Cybersecurity R&D Bill Draws Heat on Amendment Limits, Cost
The substance of a cybersecurity bill and more than two dozen amendments offered on the House floor Wednesday drew little controversy. But that’s because Democrats pushed through a rule for floor debate so restrictive that Republicans couldn’t target several parts of the bill for amendments, especially on cost controls, the bill’s chief antagonist said. Approved amendments included ensuring minorities are considered for cybersecurity training and workforce programs, focusing educational efforts in areas with new broadband deployment, and studying how to better detect intellectual-property piracy. A request for recorded votes on several amendments left the bill in limbo at our deadline.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The Cybersecurity Enhancement Act (HR-4061), approved last fall by the House Science and Technology Committee (WID Nov 19 p6), would authorize $959 million toward increased cybersecurity through FY 2014. That includes $396 million for National Science Foundation cybersecurity research grants, $94 million for NSF “scholarships for service,” $30 million for National Institute of Standards and Technology programs to develop standards, and $1 million for a NIST cybersecurity task force. The Congressional Budget Office estimated implementation would cost $639 million through 2014.
Improving cybersecurity is “the Manhattan Project of our generation,” said Rep. Michael Arcuri, D-N.Y., sponsor of the Rules Committee resolution that set parameters for debate. “Nearly every high-school hacker has the potential to threaten our unfettered use of the Internet,” not to mention the damage done from cyber attacks traced to China against such companies as Lockheed Martin that work on sensitive military contracts, he said. Hackers also defaced 49 House websites with criticisms of President Barack Obama following his State of the Union address last week. Yet the vast majority of breaches could be prevented through proper training such as “boot camp” programs, one of the aims of the bill, Arcuri said.
"Nothing is going to matter if we don’t get our fiscal house in order,” said Rep. Virginia Foxx, R-N.C., saying Democrats’ focus should be on economic woes. Foxx said she’s troubled by language in HR-4061 authorizing “such sums as may be necessary” for cybersecurity and enshrining annual increases: “Congress should be tightening its own belt,” not handing out “blank checks.” A proposed amendment by Rep. Pete Sessions, R-Texas, that would freeze 2011 authorization levels for three years, was blocked from consideration in Rules, one of 13 rejected for debate, Foxx said.
"This is not a partisan bill,” Arcuri said, noting strong bipartisan support at the committee. But it is a partisan rule, Foxx replied, and furthers the trend of rising spending under Democratic leadership. “The Democrats in charge have absolutely no concept of the value of money or how to meet a budget.” It’s telling that Foxx neglected to mention how much debt accumulated under President George W. Bush and a Republican majority, Arcuri said. The bill will address what Director of National Intelligence Dennis Blair has called cyber attacks on an “unprecedented scale with extraordinary sophistication,” by using public-private partnerships between agencies such as an Air Force research lab in Arcuri’s district, universities and businesses, he said. Arcuri’s resolution to set limits on debate passed the House 237-176.
Rep. Ralph Hall, R-Texas, said the bill makes “modest but important changes” and, crucially, avoids creating new “regulatory” activities over private-sector cybersecurity efforts. Fellow Texas Republican Michael McCaul, co-chairman of the House Cybersecurity Caucus, said the bill would help stop “data dumps the size of the Library of Congress” to foreign nations that he said he couldn’t name on the House floor.
The 25 amendments allowed for consideration under the Rules resolution drew little argument and all passed on voice votes, though sponsors for several asked for recorded votes. One by Rep. Alcee Hastings, D-Fla., would address “gender and racial disparities” in the cybersecurity industry, requiring funded programs to describe their outreach to minorities and include “minority-serving institutions” on the Cybersecurity University-Industry Task Force. Science and Technology Chairman Bart Gordon, D-Tenn., offered one to let scholarship recipients seek internships in the private sector. NSF grants couldn’t be distributed through earmarks under an amendment by Rep. Jeff Flake, R-Ariz. “We've seen in the past time and time and time again” that grants intended to be awarded on a “merit-reviewed competitive basis” often aren’t, he said.
One potential flash point in debate, concerning IP piracy, didn’t materialize. Rep. Jim Matheson, D-Utah, offered an amendment requiring NSF to study ways to improve detection, investigation and prosecution of cybercrimes such as piracy, crimes against children and organized crime. But speaking on the floor, Matheson neglected to refer to piracy as a focus of the bill. He also didn’t call for a recorded vote. “Intellectual property” in this context could refer not only to exfiltrated corporate data but also copyrighted materials made available on file-sharing networks.
Other amendments would explicitly refer to community colleges as partnering institutions; direct NIST to develop a cybersecurity framework for states; include international cooperation “where appropriate” in cybersecurity plans; and emphasize that education efforts should focus on “novice,” young and old, low-income and other populations new to broadband. They would also consider expanding temporary assignments of private cybersecurity professionals to federal agencies; consider veteran status in awarding scholarships; “enhance the existing cybersecurity workforce assessment by including contractors”; and direct the comptroller general to examine weaknesses in existing cybersecurity infrastructure.