House Plans Two Cybersecurity Markups Ahead of Cyberweek
House lawmakers will hit the ground running with two cybersecurity markups upon their return from the congressional spring recess. Both the House Homeland Security and Oversight committees plan to mark up cybersecurity bills Wednesday as GOP leaders gin up support for its upcoming “cyberweek,” committee aides told us Friday. Meanwhile, Rep. Bob Goodlatte, R-Va., will delay the introduction of his legislation to update and reform the Computer Fraud and Abuse Act (CFAA), a Judiciary Committee aide told us.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The House Homeland Security Committee plans to mark up HR-3674, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PrECISE) Act on Wednesday at 10 a.m., said spokesman for the bill’s author Dan Lungren, R-Calif. Homeland Security Committee Chairman Peter King, R-N.Y., is “working to ensure that the legislation that comes out of the full committee has as much consensus as possible while also preserving the elements that we believe are essential,” according to a committee aide.
The PrECISE Act aims to name the Department of Homeland Security (DHS) as the lead agency to coordinate the response to national cyberthreats. The bill also would create a new non-governmental organization called the National Information Sharing Organization (NISO) to increase information sharing between the public and private sectors, and it aims to boost voluntary incentives for private companies to secure U.S. networks (CD Dec 7 p15). Lungren introduced the bill in December and the subcommittee unanimously approved it in February (CD Feb 2 p8).
Also on Wednesday, the House Oversight Committee plans to mark up HR-4257, the Federal Information Security Amendments Act, a committee aide told us without specifying the timing or the location of the markup. The bill, which was introduced last month by committee Chairman Darrell Issa, R-Calif., aims to ensure greater security of government IT systems by increasing automated and continuous monitoring of cybersecurity threats.
Goodlatte and House Judiciary Chairman Lamar Smith, R-Texas, “need more time” to develop their planned bill to update the protections of the CFAA, a committee spokeswoman said. “Based on the new issues presented this week by the decision in the 9th Circuit case United States v. Nosal, the Chairman and Mr. Goodlatte decided that industry groups, members, and all other stakeholders need more time to understand the implications of that decision in order to determine how best to structure the bill.”
The CFAA does not extend to violations of corporate use restrictions, the 9th U.S. Circuit Court of Appeals ruled last week (http://xrl.us/bm3om5). The court ruled that an employee did not violate the CFAA when he exceeded the access permissions to a protected company computer with the intent to defraud and steal valuable proprietary information from the company.
The court said that its interpretation of the CFAA is intentionally narrow “so that Congress will not unintentionally turn ordinary citizens into criminals.” The “general purpose” of the CFAA is to punish hacking, the court said, and the law is “limited to violations of restrictions on access to information, and not restrictions on its use.”
House Commerce Manufacturing Subcommittee Chairman Mary Bono Mack, R-Calif., has no immediate plans to schedule a markup of her cybersecurity bill, the SECURE IT Act, a subcommittee spokesman told us. At this point the chairman is “waiting for some direction from leadership,” he said. A spokeswoman for House Majority Leader Eric Cantor, R-Va., offered little guidance on the exact schedule for the upcoming cyberweek, which she described as “pretty fluid.”