Report text available as:

(PDF provides a complete and accurate display of this text.) Tip?



111th Congress                                                   Report
                        HOUSE OF REPRESENTATIVES
 2d Session                                                     111-410

======================================================================



 
    PROVIDING FOR CONSIDERATION OF THE BILL (H.R. 4061) TO ADVANCE 
 CYBERSECURITY RESEARCH, DEVELOPMENT, AND TECHNICAL STANDARDS, AND FOR 
                             OTHER PURPOSES

                                _______
                                

  February 2, 2010.--Referred to the House Calendar and ordered to be 
                                printed

                                _______
                                

               Mr. Arcuri, from the Committee on Rules, 
                        submitted the following

                              R E P O R T

                      [To accompany H. Res. 1051]

    The Committee on Rules, having had under consideration 
House Resolution 1051, by a nonrecord vote, report the same to 
the House with the recommendation that the resolution be 
adopted.

                SUMMARY OF PROVISIONS OF THE RESOLUTION

    The resolution provides for consideration of H.R. 4061, the 
``Cybersecurity Enhancement Act of 2009,'' under a structured 
rule. The resolution waives all points of order against 
consideration of the bill except those arising under clause 9 
or 10 of rule XXI. The resolution provides 1 hour of general 
debate equally divided and controlled by the chair and ranking 
minority member of the Science and Technology Committee. The 
resolution provides that the amendment in the nature of a 
substitute recommended by the Science and Technology Committee 
now printed in the bill shall be considered as an original bill 
for the purpose of amendment and shall be considered as read. 
The resolution waives all points of order against the amendment 
in the nature of a substitute except those arising under clause 
10 of rule XXI. This waiver does not affect the point of order 
available under clause 9 of rule XXI (regarding earmark 
disclosure). The resolution further makes in order only those 
amendments printed in this report. The amendments made in order 
may be offered only in the order printed in this report, may be 
offered only by a Member designated in this report, shall be 
considered as read, shall be debatable for the time specified 
in this report equally divided and controlled by the proponent 
and an opponent, shall not be subject to amendment, and shall 
not be subject to a demand for division of the question. All 
points of order against the amendments except those arising 
under clause 9 or 10 of rule XXI are waived. The resolution 
provides one motion to recommit with or without instructions. 
The resolution provides that the Chair may entertain a motion 
that the Committee rise only if offered by the chair of the 
Science and Technology Committee or his designee. Finally, the 
resolution provides that the Chair may not entertain a motion 
to strike out the enacting words of the bill.

                         EXPLANATION OF WAIVERS

    Although the rule waives all points of order against 
consideration of the bill (except those arising under clause 9 
or 10 of rule XXI), the Committee is not aware of any points of 
order. The waiver is prophylactic.
    The waiver of all points of order (except those arising 
under clause 10 of rule XXI) against the amendment in the 
nature of a substitute includes a waiver of clause 7 of rule 
XVI regarding germaneness.

                            COMMITTEE VOTES

    The results of each record vote on an amendment or motion 
to report, together with the names of those voting for and 
against, are printed below:

Rules Committee Record Vote No. 307

    Date: February 2, 2010.
    Measure: H.R. 4061.
    Motion by: Mr. Dreier.
    Summary of motion: To make in order and provide the 
necessary waivers for an amendment by Rep. Sessions (TX), #3, 
which would maintain FY 2011 authorization levels in the bill 
for three years, instead of increasing them annually.
    Results: Defeated 2-8.
    Vote by Members: McGovern--Nay; Hastings (FL)--Nay; 
Matsui--Nay; Cardoza--Nay; Arcuri--Nay; Perlmutter--Nay; 
Pingree--Nay; Polis--Nay; Dreier--Yea; Foxx--Yea.

                  SUMMARY OF AMENDMENTS MADE IN ORDER

    1. Hastings, Alcee (FL), Rodriguez (TX): Would address the 
lack of minority representation in the cybersecurity industry--
including women and African-Americans, Hispanics, and Native 
Americans. The amendment adds language in Sec. 107 to describe 
how successful programs are engaging said minorities and in 
Sec. 108 to include minority-serving institutions on the 
Cybersecurity University-Industry Task Force. (10 minutes)
    2. Polis (CO): Would allow participants in the Federal 
Cyber Scholarship for Service program to seek out opportunities 
for internships, or other meaningful appointments, in the 
private sector. (10 minutes)
    3. Flake, Jeff (AZ): Would prohibit the earmarking of funds 
authorized for grants in the bill. (10 minutes)
    4. Matheson (UT): Would require the National Science 
Foundation to study ways to improve detection, investigation, 
and prosecution of cyber crimes including piracy of 
intellectual property, crimes against children, and organized 
crime. (10 minutes)
    5. Roskam (IL): Would strengthen the involvement of 
community colleges in the development and implementation of a 
national cybersecurity strategy. (10 minutes)
    6. Edwards, Donna (MD): Would direct NIST to work in 
cooperation with State, Federal, and private sector partners to 
develop a framework that States may follow in order to achieve 
effective cybersecurity practices in a timely and cost 
effective manner. (10 minutes)
    7. Paulsen (MN): Would include international cooperation 
where appropriate as part of the Cybersecurity Strategic 
Research and Development Plan. (10 minutes)
    8. Dahlkemper (PA): Would allow collaboration between and 
among community colleges, universities, and Manufacturing 
Extension Partnership Centers as an additional use for the 
Computer and Network Security Capacity Building Grants under 
the Cyber Security Research and Development Act. (10 minutes)
    9. Garamendi, John: Would provide for regional workshops as 
part of the Cybersecurity Awareness and Education program. (10 
minutes)
    10. McCarthy, Carolyn (NY), Kratovil (MD): Would emphasize 
that cybersecurity awareness and education efforts focus on 
novice computer users, young and elderly populations, low-
income populations, and populations in areas of planned 
broadband expansion or deployment. (10 minutes)
    11. Smith, Adam (WA): Would add ``job security clearance 
and suitability requirements'' to the issues that are to be 
considered in the cybersecurity workforce assessment. (10 
minutes)
    12. Langevin (RI): Would direct the Cybersecurity Workforce 
Assessment to examine expanding temporary assignments of 
private sector cybersecurity professionals to Federal agencies. 
(10 minutes)
    13. Sanchez, Loretta (CA): Would facilitate access to 
realistic threats and vulnerabilities for academic researchers 
during the development of the strategic plan in section 103 
Cybersecurity Strategic Research and Development Program. Would 
also amend section 108 Cybersecurity University-Industry Task 
Force to propose guidelines for the sharing of lessons learned 
of the effectiveness of new technologies from the private 
sector to the public sector. (10 minutes)
    14. Cuellar (TX): Would add to the Cybersecurity Strategic 
Research and Development plan a requirement to determine how to 
strengthen all levels of cybersecurity education and training 
programs to secure an adequate, well-trained workforce. (10 
minutes)
    15. Shea-Porter (NH): Would extend the service obligation 
for recipients of cybersecurity scholarships or fellowships on 
a sliding scale depending on the degree program. (10 minutes)
    16. Clarke (NY): Would enhance the existing cybersecurity 
workforce assessment by including contractors. (10 minutes)
    17. Bright (AL): Would require a National Academy of 
Sciences study on the role of community colleges in 
cybersecurity education. The study would also identify best 
practices related to cybersecurity education between community 
colleges and four-year educational institutions. (10 minutes)
    18. Connolly (VA): Would emphasize that promotion of 
cybersecurity education also must include ``children and young 
adults'' along with the other targeted audiences. (10 minutes)
    19. Halvorson (IL), Shea-Porter (NH): Would add veteran 
status as an additional item for consideration when selecting 
individuals for the Federal Cyber Scholarship for Service. (10 
minutes)
    20. Kilroy (OH): Would amend the Federal Cyber Scholarship 
for Service program to include support for outreach activities 
that will improve the recruitment of high school and community 
college students into cybersecurity-related fields. (10 
minutes)
    21. Kissell, Larry (NC): Would instruct the National 
Science Foundation Director to include language in its Computer 
and Network Security Capacity Building Grants mission statement 
highlighting importance of curriculum on the principles and 
techniques of designing secure software. (10 minutes)
    22. Kratovil (MD): Would instruct the Director of the 
National Science Foundation to establish, on a merit-reviewed 
and competitive basis, a National Center of Excellence for 
Cybersecurity as part of the Networking and Information 
Technology and Research Development Program. (10 minutes)
    23. Nye (VA): Would direct the Comptroller General to 
submit a report examining weaknesses within the current 
cybersecurity infrastructure. (10 minutes)
    24. Owens (NY): Would require the Cybersecurity Strategic 
Research and Development plan to include a component on 
technologies to secure sensitive information shared among 
Federal agencies. (10 minutes)
    25. Heinrich (NM): Would allow national laboratories to be 
included as stakeholders in the Cybersecurity Strategic 
Research and Development Plan. (10 minutes)

                 TEXT OF AMENDMENTS TO BE MADE IN ORDER

  1. An Amendment To Be Offered by Representative Hastings, Alcee of 
           Florida or His Designee, Debatable for 10 Minutes

  Page 21, line 4, strike ``and an'' and insert ``an''.
  Page 21, line 8, insert ``, and a description of how 
successful programs are engaging the talents of women and 
African-Americans, Hispanics, and Native Americans in the 
cybersecurity workforce'' after ``private sector''.
  Page 23, line 11, insert ``, and shall include 
representatives from minority-serving institutions'' after ``in 
cybersecurity''.
                              ----------                              


    2. An Amendment To Be Offered by Representative Polis, Jared of 
           Colorado or His Designee, Debatable for 10 Minutes

  Page 13, line 22, insert ``or, at the discretion of the 
Director, with appropriate private sector entities'' after 
``technology workforce''.
                              ----------                              


3. An Amendment To Be Offered by Representative Flake, Jeff of Arizona 
               or His Designee, Debatable for 10 Minutes

  Page 12, after line 25, insert the following new subsection:
  (h) Prohibition on Earmarks.--None of the funds appropriated 
under this section, and the amendments made by this section may 
be used for a Congressional earmark as defined in clause 9(d) 
of rule XXI of the Rules of the House of Representatives.
                              ----------                              


 4. An Amendment To Be Offered by Representative Matheson, Jim of Utah 
               or His Designee, Debatable for 10 Minutes

  Page 9, line 23, strike ``is amended'' and insert ``is 
amended--
          (1)''.
  Page 9, line 25, strike the period and insert ``; and''.
  Page 9, after line 25, insert the following new paragraph:
          (2) by amending subparagraph (I) to read as follows:
                  ``(I) enhancement of the ability of law 
                enforcement to detect, investigate, and 
                prosecute cyber-crimes, including crimes that 
                involve piracy of intellectual property, crimes 
                against children, and organized crime.''.
                              ----------                              


   5. An Amendment To Be Offered by Representative Roskam, Peter of 
           Illinois or His Designee, Debatable for 10 Minutes

  Page 8, line 20, insert ``and community colleges'' after 
``minority serving institutions''.
  Page 14, line 10, insert ``and community colleges'' after 
``minority serving institutions''.
  Page 21, line 6, insert ``, including community colleges,'' 
after ``institutions of higher education''.
  Page 23, line 10, insert ``, including community colleges,'' 
after ``institutions of higher education''.
                              ----------                              


   6. An Amendment To Be Offered by Representative Edwards, Donna of 
           Maryland or Her Designee, Debatable for 10 Minutes

  At the end of the bill, insert the following new section:

SEC. 205. PRACTICES AND STANDARDS.

  The National Institute of Standards and Technology shall work 
with other Federal, State, and private sector partners, as 
appropriate, to develop a framework that States may follow in 
order to achieve effective cybersecurity practices in a timely 
and cost effective manner.
                              ----------                              


   7. An Amendment To Be Offered by Representative Paulsen, Erik of 
          Minnesota or His Designee, Debatable for 10 Minutes

  Page 7, line 15, strike ``and''.
  Page 7, line 20, strike the period and insert ``; and''.
  Page 7, after line 20, insert the following new paragraph:
          (7) outline how the United States can work 
        strategically with our international partners on 
        cybersecurity research and development issues where 
        appropriate.
                              ----------                              


8. An Amendment To Be Offered by Representative Dahlkemper, Kathleen of 
         Pennsylvania or Her Designee, Debatable for 10 Minutes

  Page 12, after line 25, insert the following new subsection:
  (h) Computer and Network Security Capacity Building Grants--
Manufacturing Extension Partnership.--Section 5(a)(3) of the 
Cyber Security Research and Development Act (15 U.S.C. 
7404(a)(3)) is amended--
          (1) by striking ``and'' at the end of subparagraph 
        (I);
          (2) by redesignating subparagraph (J) as subparagraph 
        (K); and
          (3) by inserting after subparagraph (I) the following 
        new subparagraph:
                  ``(J) establishing or enhancing collaboration 
                in computer and network security between 
                community colleges, universities, and 
                Manufacturing Extension Partnership Centers; 
                and''.
                              ----------                              


  9. An Amendment To Be Offered by Representative Garamendi, John of 
          California or His Designee, Debatable for 10 Minutes

  Page 28, line 21, and page 29, line 1, redesignate 
subsections (b) and (c) as subsections (c) and (d), 
respectively.
  Page 28, after line 20, insert the following new subsection:
  (b) Workshops.--In carrying out activities under subsection 
(a)(1), the Institute is authorized to host regional workshops 
to provide an overview of cybersecurity risks and best 
practices to businesses, State, local, and tribal governments, 
and educational institutions.
                              ----------                              


 10. An Amendment To Be Offered by Representative McCarthy, Carolyn of 
           New York or Her Designee, Debatable for 10 Minutes

  Page 28, line 20, insert ``, especially with respect to 
novice computer users, elderly populations, low-income 
populations, and populations in areas of planned broadband 
expansion or deployment'' after ``educational institutions''.
                              ----------                              


    11. An Amendment To Be Offered by Representative Smith, Adam of 
          Washington or His Designee, Debatable for 10 Minutes

  Page 21, line 21, insert ``job security clearance and 
suitability requirements,'' after ``job classification,''.
                              ----------                              


  12. An Amendment To Be Offered by Representative Langevin, James of 
         Rhode Island or His Designee, Debatable for 10 Minutes

  Page 21, line 25, insert ``, including recommendations on the 
temporary assignment of private sector cybersecurity 
professionals to Federal agencies'' after ``cybersecurity 
workforce''.
                              ----------                              


 13. An Amendment To Be Offered by Representative Sanchez, Loretta of 
          California or Her Designee, Debatable for 10 Minutes

  Page 7, line 15, insert ``representing realistic threats and 
vulnerabilities'' after ``event data''.
  Page 23, line 2, strike ``rights and'' and insert 
``rights,''.
  Page 23, line 3, insert ``, and for the sharing of lessons 
learned on the effectiveness of new technologies from the 
private sector with the public sector'' after ``private 
sector''.
                              ----------                              


  14. An Amendment To Be Offered by Representative Cuellar, Henry of 
            Texas or His Designee, Debatable for 10 Minutes

  Page 7, line 15, strike ``and''.
  Page 7, line 20, strike the period and insert ``; and''.
  Page 7, after line 20, insert the following new paragraph:
          (7) describe how the Program will strengthen all 
        levels of cybersecurity education and training programs 
        to ensure an adequate, well-trained workforce.
                              ----------                              


15. An Amendment To Be Offered by Representative Shea-Porter, Carol of 
        New Hampshire or Her Designee, Debatable for 10 Minutes

  Page 15, line 11, strike ``equal to the length of the 
scholarship'' and insert ``as provided in paragraph (5)''.
  Page 15, after line 24, insert the following new paragraph:
          (5) Length of service.--The length of service 
        required in exchange for a scholarship under this 
        subsection shall be as follows:
                  (A) For a recipient in a bachelor's degree 
                program, 1 year more than the number of years 
                for which the scholarship was received.
                  (B) For a recipient in a Master's degree 
                program, 2 years more than the number of years 
                for which the scholarship was received.
                  (C) For a recipient in a doctorate degree 
                program, 3 years more than the number of years 
                for which the scholarship was received.
                              ----------                              


16. An Amendment To Be Offered by Representative Clarke, Yvette of New 
             York or Her Designee, Debatable for 10 Minutes

  Page 20, line 24, insert ``the extent to which different 
agencies and departments rely on contractors to support the 
Federal cybersecurity workforce,'' after ``agencies and 
departments,''.
  Page 21, line 22, strike ``and''.
  Page 21, line 23, redesignate paragraph (5) as paragraph (6).
  Page 21, after line 22, insert the following:
          (5) a specific analysis of the capacity of the agency 
        workforce to manage contractors who are performing 
        cybersecurity work on behalf of the Federal Government; 
        and
                              ----------                              


   17. An Amendment To Be Offered by Representative Bright, Bobby of 
           Alabama or His Designee, Debatable for 10 Minutes

  Page 27, after line 7, insert the following new section:

SEC. 111. NATIONAL ACADEMY OF SCIENCES STUDY ON THE ROLE OF COMMUNITY 
                    COLLEGES IN CYBERSECURITY EDUCATION.

  Not later than 120 days after the date of enactment of this 
Act, the Director of the Office of Science and Technology 
Policy, in consultation with the Director of the National 
Coordination Office, shall enter into a contract with the 
National Academy of Sciences to conduct and complete a study to 
describe the role of community colleges in cybersecurity 
education and to identify exemplary practices and partnerships 
related to cybersecurity education between community colleges 
and four-year educational institutions.
                              ----------                              


 18. An Amendment To Be Offered by Representative Connolly, Gerald of 
           Virginia or His Designee, Debatable for 10 Minutes

  Page 28, line 12, insert ``, including among children and 
young adults,'' after ``public awareness''.
                              ----------                              


19. An Amendment To Be Offered by Representative Halvorson, Deborah of 
           Illinois or Her Designee, Debatable for 10 Minutes

  Page 15, line 2, strike ``need and to'' and insert ``need, 
to''.
  Page 15, line 5, insert before the period at the end of 
paragraph (2) ``, and to veterans. For purposes of this 
paragraph, the term ``veteran'' means a person who--
                  (A) served on active duty (other than active 
                duty for training) in the Armed Forces of the 
                United States for a period of more than 180 
                consecutive days, and who was discharged or 
                released therefrom under conditions other than 
                dishonorable; or
                  (B) served on active duty (other than active 
                duty for training) in the Armed Forces of the 
                United States and was discharged or released 
                from such service for a service-connected 
                disability before serving 180 consecutive days.
        For purposes of subparagraph (B), the term ``service-
        connected'' has the meaning given such term under 
        section 101 of title 38, United States Code.
                              ----------                              


  20. An Amendment To Be Offered by Representative Kilroy, Mary Jo of 
             Ohio or Her Designee, Debatable for 10 Minutes

  Page 14, line 10, strike ``and''.
  Page 14, line 12, strike the period and insert ``; and''.
  Page 14, after line 12, insert the following new 
subparagraph:
                  (D) outreach to secondary schools and 2-year 
                institutions to increase the interest and 
                recruitment of students into cybersecurity-
                related fields.
                              ----------                              


  21. An Amendment To Be Offered by Representative Kissell, Larry of 
        North Carolina or His Designee, Debatable for 10 Minutes

  Page 11, lines 9 and 10, strike ``Section 5(a)(6) of such Act 
(15 U.S.C. 7404(a)(6)) is amended to read as follows:'' and 
insert ``Section 5(a) of such Act (15 U.S.C. 7404(a)) is 
amended--
          (1) in paragraph (3)(A), by inserting ``, including 
        curriculum on the principles and techniques of 
        designing secure software'' after ``network security''; 
        and
          (2) by amending paragraph (6) to read as follows:
                              ----------                              


 22. An Amendment To Be Offered by Representative Kratovil, Jr., Frank 
         of Maryland or His Designee, Debatable for 10 Minutes

  Page 27, after line 7, insert the following new section:

SEC. 111. NATIONAL CENTER OF EXCELLENCE FOR CYBERSECURITY.

  (a) In General.--As part of the Program, the Director of the 
National Science Foundation shall, in coordination with other 
Federal agencies participating in the Program, establish a 
National Center of Excellence for Cybersecurity.
  (b) Merit Review.--The National Center of Excellence for 
Cybersecurity shall be awarded on a merit-reviewed, competitive 
basis.
  (c) Activities Supported.--The National Center of Excellence 
for Cybersecurity shall--
          (1) involve institutions of higher education or 
        national laboratories and other partners, which may 
        include States and industry;
          (2) make use of existing expertise in cybersecurity;
          (3) interact and collaborate with Computer and 
        Network Security Research Centers to foster the 
        exchange of technical information and best practices;
          (4) perform research to support the development of 
        technologies for testing hardware and software products 
        to validate operational readiness and certify stated 
        security levels;
          (5) coordinate cybersecurity education and training 
        opportunities nationally;
          (6) enhance technology transfer and commercialization 
        that promote cybersecurity innovation; and
          (7) perform research on cybersecurity social and 
        behavioral factors, including human-computer 
        interactions, usability, user motivations, and 
        organizational cultures.
                              ----------                              


23. An Amendment To Be Offered by Representative Nye, Glenn of Virginia 
               or His Designee, Debatable for 10 Minutes

  Page 27, after line 7, insert the following new section:

SEC. 111. CYBERSECURITY INFRASTRUCTURE REPORT.

  Not later than 1 year after the date of enactment of this 
Act, the Comptroller General shall transmit to the Congress a 
report examining key weaknesses within the current 
cybersecurity infrastructure, along with recommendations on how 
to address such weaknesses in the future and on the technology 
that is needed to do so.
                              ----------                              


  24. An Amendment To Be Offered by Representative Owens, Bill of New 
             York or His Designee, Debatable for 10 Minutes

  Page 6, line 24, insert ``, including technologies to secure 
sensitive information shared among Federal agencies'' after 
``digital infrastructure''.
                              ----------                              


 25. An Amendment To Be Offered by Representative Heinrich, Martin of 
          New Mexico or His Designee, Debatable for 10 Minutes

  Page 8, line 20, insert ``National Laboratories,'' after 
``minority serving institutions,''.