House committee takes third whack at cyber enhancement bill

Thursday - 3/14/2013, 4:52pm EDT

The House Science, Space and Technology Committee members are going down a familiar path to get cyber legislation into law.

The committee approved the Cybersecurity Enhancement Act of 2013 (H.R. 756) today as one of several bills expected over the next few months to improve how agencies protect their computer networks.

Rep. Mike McCaul (R-Texas), a co-sponsor of the legislation, hopes a third time is a charm for the bill to become law. The full House approved it twice before, last year by a vote of 395 to 10 and the previous year, 422 to 5.

"This act improves coordination in the government, providing for a strategic plan to assess the cybersecurity risk and guide the overall direction of federal cyber research and development," McCaul said today during the committee's markup. "Our federal networks are under cyber attack every day. This bill updates the National Institute of Standards and Technology's responsibilities to develop security and procurement standards for the .gov computer systems to harden these federal networks against attack."

Specifically, the bill calls for NIST to develop standards, reference materials and checklists for technologies and systems based on the risks, the number of agencies using the IT and the effectiveness of the standards.

McCaul said the bill also would establish a federal-university-private sector task force to coordinate R&D and reduce duplications.

H.R. 756 would require the White House to develop an assessment of the federal cyber workforce, including current and projected needs, analyze the sources available to hire workers and any barriers agencies face to recruit and hire cybersecurity experts.

McCaul said the bill also "continues much needed cybersecurity research and development programs at the National Science Foundation and NIST. Additionally, this bill promotes cybersecurity awareness and education throughout the country."

Rep. Lamar Smith (R-Texas), the chairman of the committee, offered a manager's amendment to the bill, making a few minor changes.

Among the changes is a requirement for the R&D agencies to "track ongoing and completed federal cybersrecurity R&D projects and make that information publicly available. For the last several years, the Government Accountability Office has recommended this requirement in order to make federal cyber R&D more transparent and ensure we do not duplicate efforts."

The committee also passed the Advancing America's Networking and Information Technology Research and Development Act of 2013 (H.R. 967) The House passed this bill last year as well, by a voice vote.

Rep. Eddie Bernice Johnson (D-Texas), the ranking member of the committee, said it continues and builds upon the interagency initiative passed 20 years ago, the High Performance Computing Act of 1991.

Johnson said the new bill would help ensure the federal investments follow a coherent strategy for investing in NITRD.

Both bills go back to the full House for a debate and vote.

The Senate has been trying to pass a comprehensive cyber bill as opposed to the House's piecemeal approach. That is part of the reason why the Senate didn't consider either bill last session.

RELATED STORIES:

House-backed cyber bills head to Senate

New cyber strategy coordinates $1B in R&D efforts