House committee clears cybersecurity bill
By Jennifer Martinez
POLITICO Pro
In the first significant movement on cybersecurity reform this year in the lower chamber, a House committee on Thursday cleared a bill to boost the nation’s cyberdefenses despite concerns that the tight federal budget might make it hard to implement.
The Cybersecurity Enhancement Act of 2011, authored by Reps. Mike McCaul (R-Texas) and Daniel Lipinski (D-Ill.), would give the National Institute of Standards and Technology authority to set security standards for federal agencies' computer systems. It would also establish scholarship programs through the National Science Foundation to recruit and train a pool of future cybersecurity professionals.
The bipartisan bill, passed out of the House Committee on Science, Space and Technology by voice vote, is the first piece of cybersecurity legislation to be marked up in the House this year. But tension over the topic du jour in Congress — dollars and cents — hovered over the markup.
At the outset of the bill markup, ranking member Rep. Eddie Bernice Johnson (D-Texas) noted that proposed funding for NSF and NIST is flat in 2012, so those agencies might have trouble meeting the bill’s mandate.
“It doesn’t seem right to be touting NIST’s role in cybersecurity while also proposing a funding level for the agency that prevents it from carrying out critical cybersecurity-related initiatives,” Johnson said.
Fellow Democrat Paul Tonko of New York put forward an amendment that outlined which responsibilities in the bill NIST would not be required to carry out when its funding falls below 2011 levels.
To that end, McCaul said the cybersecurity activities that NIST is responsible for in the bill are already being conducted by the agency. Tonko’s amendment was ultimately voted down by a majority of Republicans voicing their dissent. But Lipinksi, who co-authored the bill with McCaul, voted in favor of it.
Following the markup, McCaul reiterated to reporters that the bill codifies activities already taking place at NIST and said he hopes the bill will be taken up after Congress returns from the August recess.
“We have to be cognizant of the time we live in,” McCaul told POLITICO. “If we mark up a bill that puts additional spending on a bill, the chances of it passing in the House are just over.”
Additionally, the bill would also create grant programs for cybersecurity research and development. And the bill would establish a partnership among universities and public and private sectors so they can better coordinate research and development efforts.
The two lawmakers introduced a similar bill last Congress, which passed the House but did not make it to the Senate. Sen. Robert Menendez (D-N.J.) introduced a companion bill in the upper chamber earlier this summer, and Lipinski suggested that measure might be tacked onto the larger cybersecurity bill the Senate Commerce and Homeland Security and Governmental Affairs committees are working on.
“Unfortunately (there were) far too many pieces of legislation that it was not taken up in the Senate,” Lipinski said. “My hope is that by advancing this bill now working with Sen. Menendez … we can pass this law, perhaps as part of a comprehensive cybersecurity bill.”
A manager’s amendment put forward by McCaul and Lipinski was adopted to the bill during the markup. It incorporated feedback the two lawmakers received from NIST on the language in the bill, and also stated that no additional funds are authorized for NIST activities laid out in the bill.
The House is approaching cybersecurity reform in piecemeal fashion. The top House Republican lawmakers on cybersecurity, Reps. Mac Thornberry (R-Texas) and McCaul, believe a set of smaller bills on the issue would be easier to pass. But lawmakers in the upper chamber, led by Senate Majority Leader Harry Reid (D-Nev.), are scrambling to put forward a comprehensive cybersecurity bill this fall.