House panel approves cybersecurity standards bill
The Science, Space, and Technology Committee approved the first piece of cybersecurity legislation in the House of Representatives this year, passing a bill designed to increase education, research, and development to confront cyberthreats.
The committee overwhelmingly approved the Cybersecurity Enhancement Act of 2011 on Thursday. The bill, sponsored by Rep. Michael McCaul, R-Texas, and Rep. Dan Lipinski, D-Ill., mirrors legislation passed last year by the House but that never made it to the Senate.
"The cyber threat is real and it's here now," said McCaul, who also sits on the House Homeland Security Committee. "When there are so many issues that divide us, I think this is one that brings us together."
McCaul said he expects the bill to be debated by the full House after the August recess. Sen. Bob Menendez, D-N.J., has introduced companion legislation in the Senate.
The bill would authorize research, education, and the development of standards at the National Science Foundation and the National Institute of Standards and Technology. It also gives NIST the authority to set standards for federal agencies.
Citing fear of unfunded mandates, Rep. Paul Tonko, D-N.Y., proposed an amendment that would tie some provisions of McCaul's bill to the level of appropriated funds. The amendment failed on a party-line vote.
McCaul said his measure largely codifies existing programs and activities and, despite allocating no additional funding, won't add burdens at the agencies. In fact, he said, making sure the bill doesn't call for more spending is important to helping it gain approval in the full House.
Rep. David Wu, D-Ore., who cosponsored the bill, withdrew an amendment that would have authorized NIST to work with private businesses to develop voluntary cybersecurity standards. McCaul said such a provision is likely to be included in a manager's amendment when the bill comes to the House floor, but that for now he is waiting for more research on the issue.
"I think this amendment goes in the right direction," he said after the hearing. "The big debate we will have is, do we regulate or do we help give incentives to businesses to protect their systems?"