House Passes McCaul-Lipinski Cybersecurity Enhancement Act to Secure Federal Networks, Critical Infrastructure and America's Competitive Edge

May 7, 2012

The U.S. House passed The Cybersecurity Enhancement Act, taking an essential step toward securing our federal computer networks and critical infrastructure, while helping to protect businesses and individuals from cybercrime. H.R. 2096, introduced by Congressman MichaelMcCaul (R-TX) and co-sponsored by Congressman Dan Lipinski (D-IL), passed the House 395-10.

“If agents of a foreign government broke into the Pentagon and stole top-secret documents from filing cabinets it simply would not be tolerated, yet this is what happens every day in the virtual world,” said Congressman McCaul, Chairman of the Homeland Security Oversight & Investigations Subcommittee. “China has already stolen critical design and electronics information for the F-35 Joint Strike Fighter, allowing them not only to copy the plane, but to guard against it as well. Thatbreach is a direct threat to our national security, the safety of the American people and our interests abroad. Hardening our networks against espionage must be a top priority,” added Rep. McCaul, who is also a member of the Speaker’s Cyber Taskforce and co-founder and co-chairman of the Congressional Cybersecurity Caucus.

“Cybercrime poses an enormous and under-recognized threat to America’s national security, economy, businesses, and households,” said Rep. Lipinski, the Research and Science Education Subcommittee Ranking Member, who introduced the Cybersecurity Enhancement Act in the 111th Congress. “This bipartisan bill will help eliminate the shortfall of skilled cybersecurity professionals and develop the technologies we need to defend our infrastructure, industry, and the public from cybercrime. Foreign countries as well as international criminal organizations have penetrated the computer defenses of military contractors, government agencies, and financial and other companies whose systems control critical infrastructure. Intellectual property theft by hackers based in China now constitutes a new form of trade war that blunts America’s competitive edge. Yesterday, the Homeland Security Committee heard from witnesses about Iran’s development of a ‘cyber army.’ Meanwhile, identity theft is a growth industry costing $50 billion annually. I urge the Senate to follow the lead of the House and quickly pass this legislation for the sake of the American people.”

An October 2011 report to Congress on foreign economic collection and industrial espionage states it is part of China and Russia’s national policy to try to identify and steal sensitive technology to blunt America’s competitive edge and bolster their own economic growth.

The McCaul-Lipinski bill will help harden federal networks, spur research and development, build ourAmerican cyber workforce and enable the government, universities and private sector to collaborate more easily on cybersecurity R&D.

“These important bills will help promote more security and reliability in our networks while safeguarding consumers' rights and information," Christopher Padilla, Vice President, IBM Governmental Programs, said of the McCaul-Lipinski legislation and three other cyber bills before the House.

The U.S. Chamber of Commerce calls the McCaul-Lipinski bill “an important step toward improving federal cybersecurity R&D activities to improve the security, reliability, and resilience of America’s digital infrastructure in partnership with industry.”

The Cybersecurity Enhancement Act incorporates several key recommendations of the Center for Strategic and International Studies’ (CSIS) Commission on Cybersecurity for the 44th President, which Congressman McCaul co-chaired. The commission presented the report Securing Cyberspace for the 44th Presidencyto President Obama detailing recommendations for securing government networks and critical infrastructure.

The bill:

Improves R&D: Requires a strategic plan to guide federal cybersecurity research and development and reauthorizes cybersecurity research and development programs.

Develops the skilled cybersecurity workforce needed by both government and the private sector: Creates cybersecurity scholarship programs at NSF that can be repaid with federal service and reauthorizes cybersecurity fellowship grants and training for graduate students.

Improves coordination outside of government: Creates a federal-university-private-sector task force to coordinate research and development between the public and private sectors.

Improves coordination in government: Gives the National Institute of Standards and Technology the authority to set security standards for federal computer systems and develop automated checklists for agencies to follow.

Improves computer hygiene: Creates an education and awareness program, which the NSA says would help remedy the majority of vulnerabilities we face.

Sets forth procurement standardsfor hardware and software that will minimize security risks and have a ripple effect on the private sector.

Congressional hearings on cybersecurity have revealed most federal agencies have been hacked into, and that the federal government is under threat of cyber attack on a daily basis. Many attacks are classified as espionage, with foreign countries stealing government information. One data dump was equivalent in size to the Library of Congress. Other attacks are believed to have been attempts to shut down federal networks and cause harm.