The House Science, Space and Technology Committee members are going down a familiar path to get cyber legislation into law.
The committee approved the Cybersecurity Enhancement Act of 2013 (H.R. 756) today as one of several bills expected over the next few months to improve how agencies protect their computer networks.
Rep. Mike McCaul (R-Texas), a co-sponsor of the legislation, hopes a third time is a charm for the bill to become law. The full House approved it twice before, last year by a vote of 395 to 10 and the previous year, 422 to 5.
“This act improves coordination in the government, providing for a strategic plan to assess the cybersecurity risk and guide the overall direction of federal cyber research and development,” McCaul said today during the committee’s markup. “Our federal networks are under cyber attack every day. This bill updates the National Institute of Standards and Technology’s responsibilities to develop security and procurement standards for the .gov computer systems to harden these federal networks against attack.”
Specifically, the bill calls for NIST to develop standards, reference materials and checklists for technologies and systems based on the risks, the number of agencies using the IT and the effectiveness of the standards.
McCaul said the bill also would establish a federal-university-private sector task force to coordinate R&D and reduce duplications.
H.R. 756 would require the White House to develop an assessment of the federal cyber workforce, including current and projected needs, analyze the sources available to hire workers and any barriers agencies face to recruit and hire cybersecurity experts.
McCaul said the bill also “continues much needed cybersecurity research and development programs at the National Science Foundation and NIST. Additionally, this bill promotes cybersecurity awareness and education throughout the country.”
Rep. Lamar Smith (R-Texas), the chairman of the committee, offered a manager’s amendment to the bill, making a few minor changes.
Among the changes is a requirement for the R&D agencies to “track ongoing and completed federal cybersrecurity R&D projects and make that information publicly available. For the last several years, the Government Accountability Office has recommended this requirement in order to make federal cyber R&D more transparent and ensure we do not duplicate efforts.”