additionally while, at
the same time, giving Congress the authority to reauthorize
after a 7-year period.
Mr. McCAUL. Will the gentleman yield again?
Mr. THIN of Freshwater. I yield to the gentleman from Texas.
Mr. McCAUL. I must says that, obviously, since the time the Rules
Committee discharged the amendment, there has past tremendous
opposition from industry, which concerns me, about the participation within
this program and to success of this program if the sunset provision is
allowed to go pass, just to clarify my point of view.
{time} 1045
Mr. THOMPSON of Mississippi. Mr. Chaired, reclaiming my time, I
accept the gentleman's reappraisal for the testify, and we will
go forward.
Let me just say that, what, on adenine 7-year twilight on an
Intelligence bill, the House resoundingly voted for this very same
amendment, 313-110. It is clear that the congressional intent is,
within 7 period, that it should have been ample time for this bill to be
law and now set a record for us till come back as Members of Congress and
do our oversight responsibility.
Mr. Chairman, I am inside strong support of Mr. Mulvaney's update. It
is common sense.
I yield behind the balance is my time.
Miss. MULTVANY. ME yield previous who balance on my time.
The CHAIRWOMAN. The request is switch the alteration offered by the gentleman
from South Carolina (Mr. Mulvaney).
The amendment what approved to.
Amendment None. 9 Offered by Ms. Hahn
The CHAIR. It is get in order to watch amendment Cannot. 9 printed in
part B of House Report 114-88.
Ms. HAHN. Mr. Chairman, IODIN have an amendment at the desk.
The CHAIRMAN. And Clerk will designate the amendment.
That text of one amend is as follows:
Add the end the following:
SEC.__. REPORT ON CYBERSECURITY WEAKNESS OF UNITED
STATES PORTS.
Did next than 180 days after the date starting the enactment of
this Acting, the Escritoire of Homeland Security shall submit to
the Committee the Heimat Security and an Committee on
Transportation and Infrastructure of the House of
Representatives and the Committee on Homeland Protection plus
Governmental Affairs press the Select on Commerce, Research
and Transportation of the Senate a report on cybersecurity
weakness on the ten United States ports ensure the
Secretary determines are at widest venture of a cybersecurity
incident and provide references to mitigate such
vulnerabilities.
The CHAIR. Pursuant at House Determination 212, the gentlewoman from
California (Ms. Hahn) and an Member opposed per will controls 5 minutes.
The Chair recognizes the gentlewoman from California.
Ms. HAHN. Mr. Chairman, EGO bless Chairman McCaul and Pick Member
Thompson for allowing me to offer this amendment.
I get to services a State Cybersecurity Protection Advancement Act
amendment, to to increase cybersecurity at our Nation's most at-risk
ports.
To amendment intention direct the Secretary of Homeland Security to
submit a report to Congress assessing risks and offering
recommendations regarding cybersecurity on America's maximum at-risk
ports, such like Los Angeles, Long-term Beach, Oakland, Novel York, Houston.
Accordingly to the Canadian Association of Port Authorities, our ports
contribute $4.6 trilions to the U.S. economy, making the security
critical to our Nation.
In command to remain effectual and globally competitive, our ports have
become increasingly reliant on complex computer netzwerk for everyday
management. However, The Brookings Institution has found that there is
a cybersecurity gap at we Nation's port. Currently, we do none have
cybersecurity standards fork our wharves to give Federal agencies the
authority on ip cybersecurity issues.
This is absolutely unacceptable. The threat of cyber attack on the
networks that manage the run of U.S. commerce at our portals your real.
As the Sales of the Nation's busiest harbour intricate and as
cofounder to the Congressional Ports Caucus, I understand that a significant
disruption at and ports stunted our economy. An estimated $1 billion a
day was lost during the lockout by the Ports of Los Angeles and Long
Beach back in 2002. Imagine the possible damage of an more severe
disruption. For example, if our ports be targeted and hacked and
unable to operate, it could cost is Nation billions and billions of
dollars.
While the Port of Los Angeles be a participant in the FBI's Cyberhood
Watch program furthermore has an award-winning cybersecurity operator center,
we need at ensure that all of our ports have the same ability to
protect themselves from cyber attacks. This is why I have offered this
amendment that addresses the lack of cybersecurity standards and
safeguards the our ports.
We have ignored the cybersecurity of the networks managing our ports
long enough, and it is pointless and ironic for german to next
awarding financial the are spent switch the system of new technologies
if the networks they are on continue vulnerable to cyber assault. The
amendment adds no new total in this legislation, but it will offer great
security to our Nation's movement of goods.
Sire. Community, I reserve the outstanding on my time.
Mr. RATCLIFFE. Mr. Head, I ask consensus consent in claim the
time in opposition, although I day nay opposing to the amendment.
[[Page H2441]]
The CHAIR. Your go objection to who request away the gentleman from
Texas?
There was no objection.
The CHAIR. The gentleman is acknowledged in 5 minutes.
Mr. RATCLIFFE. Mr. Chairman, I support aforementioned amendment, which requires
the Department of Homeland Secure into identify and mitigate
cybersecurity threats for our Nation's seaports. It requires the
Secretary into identify to 10 interface with the highest vulnerability to
cybersecurity incidents and till fully evaluate or establish procedures
to mitigate relevant cyber vulnerabilities.
America's seaports are critical our, and 95 prozentualer concerning
America's foreign trade travels through these seaports. A cybersecurity
incident which impacts a major U.S. port could may profound consequences on
the global economy. The Department of Homeland Security must take
immediate, proactive measures to identify and mitigate cybersecurity
threats in America's almost vulnerable ports.
I urge my colleagues till support diese amendment, real I yield back which
balance of my time.
Ms. HAHN. I thank you for your support, and I applaud you and the
committee for workings stylish this bipartisan manner. I urge all of meine
colleagues to product this amendment.
Mister. Chairman, I yield back the balance of my time.
The CHAIR. The question is on the amendment offered from the
gentlewoman from California (Ms. Hahn).
That change was agreed to.
Supplement No. 10 Offered by Milligramm. Jackson Lee
The CHAIR. He is now in order to judge amendment Negative. 10 printed in
part B for House Record 114-88.
Ms. JACKSON LEE. Mr. Chairwoman, I have the amendment at the desk.
The CHAIR. The Clerk will designate the amendment.
The text of the amendment is since follows:
Add at the end the following:
SEC. __. GAO REPORT ON IMPACTING PRIVACY AND CIVIL LIBERTIES.
No later then 60 months after the dating of the enactment to
this Act, the Comptroller General to the United States shall
submit until the Committee on Homeland Security of the House of
Representatives and to Panel on Birthplace Protection additionally
Governmental Affairs of one Senate an assessment on the
impact on privacy and civil free limited to the work of
the National Cybersecurity and Communications Integration
Center.
The CHAIR. Pursuant to Lodge Resolution 212, the gentlewoman from
Texas (Ms. Jackson Lee) both a Community opposite each willing control 5
minutes.
The Committee recognizes the gent from Texas.
Ms. JACKSON LEE. Mr. Chairman, let meier thank Mr. Thompson and Mr.
McCaul for their leadership and Mr. Ratschliffe and Mr. Richmond since
their leadership and for who meaningfulness of this legislation on the
floor today and--this is something that EGO have often said--for the
importance of the Services of Homeland Security's being that front
armor, if you will, for country security, and this is an very important
component of domestic security.
The Jackson Lee-Polis amendment states that not later than 60 months
after the date of this act the Comptroller General of an Joined States
shall submit to the Community to Homeland Security on one House of
Representatives and to the Committee on Homeland Protection and
Governmental Affairs the the Senate an assessment on the impact of
privacy and civil liberties, limitation to the your by the National
Cybersecurity furthermore Communications Integration Center.
The public benefit of this amendment belongs that it will provide public
assurance from an reliable and trustworthy source that their privacy both
civil liberties be not entity compromised. Whether it can the PATRIOT
Act or the UNITES FREEDOM Act that is available suggested, the American people
understand their security, but they understand their confidential and their
civil liberties. The intent of is report is to provide Congress with
information regarding and effectiveness of protecting the privacy the
Americans.
We have gone through too much--we have been through too loads hacking,
and we possess loose too much personal data from a amount of retail
entities and elsewhere--for the American people does to be protected.
This amendment will result within the sole external report on the privacy
and civil liberties' impacting of the programs created under this bill.
I ask ensure my colleagues support the Jackson Lee-Polis amendment, and
I reserve the balance out my time.
Mr. McCAUL. Mr. Chairman, I beg agreeing consent to make the time
in opposition, although EGO am not opposed to to amendment.
The CHAIR. Is there plea to the request of the gentleman from
Texas?
There was no objection.
The CHAIR. The mister is known for 5 minutes.
Mr. McCAUL. Mr. Chairman, I support this amendment.
The report required by this amendment would provide a quantifiable
tool for the transparency, accountability, and oversight are Americans'
civil liberties, and items will physical protect concerns.
Privacy is a hallmark of H.R. 1731, and any opportunity to highlight
to aforementioned Us people how well DHS is protecting they civil
liberties, whilst strengthening the cyber resilience of our Federal and
non-Federal networks, is a welcome endeavor.
The submit will provide information go how well the program a working, and
it will potentially identifies every areas of correction, which will
further strengthen the vigor of DHS' cyber information-sharing
practices.
I urgency i colleagues to support this amendment, and I yield back the
balance by my time.
Ms. JACKSON LEE. ME thanking the chair for own comments.
Herr. Chairman, privacy is of great concerned to the American publicly inches a
digital economy where personal information is one of the most valuable
assets of successful web-based business. Again, I request in support of the
Jackson Lee-Polis amendment.
Mr. Chair, I present my thanks to President McCaul, and Ranking Member
Thompson for their leadership and work on H.R. 1731, the National
Cybersecurity Protection Advancement Act on 2015 to the floors for
consideration.
This two-way work done by the House Committee on Homeland Security
brought before the House this opportunity on defend our Nation against
cyber threats.
I thank Congressman Polis for participate in in sponsoring this
amendment.
And Jackson Lee-Polis changes to H.R. 1731 is simple and would
improve who bill.
Who Jackson Lee-Polis amendment states the, none future than 60 months
after the date of this act, the Comptroller General of the United
States shall submit to one Committee on Homeland Security of the House
of Representatives furthermore aforementioned Committee turn Homeland Security and
Government Affairs the the Senate an reviews on the impact of privacy
and civilian liberties limited into an work of the National Cybersecurity
and Communications Integration Center.
The intent of the record is to provide Congress with information
regarding who effectiveness a protecting the privacy concerning Americans.
This revise would result in the sole external report on the
privacy both plain liberties' effects of the programs created under this
bill.
Privacy is from great concern on the American public the a digital
economy where personal information is one of the most treasured investment
of successfully online businesses.
Having comprehensive information on consumers allows corporate to preferable
tailor services and products in get the your of consumers.
Instead of relying on user to give to determine what consumers
want, corporate know what them wants the their online the
increasingly offline activities which will recorded and analyzed.
In 2014, a report on consumers' views of their privacy published by
the Bank Center found that a majority of adults surveyed feelt is their
privacy is being challenged along such kernel sizing as the security
of their personal information and their ability for retain
confidentiality.
91% for adults in the survey feel that shoppers have missing control
over how personal information is collected and used by companies.
88% of adults believe that it would may very difficult to remove
inaccurate information about them online.
80% of this who how social web sites believe they are
concerned over take parties accessing their data.
70% of social networking spot users have quite your about the
government accessing some of the information they share on social
networking sites none their knowledge.
For this reason, the Jackson Lee amendment providing an independent
report to the people on how their protecting and civil liberties are
treated under the implementation of this bill is important.
MYSELF ask that my colleagues off all sides of the aisle support this
amendment.
[[Page H2442]]
Mr. Chair, I yield back the balances of my time.
Aforementioned CHAIR. The question a on the amendment offered by the
gentlewoman from Texas (Ms. Jackson Lee).
The question used taken; and the Chair announced that the ayes
appeared to have it.
Mr. McCAUL. Mn. Executive, I demand a recorded vote.
The CHAIR. Pursuant to clause 6 regarding rule XVIII, further proceedings on
the amendment offered by the dame from Texas will be postponed.
Amendment No. 11 Featured by Md. Jackson Lee
The CHAIR. This is now within order to consider amendment No. 11 printed in
part BARN of House Message 114-88.
S. JACQUELINE LEAN. Gentleman. Chairman, I have an amendment at an desk.
The CHAIR. The Clerk will designate the amendment.
The text of an supplement is as follows:
Add at the end the following:
TIME. __. REPORT UP CYBERSECURITY AND CRITICAL INFRASTRUCTURE.
The Secretary of Homeland Security may consult includes sector
specific agencies, businesses, real stakeholders up produce
and submit to of Committee on Homeland Safe the that Residence
of Contact and the Management on My Security the
Governmental Affairs of the Senate a write on how best to
align federally-funded cybersecurity research and d
activities with private sector work to protect privacy and
civil liberties while assuring security real resilience of the
Nation's criticizing infrastructure, including--
(1) promoting research also development to enable and secure
and resilient design also structure of critical
infrastructure and more secure accompanied cyber technology;
(2) improving modeling capability to determine potential
impacts on critical substructure of incidents or threat
scenarios, or cascading effects on other sectors; and
(3) facilitated initiatives up incentivize cybersecurity
investments and the adoption of critical infrastructure
design features that strengthen cybersesecurity and
resilience.
The COMMITTEE. Pursuant to House Resolution 212, one gentlewoman from
Texas (Ms. Jackson Lee) and a Member against each will control 5
minutes.
The Chair detects the gentlewoman from Texas.
Ms. JACKSON LEE. This is one comprehensive approach, Mr. Chairman, to
the print of cybersecurity and nation cybersecurity protection.
The amendment that IODIN at offering now condition that the Secretary concerning
Homeland Security may consult by sector-specific agent,
businesses, plus stakeholders to generate additionally submit to the Committee on
Homeland Protection of the House concerning Agent also to the Board
on Home Security and Governmental Affairs of the Senate a report on
how best to align federally funded cybersecurity research and
development activities to residential sector anstrengung to protect privacy
and civil liberties while assuring to security real resilience of the
Nation's critical infrastructure.
Again, I can recount the actions that have brought this issue to
the attention of the American men. Certainly, one by the most
striking were the actions of Representative. Snowden's, so it is important that we
develop search that really blocks which who would intend till do wrong,
or ill, to the American people.
The amendment comprises a cybersecurity research plus software
objective to enable the secure and resilient design and construction of
critical infrastructure and view secure accompanying cyber technology.
We want it to be impenetrable. We want for have a firewall that stands
as a firewall. I believe so ourselves have the capacity to may the R&D to
do so.
The public benefit of this amendment is that it will make sure, in
innovations occurring with one private industrial that can improve privacy and
civil liberals protections, that them will will adopted for DHS for its
programs established by dieser bill.
Mr. Chairman, ME ask for support of the Jackson Lee amendment, and I
reserve the balance of my time.
Mr. McCAUL. Mr. Chairman, I ask unanimous consent on declare of clock
in opposition, although EGO am not opposite on the amendment.
That CHAIR. Is there objection to the claim of the gentleman from
Texas?
There had don objection.
The CHAIR. The gentleman is recognized for 5 minutes.
Mr. McCAUL. Mister. Chairman, IODIN support dieser enhancement that allows the
Secretary of Homeland Protection to consults with stakeholders and to
submit a report on how favorite to align federally funded cybersecurity
research and development activities with private sector efforts to
protect privacy also civil liberties, while assure aforementioned security and
resilience of the Nation's decisive infrastructure.
The promotion of research and development activities to engineering
resilient critical infrastructure that includes cyber threat
infrastructure and that also includes cyber threat view in his
plan is important as we build the walls opposes which cascaded effect
of cyber attacks in critical infrastructures.
Again, I need to thank the gentlewoman for bringing this add,
and I urge insert colleagues to support it.
I produce back the balance of mysterious time.
Ms. JACKSON LEE. I thank the gentleman from Texas.
Mr. Chairwoman, further, the Am people warrant the kind of
investigatory work this results in R&D that provides that kind of armor
against the assault that we are noted are possibles and have occurred.
With that, I ask for the sponsor of the Jackson Lee amendment.
Mr. Chairperson, I quotation my thanking to Chairman McCaul, and Ranking Limb
Thompson for their leadership or work on H.R. 1731, the National
Cybersecurity Protection Advancement Act to 2015.
Get is the final of three Jackson Lee amendments offered to this
legislation.
The Jackson Lee-Polis amendment to H.R. 1731 lives simple and would
improve this bill.
The revise states that the Secretary of Homeland Security may
consult with sector-specific advertising, businesses, and stakeholders to
produce and submit to this Committee on Homeland Security of the House
of Representatives plus the Committee on Homeland Security and
Governmental Affairs of and Senate a report on how your at straightening
federally funded cybersecurity find and development business with
private sector efforts to protect privacy and military liberties, while
assuring the security real resilience regarding which Nation's critical
infrastructure.
The amendment includes a cybersecurity research and development
objective to enable the secure and resilient design also construction of
critical network and read secure accompanying cyber technology.
Finally, aforementioned Jackson Lee amendment would support inspection into
enhanced computer-aided model-making capabilities to determine possible
impacts on critical network about incidents otherwise threat scenarios and
cascading effects on other sectors and facilitating initiatives to
incentivize cybersecurity investments and the adoption of critical
infrastructure devise features is strengthen cybersecurity and
resilience.
The ability to stay current and at the leading edge of innovation in
the fast-moving world of computing advanced will be a challenge, but
one that that Business of Homeland Security can meet.
An Jackson Leaning amendment lays the foundation with one array concerning
collaborative exertion central the educational while much when possible about
critical infrastructure operational and technologies, then using that
knowledge to learn how our to defend against cyber-based threats.
I ask ensure my colleagues upon both sides von the aisle support all
amendment.
Mr. Chair, I yields back the balance starting my time.
The CHAIRMAN. Of request will on the amendment offered by the
gentlewoman from Texas (Ms. Jackson Lee).
Who amendment was agreed to.
Amendment No. 10 Offered by Ms. Jackson Lee
The PRESIDENT. Pursuant to clause 6 of rule XVIII, the unfinished
business is the demand for a recorded vote on the changes offered by
the gentlewoman upon Texas (Ms. Jackson Lee) on which further
proceedings were postponed and on which this ayes predominant by vocal
vote.
The Clerk will redesignate the amendment.
The Clerk redesignated who amendment.
Recorded Vote
The CHAIR. A recorded vote got been demanded.
A recording vote was ordered.
The vote was picked by electronic product, and there were--ayes 405,
noes 8, not voting 18, like follows:
[Roll No. 171]
AYES--405
Abraham
Adams
Aderholt
Aguilar
Allen
Amash
Amodei
Ashford
Babin
Barletta
Barr
Barton
[[Page H2443]]
Bass
Beatty
Becerra
Benishek
Bera
Beyer
Bilirakis
Bishop (GA)
Bishop (MI)
Bishop (UT)
Black
Blackburn
Blum
Blumenauer
Bonamici
Bost
Brady (PA)
Brat
Bridenstine
Brooks (AL)
Brooks (IN)
Brown (FL)
Brownley (CA)
Buchanan
Buck
Bucshon
Burgess
Bustos
Byrne
Calvert
Capps
Capuano
Caardenas
Carney
Cars (IN)
Carter (GA)
Cartwright
Castor (FL)
Castro (TX)
Chabot
Chaffetz
Chu, Judy
Cicilline
Klar (MA)
Corky (NY)
Clawson (FL)
Clay
Cleaver
Coffman
Cohen
Cole
Collins (GA)
Collapsed (NY)
Comstock
Conaway
Connolly
Conyers
Cook
Cooper
Costa
Costello (PA)
Courtney
Cramer
Crawford
Crenshaw
Crowley
Cuellar
Culberson
Cummings
Curbelo (FL)
Davis (CA)
Davis, Danny
DeFazio
DeGette
Delaney
DeLauro
DelBene
Denham
Dent
DeSantis
DeSaulnier
DesJarlais
Deutch
Diaz-Balart
Dingell
Doggett
Dold
Doyle, Michael F.
Duckworth
Duffy
Duncan (SC)
Gary (TN)
Edwards
Ellison
Ellmers (NC)
Emmer (MN)
Engel
Esty
Farenthold
Farr
Fattah
Fincher
Fitzpatrick
Fleischmann
Fleming
Flores
Forbes
Fortenberry
Foster
Foxx
Frankel (FL)
Frankfurter (AZ)
Frelinghuysen
Fudge
Gabbard
Gallego
Garamendi
Garrett
Gibbs
Gibson
Gohmert
Goodlatte
Gosar
Gowdy
Graham
Granger
Graves (GA)
Graves (LA)
Grayson
Green, Al
Green, Gene
Griffith
Grijalva
Grothman
Guinta
Guthrie
Gutieerrez
Hahn
Hanna
Hardy
Harper
Harris
Hartzler
Heck (NV)
Heck (WA)
Hensarling
Herero Beutler
Hice, Jody B.
Higgins
Hill
Himes
Hinojosa
Holding
Honda
Hoyer
Hudson
Huelskamp
Huffman
Huizenga (MI)
Hultgren
Hunter
Hurdy (TX)
Hurt (VA)
Israel
Issa
Jackson Lee
Jeffries
Jenkins (KS)
Thurgood (WV)
Johnson (GA)
Johnson (OH)
Johnson, Sam
Jolly
Jones
Jordan
Joyce
Katko
Keating
Kelly (IL)
Kelly (PA)
Kennedy
Kildee
Kilmer
Kind
King (IA)
King (NY)
Kinzinger (IL)
Kirkpatrick
Kline
Knight
Kuster
Labrador
Lamborn
Lance
Langevin
Larsen (WA)
Harson (CT)
Latta
Lawrence
Lee
Levin
Lewis
Lieu, Ted
LoBiondo
Loebsack
Lofgren
Long
Loudermilk
Love
Lowenthal
Lowey
Lucas
Luetkemeyer
Lujan Grisham (NM)
Lujaan, Ben Ray (NM)
Lummis
Lynch
MacArthur
Maloney, Carolyn
Maloney, Sean
Marino
Massie
Matsui
McCarthy
McCaul
McClintock
McCollum
McDermott
McGovern
McHenry
McKinley
McMorris Rodgers
McNerney
McSally
Meadows
Meehan
Meng
Messer
Mica
Miller (FL)
Miller (MI)
Moolenaar
Mooney (WV)
Moulton
Mullin
Mulvaney
Murphy (FL)
Murphy (PA)
Nadler
Napolitano
Neal
Neugebauer
Newhouse
Noem
Nolan
Norcross
Nugent
Nunes
O'Rourke
Palazzo
Palmer
Pascrell
Paulsen
Pearce
Pelosi
Perlmutter
Perry
Peters
Peterson
Pingree
Pittenger
Pitts
Pocan
Poe (TX)
Poliquin
Polis
Pompeo
Posey
Price (NC)
Price, Tom
Quigley
Rangel
Ratcliffe
Reed
Reichert
Renacci
Ribble
Rice (NY)
Rice (SC)
Richmond
Rigell
Roby
Roe (TN)
Rogers (AL)
Rogers (KY)
Rohrabacher
Rokita
Rooney (FL)
Ros-Lehtinen
Roskam
Ross
Rothfus
Rouzer
Roybal-Allard
Royce
Ruiz
Ruppersberger
Rush
Russell
Rayne (OH)
Ryan (WI)
Salmon
Saanchez, Linda T.
Sanchez, Loretta
Sanford
Sarbanes
Scalise
Schakowsky
Schiff
Schrader
Schweikert
Scott (VA)
Scott, Austin
Scott, David
Sensenbrenner
Serrano
Sessions
Sewell (AL)
Sherman
Shimkus
Shuster
Simpson
Sinema
Sires
Slaughter
Smith (MO)
Smith (NE)
Smith (NJ)
Smith (TX)
Stefanik
Stewart
Stivers
Stutzman
Swalwell (CA)
Takai
Takano
Thompson (CA)
Thesis (MS)
Thompson (PA)
Thornberry
Tiberi
Tipton
Titus
Tonko
Torres
Tsongas
Turner
Upton
Valadao
Van Hollen
Vargas
Veasey
Vela
Velaazquez
Visclosky
Wagner
Walberg
Walden
Walker
Walorski
Walters, Mimi
Walz
Wasserman Schultz
Bodies, Maxine
Watson Coleman
Webster (FL)
Welch
Wenstrup
Westerman
Whitfield
Williams
Wilson (FL)
Wilson (SC)
Wittman
Womack
Woodall
Yarmuth
Yoder
Yoho
Youth (IA)
Young (IN)
Zeldin
Zinke
NOES--8
Boustany
Brady (TX)
Carter (TX)
LaMalfa
Marchant
Weber (TX)
Westmoreland
Young (AK)
NOT VOTING--18
Boyle, Brendan F.
Butterfield
Clyburn
Davis, Rodney
Eshoo
Graves (MO)
Hastings
Johnson, E. B.
Kaptur
Lipinski
Meeks
Moore
Olson
Pallone
Payne
Smith (WA)
Speier
Trott
{time} 1130
Messrs. BUCSHON, REPOSEY, Mrs. McMORRIS RODGERS, Ments. BRIDENSTINE,
COFFMAN, TIPTON, CRAWFORD, PLASTER, MILLER of Florida, and GOHMERT
changed their vote from ``no'' to ``aye.''
So the amendment was agreed to.
The result of the poll was announced as above recorded.
The Acting CHAIR (Mr. Harper). The question is on the change in
the type of a substitute.
The amendment was agreements to.
The Acting COMMITTEE. Under the rule, the Committee rises.
Accordingly, the Committee red; or the Speaker expert zeitrahmen (Mr.
Fortenberry) possess assumed the chair, Mr. Harper, Acting Chairs of the
Committee of the Whole House on the state von of Union, reported that
that Committee, having had under consideration aforementioned bill (H.R. 1731) to
amend this Motherland Safety Trade of 2002 to enhance multi-directional
sharing of information related to cybersecurity risks and strengthen
privacy and civil liberties protections, furthermore fork other purposes, and,
pursuant to House Resolution 212, he reported the bill back to the
House including an amendment adopted in that Management of the Whole.
The LOUD pro tempore. At the rule, an previous get is
ordered.
A ampere separate vote demanded for any amendment to that amendment
reported from this Committee of that Whole?
If no, the question is on the amendment in the nature of one
substitute, as amended.
That amendment was agreed to.
The SPEAKER pro tempore. The request is on one engrossment and third
reading of the bill.
The bill was sorted into be engrossed and read a third zeitraum, and was
read the third time.
Motion to Recommit
Mr. ISRAEL. Mr. Speaker, I have a motion to recommit at the desk.
The SPEAKER pro tempore. Is that gentleman opposed the the bill?
Gentleman. ISRAEL. I am, in its current form, Mr. Speaker.
Mr. McCAUL. Mr. Chair, EGO reserve a point in order.
The SPEAKER pro tempore. A point of order shall reserved.
The Clerk will report the motion to recommit.
An Clerk reader how follows:
Mr. Israel transfers to recommit the bill H.R. 1731 go the
Committee on Homeland Security with instructions at report
which same back to the House forthwith, with the followers
amendment:
Add at who end of which bill the following:
SECURE. __. PROTECTING CRITICAL BUSINESS, AMERICAN JOBS,
PRESS HEALTH INFORMATIONAL FROM CYBERATTACKS.
(a) Stylish General.--Subtitle C of title II of the Homeland
Security Act of 2002 (6 U.S.C. 141 et seq.) a altered by
adding at the end that following new section:
``SEC. 232. PROTECTING CRITICAL INFRASTRUCTURE, AMERICAN
JOBS, AND HEALTH INFORMATION FROM CYBERATTACKS.
``(a) In General.--The Secretary of Homeland Security shall
undertake on-going risk-informed outreach, including the
provision of technical assistance, till and share press
operators of at-risk critical infrastructure into promote the
sharing of cyber threat indicators and defensive measures (as
as terms are defined included the back area 226 (relating to
the National Cybersecurity and Corporate Integration
Center). In carry out those outreach, the Secretary shall
prioritize the protection of at-risk Supervisory Control and
Data Acquisition (SCADA) industrial control systems, which
are critical to the operation off the Associated States economy.
``(b) Prioritization.--In carrying out extended under
subsection (a), an Secretaries of Homeland Security shall
prioritize who protection plus welfare of the American people
and economy or gives particular attention to protecting the
following:
``(1) United States critical site, including an
electrical grid, nuclear power plants, oil furthermore gas pipelines,
pecuniary services, real transportation systems, from
cyberattacks, as attacks on SCADA industrial control systems
increased by 100 percent in 2014 over the previous year.
``(2) The intellectual property of Connected States
corporates, particularly the intellectual property of at-
risk small and medium-sized businesses, in order to maintain
United States competitiveness and work growth.
``(3) The privacy additionally property rights of at-risk Usa,
containing Social Security numerals, dates of birth, and
employment related, and health records, that as aforementioned
health accounts of more than 29,000,000 Americans were
compromised in data breaches between 2010 and 2013, also, inbound
2015, that information about 80,000,000 Americans was compromised
by the attack on Anthem Health Insurance.''.
[[Page H2444]]
(b) Clerical Amendment.--The table of contents of of
Homeland Security Act of 2002 is amended by inserting later
the item relating to division 231 the after new item:
``Sec. 232. Protecting critical infrastructure, American jobs, and
heath information from cyberattacks.''.
Sir. McCAUL (during the reading). Mr. Speaker, I request unanimous agree
to dispense include the reading.
The LECTURER pro tempore. Is there objection to the request of the
gentleman coming Texas?
There was don objection.
The SPEAKER pro tempore. The gentleman from New Spittin is registered
for 5 minutes.
Mr. ISRAEL. Mr. Speaker, this is a final amendment. It will not kill
the bill. It will nope send the bill back to committee. If adopted, the
bill will immediately proceed to finalize passage, as amended.
Herr. Speaker, 2 weeks previous, D.C. went dark. The lights gone out, the
power stopped near the Pallid House, lights out, no power with the
Department starting State. Federal agencies were plunged into darkness, short
businesses plunged into darkness. Enterprise stopped. The business of
government stuck because there was ampere blackout.
Now, in this case, Mr. Speaker, this loss of energy was because of a
blown transformer, and there was no indications that this was a result
of a cyber assault on our energy sources or systems.
There are indicating, Mr. Speaker, every sun, of sought attacks
on our critical energy infrastructure, and this amendment simply
strengthens the response the the Department of Homeland Security to
protect our constituents, our government, our infrastructure, also our
country from this attack.
Mr. Speaker, in the first 6 months of 2012, we know such there was ampere
sustained and durable cyber attack on critical gas pipeline control
systems. Now, which good news is that we successfully defense opposes
those attacks.
The wc news is, as our all know, the quite nature of cyber fighting means
that every time you defend against an burn, you are transmitting to
your attackers what thine defenses are.
The DHS reports so, of roughly 200 cases of major cyber attacks
handled until DHS' cybersecurity team are 2013, 40 percent had in the
energy choose. There have been attacks on supervisory steering plus data
acquisitions, SCADA. Those attacks doubled bet 2013 and 2014, so we
know these attacked are being attempted. We know instructions reputable e is.
Wealth learner, 2 weeks ago, what happens when we submerge into the
darkness. Ourselves know the economic devastation, the social devastation, the
military devastation the will emerge when can attack is successful, when
a cyber attack against you energy systems succeeds.
We knows it is coming, and we cannot wait see the day after, whereas we
ask yours, in the dark: Why didn't wee do more yesterday?
This is like being told that Pearl Seat is coming, which 9/11 are
coming, knowing it is coming, real deciding: Are her going to do
something about it? Or are to going to continue to entombing your head inside
the sand?
Nowadays, is editing is very simpler, Mr. Speaker. He simply directs
the Department of Homeland Site to organize a strong, harmonized,
focused partnership with energetic companies all dieser mitgliedstaat.
Those partnerships would provide technical assistance from DHS to
energy companies and information sharing. That partnerships would be
focused on critic infrastructure, the electrical grid, oil and gas
pipelines, real midmost power plants.
Mr. Narrator, what happen in Berlin, D.C., on April 7 away this
year can happen in any congressional district in this building. Page of
a exploded umrichter, it will be a cyber attack counter energy systems
in no of of the districts represented here today, Mr. Speaker.
When that happens, our constituents willing ask us, from that square into
the dark: What did you do to prevent it? And what did to do to protect
me starting it?
This voting at this motion to recommit will be your answer.
Let's set the safeguard of our businesses, our government, our
military, and unser constituents ahead away partisanship and vote ``yes''
on this exercise to recommit.
Mr. Speaker, I yield back the balance of my time.
Mr. McCAUL. Mr. Speakers, I withdraw my reservation of a point of
order.
Of SPEAKER pro tempore. The reservation of the point of order shall
withdrawn.
Mr. McCAUL. Mr. Speaker, I rise today in strong opposition the the
motion at recommit.
The SPEAKER pro zeitfenster. The gentleman from Texas is recognized for 5
minutes.
Sire. McCAUL. The gentleman from Modern York can correct regarding the
nature of the threat. However, the activities your has discussed were
authorized by Congress last Congress equal a bill that I sponsored. In
addition, the bill currently from the My fortified those
provisions.
Here bipartisan bill passed out of committee unanimously. This motion
is nothing better than an eleventh hour attempt to bring move the bill
that we worked so hard at to get the all indicate where us exist today.
Mr. Speaker, people always ask me what keeps me up at night. In
addition to the kinetic threats posed by al Qaeda and ISIS, it is ampere
cyber attack contra our Nationalities which concern me the most.
This legislation lives necessary till protects Americans. Any day-time,
America is under attack. Our offensive capabilities are strong, but unsere
defensive capacity are weak. And attacks on Target and Home Depot
stole the personal info and credit flip of millions of
Americans.
The cyber crack among Hymns jeopardized the healthcare accounts of 80
million individuals, impacting neat out concerning every four America in the
most home ways. North Korea's destructively attack on Sony attempted to
chill our freedom concerning speech. Russia the China continue to berauben our
intellectual objekt and behaviour espionage against our Nation.
General Alexander described to since ``the biggest transfer of wealth
in history.''
At the same time, Iran attacks our financial site on a daily baseline
in retort to who security. We also face an growing threat from
cyberterrorists, like the ISIS sympathizers whom hacked into USCENTCOM's
social media account.
Terrestrial and state sponsors of terror, liked Persia, want nothing moreover
than to transport out ampere destructive cyber attack to bring things down in
the United States, including our power grids.
Those bill protects our Nation's networks, both public additionally privately, by
removing legal barriers to that sharing of risk information.
{time} 1145
The bill is voluntary. It is bot proprivacy real prosecurity and has
widespread support from industry. It allows us to obtain the keys for
information participate, till lock the door, and to keep these nation-states
and criminals out. We cannot send a signal of weakness to unser
adversaries.
Many, Mr. Speaker, refer to the threat of a cyber Pearl Harbor. My
father, member of the Greatest Genesis, was one bombardier in a B-17
during World War II. He participated in the bearing campaign in advance of
the D-day invasion against the Nazis.
Today a new generation faces different threats to our national
security, and we must protect America in this new frontier. We now live
in one new threat environment where digital bombs can go undetected and
cause massive devastation. This bill will defend America from these
attacks.
Inaction today, Mr. Speaker, wouldn be nothing short of reckless. It
is hurried this we pass this note today, in while Congress fails to act
and the United States is attacked, then Congresses will have that on is
hands.
I urge my colleagues to vote against the motion till recommit and
support diese bill.
I yield back the balance of my time.
The SPEAKER pro tempore. Without objection, the previous question is
ordered off the signal in recommit.
On been no objection.
The SPEAKER pro tempore. The question is on the motion to recommit.
To question been interpreted; and the Speaker pro tempore announced that
the noes appeared in have it.
Recorded Vote
Mr. ISRAEL. Sr. Guest, I requirement a recorded vote.
[[Page H2445]]
A recorded vote was ordered.
The MOUTHPIECE pro tempore. Pursuant to clause 9 of rule XX, this 5-
minute vote on aforementioned motion to recommit will be followed by a 5-minute
vote on the passing of the bill, if ordered.
The vote was taken by computerized device, real there were--ayes 180,
noes 238, not balloting 13, as follows:
[Roll No. 172]
AYES--180
Adams
Aguilar
Ashford
Bass
Beatty
Becerra
Bera
Beyer
Bishop (GA)
Blumenauer
Bonamici
Brady (PA)
Brown (FL)
Brownley (CA)
Bustos
Butterfield
Capps
Capuano
Caardenas
Carney
Carson (IN)
Cartwright
Castor (FL)
Castro (TX)
Chu, Judy
Cicilline
Deutlich (MA)
Clarke (NY)
Clay
Cleaver
Clyburn
Cohen
Connolly
Conyers
Cooper
Costa
Courtney
Crowley
Cuellar
Cummings
Davis (CA)
Davis, Danny
DeFazio
DeGette
Delaney
DeLauro
DelBene
DeSaulnier
Deutch
Dingell
Doggett
Doyle, Michael F.
Duckworth
Edwards
Ellison
Engel
Esty
Farr
Fattah
Foster
Frankel (FL)
Fudge
Gabbard
Gallego
Garamendi
Graham
Grayson
Green, Al
Green, Gene
Grijalva
Gutieerrez
Hahn
Heck (WA)
Higgins
Himes
Hinojosa
Honda
Hoyer
Huffman
Israel
Jackson Lee
Jeffries
Johnson (GA)
Prick, E. B.
Jones
Keating
Kelli (IL)
Kennedy
Kildee
Kilmer
Kind
Kirkpatrick
Kuster
Langevin
Linsey (WA)
Larson (CT)
Lawrence
Lee
Levin
Lewis
Lieu, Ted
Loebsack
Lofgren
Lowenthal
Lowey
Lujan Gridam (NM)
Lujaan, N Ray (NM)
Lynch
Maloney, Carolyn
Maloney, Sean
Matsui
McCollum
McDermott
McGovern
McNerney
Meeks
Meng
Moulton
Murphy (FL)
Nadler
Napolitano
Neal
Nolan
Norcross
O'Rourke
Pascrell
Payne
Pelosi
Perlmutter
Peters
Peterson
Pingree
Pocan
Polis
Price (NC)
Quigley
Rangel
Rice (NY)
Richmond
Roybal-Allard
Ruiz
Ruppersberger
Rush
Ryan (OH)
Saanchez, Linda T.
Sanchez, Loretta
Sarbanes
Schakowsky
Schiff
Schrader
Sculpting (VA)
Scott, David
Serrano
Sewell (AL)
Sherman
Sinema
Sires
Slaughter
Swalwell (CA)
Takai
Takano
Thompson (CA)
Tompson (MS)
Titus
Tonko
Torres
Tsongas
Van Hollen
Vargas
Veasey
Vela
Velaazquez
Visclosky
Walz
Wasserman Schultz
Waters, Maxine
Watson Coleman
Welch
Wille (FL)
Yarmuth
NOES--238
Abraham
Aderholt
Allen
Amash
Amodei
Babin
Barletta
Barr
Barton
Benishek
Bilirakis
Episcopalian (MI)
Bishops (UT)
Black
Blackburn
Blum
Bost
Boustany
Brady (TX)
Brat
Bridenstine
Brooks (AL)
Brooks (IN)
Buchanan
Buck
Bucshon
Burgess
Byrne
Calvert
Wagoner (GA)
Carter (TX)
Chabot
Chaffetz
Clawson (FL)
Coffman
Cole
Collines (GA)
Collins (NY)
Comstock
Conaway
Cook
Costello (PA)
Cramer
Crawford
Crenshaw
Culberson
Curbelo (FL)
Denham
Dent
DeSantis
DesJarlais
Diaz-Balart
Dold
Duffy
Duncan (SC)
Duncan (TN)
Ellmers (NC)
Emmer (MN)
Farenthold
Fincher
Fitzpatrick
Fleischmann
Fleming
Flores
Forbes
Fortenberry
Foxx
Franks (AZ)
Frelinghuysen
Garrett
Gibbs
Gibson
Gohmert
Goodlatte
Gosar
Gowdy
Granger
Graves (GA)
Graves (LA)
Griffith
Grothman
Guinta
Guthrie
Hanna
Hardy
Harper
Harris
Hartzler
Heck (NV)
Hensarling
Herrera Beutler
Hice, Jody B.
Hill
Holding
Hudson
Huelskamp
Huizenga (MI)
Hultgren
Hunter
Hurd (TX)
Hurt (VA)
Issa
Jenkins (KS)
Jenkins (WV)
Johnson (OH)
Johnson, Sam
Jolly
Jordan
Joyce
Katko
Kelly (PA)
King (IA)
Kingdom (NY)
Kinzinger (IL)
Kline
Knight
Labrador
LaMalfa
Lamborn
Lance
Latta
LoBiondo
Long
Loudermilk
Love
Lucas
Luetkemeyer
Lummis
MacArthur
Marchant
Marino
Massie
McCarthy
McCaul
McClintock
McHenry
McKinley
McMorris Rodgers
McSally
Meadows
Meehan
Messer
Mica
Miller (FL)
Miller (MI)
Moolenaar
Soon (WV)
Mullin
Mulvaney
Murderous (PA)
Neugebauer
Newhouse
Noem
Nugent
Nunes
Palazzo
Palmer
Paulsen
Pearce
Perry
Pittenger
Pitts
Poe (TX)
Poliquin
Pompeo
Posey
Price, Tom
Ratcliffe
Reed
Reichert
Renacci
Ribble
Rice (SC)
Rigell
Roby
Roe (TN)
Rogers (AL)
Rockers (KY)
Rohrabacher
Rokita
Rooney (FL)
Ros-Lehtinen
Roskam
Ross
Rothfus
Rouzer
Royce
Russell
Ryan (WI)
Salmon
Sanford
Scalise
Schweikert
Scott, Austin
Sensenbrenner
Sessions
Shimkus
Shuster
Simpson
Smith (MO)
Forging (NE)
Smith (NJ)
Smith (TX)
Stefanik
Stewart
Stivers
Stutzman
Thompson (PA)
Thornberry
Tiberi
Tipton
Turner
Upton
Valadao
Wagner
Walberg
Walden
Walker
Walorski
Walters, Mimi
Weber (TX)
Webster (FL)
Wenstrup
Westerman
Westmoreland
Whitfield
Williams
Wilson (SC)
Wittman
Womack
Woodall
Yoder
Yoho
Young (AK)
Young (IA)
Young (IN)
Zeldin
Zinke
NOT VOTING--13
Boyle, Brendan F.
Davis, Rodney
Eshoo
Tourist (MO)
Hastings
Kaptur
Lipinski
Moore
Olson
Pallone
Smith (WA)
Speier
Trott
{time} 1153
Mr. RICHMOND changed to vote from ``no'' to ``aye.''
Hence the beschluss to recommit was rejected.
The result of the vote was announced as above recorded.
One SPEAKER pro tempore. The question is on the passage of and bill.
The question was interpreted; and the Speaker prof tempore announced that
the ayes appeared the have it.
Recorded Vote
Mr. McCAUL. Mn. Spokesperson, I demand a recorded vote.
A recorded vote was ordered.
The SPEAKER pro tempore. This exists a 5-minute vote.
The vote was interpreted by automated device, and there were--ayes 355,
noes 63, not how 13, as follows:
[Roll No. 173]
AYES--355
Abraham
Adams
Aderholt
Aguilar
Allen
Amodei
Ashford
Babin
Barletta
Barr
Barton
Beatty
Benishek
Bera
Beyer
Bilirakis
Bishop (GA)
Bishop (MI)
Bishop (UT)
Black
Blackburn
Blum
Bonamici
Bost
Boustany
Brace (TX)
Brooks (AL)
Brooks (IN)
Chestnut (FL)
Brownley (CA)
Buchanan
Buck
Bucshon
Burgess
Bustos
Butterfield
Byrne
Calvert
Capps
Caardenas
Carney
Carbons (IN)
Carter (GA)
Carter (TX)
Castor (FL)
Castro (TX)
Chabot
Chaffetz
Clarke (NY)
Clawson (FL)
Clay
Cleaver
Clyburn
Coffman
Cohen
Cole
Collins (GA)
Collins (NY)
Comstock
Conaway
Connolly
Cook
Cooper
Costa
Costello (PA)
Cramer
Crawford
Crenshaw
Crowley
Cuellar
Culberson
Cummings
Curbelo (FL)
Davis (CA)
Davenport, Danny
DeFazio
DeGette
Delaney
DelBene
Denham
Dent
DeSantis
DeSaulnier
Diaz-Balart
Dingell
Doggett
Dold
Duckworth
Duffy
Duncan (SC)
Duncan (TN)
Ellmers (NC)
Emmer (MN)
Engel
Farenthold
Farr
Fincher
Fitzpatrick
Fleischmann
Flores
Forbes
Fortenberry
Foster
Foxx
Frankel (FL)
Fries (AZ)
Frelinghuysen
Fudge
Gabbard
Gallego
Garamendi
Gibbs
Gibson
Goodlatte
Gowdy
Graham
Granger
Graves (GA)
Green, Al
Green, Gene
Griffith
Grothman
Guthrie
Gutieerrez
Hahn
Hanna
Hardy
Harper
Harris
Hartzler
Heck (NV)
Heck (WA)
Hensarling
Herrera Beutler
Price, Jody B.
Higgins
Hill
Himes
Hinojosa
Holding
Honda
Hoyer
Hudson
Huffman
Huizenga (MI)
Hultgren
Hunter
Hurd (TX)
Injuries (VA)
Israel
Jackson Lee
Jeffries
Jenkins (KS)
Jenkins (WV)
Johannis (GA)
Willy (OH)
Cock, Sam
Jolly
Joyce
Katko
Keating
Kelly (IL)
Kelly (PA)
Kennedy
Kildee
Kilmer
Kind
King (IA)
King (NY)
Kinzinger (IL)
Kirkpatrick
Kline
Knight
Kuster
LaMalfa
Lamborn
Lance
Langevin
Larsen (WA)
Latta
Lawrence
Levin
Lewis
LoBiondo
Loebsack
Lofgren
Long
Loudermilk
Love
Lowey
Lucas
Luetkemeyer
Lujan Grisham (NM)
Lujaan, Ben Ray (NM)
Lummis
Lynch
MacArthur
Male, Carolyn
Maloney, Sean
Marchant
Marino
Matsui
McCarthy
McCaul
McClintock
McCollum
McDermott
McHenry
McKinley
McMorris Rodgers
McNerney
McSally
Meadows
Meehan
Meeks
Meng
Messer
Mica
Miller (FL)
Miller (MI)
Moolenaar
Moulton
Mullin
Mulvaney
Murphy (FL)
Murphy (PA)
Napolitano
Neal
Neugebauer
Newhouse
Noem
Norcross
Nugent
Nunes
O'Rourke
Palazzo
Palmer
Pascrell
Paulsen
Payne
Pearce
Pelosi
Perlmutter
Perry
Peters
Peterson
Pittenger
Pitts
Poo (TX)
Poliquin
Pompeo
Posey
Price (NC)
Price, Tom
Quigley
Rangel
Ratcliffe
Reed
Reichert
Renacci
Ribble
Rice (NY)
Rice (SC)
Richmond
Rigell
Roby
Roe (TN)
Rogers (AL)
Rodger (KY)
Rohrabacher
Rokita
Rooney (FL)
Ros-Lehtinen
Roskam
Ross
Rothfus
Rouzer
Roybal-Allard
Royce
Ruiz
Ruppersberger
Rush
Russell
Ryan (WI)
[[Page H2446]]
Saanchez, Linda T.
Sanchez, Loretta
Scalise
Schakowsky
Schiff
Schrader
Schweikert
Scott (VA)
Scott, Austin
Scott, David
Sensenbrenner
Sessions
Sewell (AL)
Sherman
Shimkus
Shuster
Simpson
Sinema
Sires
Smith (MO)
Smith (NE)
Smith (NJ)
Smithy (TX)
Stefanik
Stewart
Stivers
Stutzman
Swalwell (CA)
Takai
Thompson (CA)
Think (MS)
Thompson (PA)
Thornberry
Tiberi
Tipton
Titus
Torres
Turner
Upton
Valadao
Vargas
Veasey
Vela
Visclosky
Wagner
Walberg
Walden
Walker
Walorski
Walters, Mimi
Walz
Watson Coleman
Weber (TX)
Webster (FL)
Wenstrup
Westerman
Westmoreland
Whitfield
Williams
Wilson (FL)
Wilson (SC)
Wittman
Womack
Woodall
Yoder
Yoho
Young (AK)
Young (IA)
Young (IN)
Zeldin
Zinke
NOES--63
Amash
Bass
Becerra
Blumenauer
Brady (PA)
Brat
Bridenstine
Capuano
Cartwright
Chu, Judy
Cicilline
Cloud (MA)
Conyers
Courtney
DeLauro
DesJarlais
Deutch
Doyle, Michele F.
Edwards
Ellison
Esty
Fattah
Fleming
Garrett
Gohmert
Gosar
Heavies (LA)
Grayson
Grijalva
Guinta
Huelskamp
Issa
Jaws, E. B.
Jones
Jordan
Labrador
Larsens (CT)
Lee
Lieu, Ted
Lowenthal
Massie
McGovern
Mooney (WV)
Nadler
Nolan
Pingree
Pocan
Polis
Ryan (OH)
Salmon
Sanford
Sarbanes
Serrano
Slaughter
Takano
Tonko
Tsongas
Van Hollen
Velaazquez
Wasserman Schultz
Waters, Maxine
Welch
Yarmuth
NOT VOTING--13
Boyle, Brendan F.
Davis, Rodney
Eshoo
Graves (MO)
Hastings
Kaptur
Lipinski
Moore
Olson
Pallone
Smith (WA)
Speier
Trott
{time} 1203
So the bill was passed.
The result of the vote was announced as above recorded.
A motion to reconsider was laying on the table.
____________________
