By: Mickey McCarter
The House Homeland Security Committee passed a stripped down version of its leading cybersecurity bill Wednesday, sparking lengthy protests from Democrats and regrets from its Republican sponsor.
The version of the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PRECISE) Act of 2011 (HR 3674) was substantially different than the version passed by the Homeland Security cybersecurity subcommittee, chaired by Rep. Dan Lungren (R-Calif.), on Feb. 1.
With a great deal of disappointment, Lungren substituted a bill that only authorized the cybersecurity activities of the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security (DHS) and abandoned the concept of a National Information Sharing Organization to oversee the protection of information systems for US critical infrastructure.
In a long and grinding markup hearing, Lungren explained the scaling back of the bill as a reality necessary to produce a bill that the whole House of Representatives would support. House leadership informed Lungren and other top Republicans on the committee that it would not support the original version of the PRECISE Act because of rising Republican opposition to any cybersecurity regulation of the private sector in the face of arguments against business regulations in the Senate led by Sen. John McCain (R-Ariz.) against the Cybersecurity Act (S 2105).
Under relentless objections led by Rep. Bennie Thompson (D-Miss.), ranking member of the House Homeland Security Committee, Lungren time and again expressed his regret that he could not endorse his own bill, as passed by his subcommittee on Feb. 1.
"Since that time, certain things have occurred," Lungren remarked.
With the rise of the debate over cybersecurity legislation in the Senate, House leadership has changed its stance from endorsing comprehensive cybersecurity legislation as envisioned by its Cybersecurity Task Force last year, and instead it has embraced a scaled back vision advocated by McCain in his Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology (SECURE IT) Act (S. 2151).
The House intends to bring up a vote on cybersecurity legislation, such as the PRECISE Act, as early as next week.
In the face of growing opposition to cybersecurity regulations, Lungren and Rep. Peter King (R-NY), committee chairman, concluded that the jurisdiction of the Homeland Security Committee was at stake. With eight other House committees vying for homeland security oversight, the Homeland Security Committee could face losing its position, should it not produce effective legislation that strengthens DHS, Lungren lamented. Both Republicans and Democrats have failed to date to consolidate DHS oversight under the Homeland Security Committee.
"I would acknowledge this is a slimmed-down version of the bill we presented in the subcommittee. I wish it were not so, but the reality of the situation is that it is what is required for us to move forward," Lungren commented.
But Thompson, who lent his support to the original PRECISE Act, was not appeased. Cybersecurity legislation must address vulnerabilities in critical infrastructure by promulgating cybersecurity standards, Thompson insisted. It should further strengthen information sharing on cybersecurity threats between the public and private sectors and authorize DHS to act as the lead on cybersecurity issues for civilian federal agencies.
"Unfortunately, this 'substitute' -- which was devised behind closed doors with House Republican leadership -- bears little resemblance to the measure that the cybersecurity subcommittee approved in February," Thompson protested. "While I did not think the February version of the bill was perfect, it took a number of steps in the right direction and would have measurably strengthened our nation's cybersecurity posture."
"This substitute does little to address known risks to critical infrastructure. It replaces the value judgment of dozens of current and former top national security officials with the narrow view of the House Republican leadership," he continued.
Thompson rallied Democrats in an attempt to expand the scope of the PRECISE Act to its original language, which would have provided a process for establishing business standards for cybersecurity.
The revised PRECISE Act, while it authorizes DHS activities to lead cybersecurity efforts among civilian federal agencies, does little to protect national cyberassets, Thompson said. DHS provides no true cybersecurity leadership under the proposal, he said.
The act would authorize the activities of the NCCIC to protect federal information systems. Amendments introduced by Rep. Michael McCaul (R-Texas) and adopted by the committee would authorize DHS to speed the roll out of the Einstein intrusion detection system to federal agencies and would authorize DHS to provide cybersecurity training to state and local governments.
The bill also would establish a board of advisors to the homeland security secretary on NCCIC operations. The board would consist of 13 representatives from the private sector, with 11 different critical infrastructure owners and operators, privacy experts, and the chairman of the National Council of Information Sharing and Analysis Centers.
The committee accepted a Democratic amendment from Rep. Janice Hahn (D-Calif.) to empower the DHS chief privacy officer to review and audit DHS cybersecurity efforts with respect to protecting the privacy and civil liberties of Americans.
"We must carefully balance the importance of cybersecurity with Americans' right to privacy," Hahn said in a statement. "My amendment is a common sense step to ensure the federal government is acting transparently and properly addressing the concerns of Americans in this age of digital information."
She added, "I appreciate the committee's support and willingness to work with me on these issues. Cybersecurity is a growing threat, as demonstrated by recent breaches in security in both the public and private sectors. However, there is no reason we cannot increase security while upholding the value of individual privacy that both Republicans and Democrats support."
The committee also accepted an amendment from Rep. Cedric Richmond (D-La.) to specifically place a representative from the chemical sector of critical infrastructure to the advisory board, expanding its number of critical infrastructure sector representatives from 10 to 11.
The American Chemistry Council (ACC) issued a statement endorsing Richmond's amendment.
"Cybersecurity is a critical issue for the chemical industry, and we appreciate the efforts of the members of the House Committee on Homeland Security to advance legislation that allows our industry to continue to take an active role on enhancing cybersecurity for chemical facilities," the ACC said.
"ACC supports cybersecurity initiatives that promote the free flow of commerce and economic growth, while protecting critical cyber systems and the privacy of information. The chemical industry is currently regulated for cybersecurity under the Chemical Facility Anti-Terrorism Standards issued by the DHS, and we believe the bill as amended will help ensure our industry's efforts on cybersecurity will be harmonized with other critical sectors of the nation's economy."
http://www.hstoday.us/home.html
The House Homeland Security Committee passed a stripped down version of its leading cybersecurity bill Wednesday, sparking lengthy protests from Democrats and regrets from its Republican sponsor.
The version of the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PRECISE) Act of 2011 (HR 3674) was substantially different than the version passed by the Homeland Security cybersecurity subcommittee, chaired by Rep. Dan Lungren (R-Calif.), on Feb. 1.
With a great deal of disappointment, Lungren substituted a bill that only authorized the cybersecurity activities of the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security (DHS) and abandoned the concept of a National Information Sharing Organization to oversee the protection of information systems for US critical infrastructure.
In a long and grinding markup hearing, Lungren explained the scaling back of the bill as a reality necessary to produce a bill that the whole House of Representatives would support. House leadership informed Lungren and other top Republicans on the committee that it would not support the original version of the PRECISE Act because of rising Republican opposition to any cybersecurity regulation of the private sector in the face of arguments against business regulations in the Senate led by Sen. John McCain (R-Ariz.) against the Cybersecurity Act (S 2105).
Under relentless objections led by Rep. Bennie Thompson (D-Miss.), ranking member of the House Homeland Security Committee, Lungren time and again expressed his regret that he could not endorse his own bill, as passed by his subcommittee on Feb. 1.
"Since that time, certain things have occurred," Lungren remarked.
With the rise of the debate over cybersecurity legislation in the Senate, House leadership has changed its stance from endorsing comprehensive cybersecurity legislation as envisioned by its Cybersecurity Task Force last year, and instead it has embraced a scaled back vision advocated by McCain in his Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology (SECURE IT) Act (S. 2151).
The House intends to bring up a vote on cybersecurity legislation, such as the PRECISE Act, as early as next week.
In the face of growing opposition to cybersecurity regulations, Lungren and Rep. Peter King (R-NY), committee chairman, concluded that the jurisdiction of the Homeland Security Committee was at stake. With eight other House committees vying for homeland security oversight, the Homeland Security Committee could face losing its position, should it not produce effective legislation that strengthens DHS, Lungren lamented. Both Republicans and Democrats have failed to date to consolidate DHS oversight under the Homeland Security Committee.
"I would acknowledge this is a slimmed-down version of the bill we presented in the subcommittee. I wish it were not so, but the reality of the situation is that it is what is required for us to move forward," Lungren commented.
But Thompson, who lent his support to the original PRECISE Act, was not appeased. Cybersecurity legislation must address vulnerabilities in critical infrastructure by promulgating cybersecurity standards, Thompson insisted. It should further strengthen information sharing on cybersecurity threats between the public and private sectors and authorize DHS to act as the lead on cybersecurity issues for civilian federal agencies.
"Unfortunately, this 'substitute' -- which was devised behind closed doors with House Republican leadership -- bears little resemblance to the measure that the cybersecurity subcommittee approved in February," Thompson protested. "While I did not think the February version of the bill was perfect, it took a number of steps in the right direction and would have measurably strengthened our nation's cybersecurity posture."
"This substitute does little to address known risks to critical infrastructure. It replaces the value judgment of dozens of current and former top national security officials with the narrow view of the House Republican leadership," he continued.
Thompson rallied Democrats in an attempt to expand the scope of the PRECISE Act to its original language, which would have provided a process for establishing business standards for cybersecurity.
The revised PRECISE Act, while it authorizes DHS activities to lead cybersecurity efforts among civilian federal agencies, does little to protect national cyberassets, Thompson said. DHS provides no true cybersecurity leadership under the proposal, he said.
The act would authorize the activities of the NCCIC to protect federal information systems. Amendments introduced by Rep. Michael McCaul (R-Texas) and adopted by the committee would authorize DHS to speed the roll out of the Einstein intrusion detection system to federal agencies and would authorize DHS to provide cybersecurity training to state and local governments.
The bill also would establish a board of advisors to the homeland security secretary on NCCIC operations. The board would consist of 13 representatives from the private sector, with 11 different critical infrastructure owners and operators, privacy experts, and the chairman of the National Council of Information Sharing and Analysis Centers.
The committee accepted a Democratic amendment from Rep. Janice Hahn (D-Calif.) to empower the DHS chief privacy officer to review and audit DHS cybersecurity efforts with respect to protecting the privacy and civil liberties of Americans.
"We must carefully balance the importance of cybersecurity with Americans' right to privacy," Hahn said in a statement. "My amendment is a common sense step to ensure the federal government is acting transparently and properly addressing the concerns of Americans in this age of digital information."
She added, "I appreciate the committee's support and willingness to work with me on these issues. Cybersecurity is a growing threat, as demonstrated by recent breaches in security in both the public and private sectors. However, there is no reason we cannot increase security while upholding the value of individual privacy that both Republicans and Democrats support."
The committee also accepted an amendment from Rep. Cedric Richmond (D-La.) to specifically place a representative from the chemical sector of critical infrastructure to the advisory board, expanding its number of critical infrastructure sector representatives from 10 to 11.
The American Chemistry Council (ACC) issued a statement endorsing Richmond's amendment.
"Cybersecurity is a critical issue for the chemical industry, and we appreciate the efforts of the members of the House Committee on Homeland Security to advance legislation that allows our industry to continue to take an active role on enhancing cybersecurity for chemical facilities," the ACC said.
"ACC supports cybersecurity initiatives that promote the free flow of commerce and economic growth, while protecting critical cyber systems and the privacy of information. The chemical industry is currently regulated for cybersecurity under the Chemical Facility Anti-Terrorism Standards issued by the DHS, and we believe the bill as amended will help ensure our industry's efforts on cybersecurity will be harmonized with other critical sectors of the nation's economy."
http://www.hstoday.us/home.html
