“Cybersecurity attacks are a direct threat to our economy and job creation, as well as our national security."
Cyber is deeply ingrained in virtually every facet of our lives. We are very dependent upon it, which means that we are very vulnerable to disruptions and attacks. Cyber threats pose a significant risk to our national security as well as to our economy and jobs.
At least 85 percent of what must be protected is owned and operated by the private sector. Government must tread carefully in this area or risk damaging one of our greatest strengths — dynamic, innovate companies and businesses that are the key to our economy and to cybersecurity advances.
House Speaker John Boehner asked me at the start of the 112th Congress to lead an initiative on cybersecurity to focus the efforts of Congress to combat the growing national security and economic threat.
The Task Force represented a broad cross-section of the House Republican Conference and the committees of jurisdiction on the issue of cybersecurity. In addition to myself, Members serving in the group included Reps. Robert Aderholt (R-AL), Jason Chaffetz (R-UT), Mike Coffman (R-CO), Bob Goodlatte (R-VA), Robert Hurt (R-VA), Bob Latta (R-OH), Dan Lungren (R-CA), Mike McCaul (R-TX), Tim Murphy (R-PA), Steve Stivers (R-OH), and Lee Terry (R-NE).
The Task Force formally delivered its report to the Speaker and Majority Leader in October of 2011. The report was an agreement between nine House committees with jurisdiction over cybersecurity issues that could serve as a framework for moving forward with cybersecurity legislation in the House.
For most of those topics, at least some of the bills addressing them have proposed changes to current laws. Several of the bills specifically focused on cybersecurity received committee or floor action in the 112th and 113th Congresses, but none has become law. In the absence of enactment of cybersecurity legislation, the White House issued Executive Order 1336, with provisions on protection of critical infrastructure, including information sharing and standards development.
Comprehensive legislative proposals on cybersecurity that received considerable attention in 2012 are The Cybersecurity Act of 2012 (CSA 2012, S. 2105, reintroduced in revised form as S. 3414), recommendations from a House Republican task force, and a proposal by the Obama Administration. They differed in approach, with S. 2105 proposing the most extensive regulatory framework and organizational changes, and the task force recommendations focusing more on incentives for improving private-sector cybersecurity. An alternative to S. 2105 and S. 3414, S. 3342 (a refinement of S. 2151), did not include enhanced regulatory authority or new federal entities, but did include cybercrime provisions. S. 3414 was debated in the Senate but failed two cloture votes.
Several narrower House bills would address some of the issues raised and recommendations made by the House task force. Four passed the House in 2012 but were not considered by the Senate. They were reintroduced in passed the House again, with some amendments, in April 2013:
· Cyber Intelligence Sharing and Protection Act (H.R. 624), which focuses on information sharing and coordination, including sharing of classified information;
· Cybersecurity Enhancement Act of 2013 (H.R. 756), which addresses federal cybersecurity R&D and the development of technical standards;
· Advancing America's Networking and Information Technology Research and Development Act of 2013 (H.R. 967), which addresses R&D in networking and information technology, including but not limited to security; and
· Federal Information Security Amendments Act of 2012 (H.R. 1163), which addresses FISMA reform.
Now it is up to the Senate to act. This issue is too important to let attempts to find the perfect bill prevent us from taking good, significant steps in the right direction. There is much that everyone agrees on. We should at least do those things and agree to continue to work on issues where we may have differences. Our country's security and economy depend on taking action now.