Where the cyber bills stand
The House passed three measures already this week, and will likely vote on a fourth -- CISPA -- on April 18. Here's what they mean for the broader cyber debate.
In a week flooded with breaking news, cybersecurity has not been dominating headlines. Nevertheless, no fewer than four bills made their way through the House as lawmakers once again took up cyber measures.
The House passed three cybersecurity-related bills on April 16, and late on April 17, members were debating the fourth and most controversial, the Cyber Intelligence Sharing and Protection Act. Lawmakers were expected to vote on amendments on April 17, with a vote on whether to pass the bill expected on April 18.
The package of complementary bills must also clear the Senate, where cybersecurity legislation failed last year, and receive the president's signature of approval.
"We can pass bills in the House all day long, but if the Senate doesn't pass them and the president doesn't sign, where are we?" said Rep. C.A. Dutch Ruppersberger (D-Md.), a CISPA co-sponsor and ranking member of the House Permanent Select Committee on Intelligence, during floor debate on April 17.
The House passed the Cybersecurity Enhancement Act, which mandates strategic guidance for federal cybersecurity research and development. To establish that guidance, the bill calls for input from public and private stakeholders, and strengthens security automation standards and checklists for federal systems.
It also requires President Barack Obama to assess federal cybersecurity workforce needs by agency and provide information on skills sought and the projected capacity to meet workforce needs.
Additionally, the bill boosts partnerships with academia, including cyber research and education at the National Science Foundation by reauthorizing funding that expired in 2007 but has been carried out under general authorities from continuing resolutions. It also calls for scholarships for federal IT workforce internships, a university/industry task force on cybersecurity research, and coordination of cyber awareness and education efforts.
Advancing America's Networking and IT Research and Development Act of 2013 updates 1991's High-Performance Computing Act. The new bill brings the authorities of the Networking and IT Research and Development program into the 21st century. NITRD is the government's centralized effort to coordinate unclassified IT research and development among federal agencies.
The NITRD update aims to improve interagency coordination and planning. It calls for a strategic plan for the program that would codify current National Coordination Office efforts and implement recommendations from the President's Council of Advisors on Science and Technology. The bill also shifts the focus from short-term goals to long-term research on a broader, more up-to-date scale and would establish an interagency working group to target gaps in federal cloud research.
The third bill passed April 16 was legislation to modernize the Federal Information Security Management Act. It passed easily in a vote of 416-0 -- a move expected after months, if not years, of calls to reform the act. The effort failed last year as part of comprehensive cybersecurity legislation.
Rep. Darrell Issa (R- Calif.), chairman of the Oversight and Government Reform Committee and one of the bill's main sponsors, said during the floor debates on April 16 that "every committee chairman and every ranking member in the House" supported the bill.
"This bipartisan legislation will address the shortcomings of FISMA by incorporating recent technological innovations, and enhance and strengthen the current framework that protects federal information technology systems," Issa said.
CISPA garnered considerably less support and again generated debate over privacy, civil liberties and which government agency would take the lead. Lawmakers tried to put those issues to rest during floor discussion on April 17.
"We didn't want the perception to be that military would be the entity in charge of overseeing this. It had to be civil," Ruppersberger said, acknowledging concerns that the Defense Department would be the lead agency.
To that end, one of the amendments defines the Department of Homeland Security as the point of entry for critical cyber information sharing.
Obama administration officials have renewed threats that the president would veto CISPA, which doomed the legislation last year. Some groups praised the White House's warning.
"As technology changes, we must not allow our constitutional protections to be eviscerated," said David Segal, executive director of advocacy group Demand Progress, in a statement. "CISPA represents a threat to the freedom of all Americans who believe in the value of the Bill of Rights. We are heartened that President Obama has heard our call and acted in the best interest of the American people."
On the other hand, TechAmerica threw its support behind CISPA and the House's three other cyber measures.
"The issues that these bills tackle are critical to shoring up our cyber defenses," said Kevin Richards, TechAmerica's senior vice president of federal government affairs, in a press release. "The bills improve the framework for securing our government's information technology systems by focusing on continuous monitoring; strengthen NSF and [National Institute of Standards and Technology] technical standards and cybersecurity awareness; and finally, provide much-needed federal investment in cybersecurity [research and development.]"