House Science Committee Passes Two Cybersecurity Bills, Debates Sequester

Committee members debated research funding levels when discussing a manager’s amendment to the Cybersecurity Enhancement Act by Chairman Lamar Smith, R-Texas. The amendment, which ultimately passed, reauthorizes NSF research grants at current spending levels for three years. Democrats on the committee voiced their support for the amendment, but said the funding levels should be higher -- despite the sequester -- as Congress asks the NSF to tackle cybersecurity issues. “Addressing this issue will not be easy, and it will not be cheap, but it is absolutely necessary,” said Ranking Member Eddie Bernice Johnson, D-Texas. “We can’t continually tell our agencies to do important work like this” without increasing their resources, she continued.

The allocation of resources should match the severity of the threats, said Rep. Daniel Lipinski, D-Ill., who authored the act with Rep. Michael McCaul, R-Texas, chair of the Homeland Security Committee. “I believe that we face the possibility of a cyber Pearl Harbor,” and research funding should reflect that possibility, he said. Rep. Dan Maffei, D-N.Y., agreed, saying Congress “might be pennywise but pound foolish not to invest more” in cybersecurity efforts, considering how serious the threats are. “This sequester … threatens to hurt our capabilities in fighting cybersecurity,” said Rep. Eric Swalwell, D-Calif.: The strategic plan required in the bill “should examine the effects of the ongoing federal pay freeze and the sequester” on the nation’s cybersecurity capabilities. Because the sequester is “so indiscriminate and across the board,” programs that shouldn’t be sacrificed suffer cuts, he continued. “I think it’s clear, based on where the national security threat is, where we should be putting our money,” he said, suggesting that federal spending cuts be directed at agricultural subsidies instead.

Rep. Paul Broun, R-Ga., objected to discussions about the sequester. “I keep hearing from my Democrat colleagues blame placed on the Republican side,” but President Barack Obama gave the U.S. the sequester, he said. “Let’s just put our big boy pants on and go forward” to keep the nation safe from cybersecurity threats and the threats to the country’s economy. “Regardless of how we got here, we are here,” responded Johnson, asking her colleagues to “put our nation’s security ahead of” the politics surrounding how the sequester originated.

It would be foolish to borrow money from China to finance cybersecurity efforts so that the country can protect itself from China, Rep. Dana Rohrabacher, R-Calif., said. Then, that funding would go to American research institutions, where foreign-born students -- including students from China -- can use the government-funded resources to gain knowledge about cybersecurity which they can then use against the U.S., he continued, calling China “the world’s worst human rights abuser."

Committee members disagreed on an amendment proposed by Rep. Scott Peters, D-Calif., that would have directed NIST to work with members of the private sector to develop “a framework of standards and best practices to reduce cybersecurity risk to critical infrastructure.” McCaul said Peters’ amendment “lacks specifity” as to how NIST would collaborate with industry members. Peters agreed to withdraw the amendment and work with McCaul on more specific language. Rohrabacher said he would introduce an amendment to the Rules Committee that would prevent federal funding provided by this bill from being used to educate foreign-born students from countries that are considered cybersecurity and national defense threats.

The committee adopted an amendment proposed by Rep. Ami Bera, D-Calif., that requires the strategic plan to include a description of how the Networking and Information Technology Research and Development Program will prepare veterans to work in federal cybersecurity. “We can both protect ourselves and our returning heroes” with this amendment, Bera said. The committee also adopted an amendment from Rep. Derek Kilmer, D-Wash., that encourages public-private partnerships in cybersecurity-related higher education and an amendment from Rep. Frederica Wilson, D-Fla., that requires the NSF and NIST directors to develop a foundation dedicated to cybersecurity studies. The research from that foundation “will go a long way toward developing a science of cybersecurity,” she said. “This in turn will do a great deal to keep our businesses profitable and our citizens safe.” Additionally, the committee adopted three amendments from Rep. Alan Grayson, D-Fla.: one that explicitly adds females to the list of individuals who can be considered for Federal Cyber Scholarships for Service, one that explicitly adds community colleges to the institutions eligible for Federal Cyber Scholarship for Service grants, and one that asks NIST to “conduct research into improving the security and integrity of the information technology supply chain."

The committee also passed the Advancing America’s Networking Information Technology Research and Development Act with an amendment from McCaul to add the Department of Homeland Security to the list of agencies included in the bill’s annual report, because “the underlying act was written before DHS existed.” The committee additionally passed an amendment from Grayson to direct the National High-Performance Computing Program to focus on physical computing elements. Cybersecurity is “also rooted in the real world, with physical vulnerabilities to terrorism and natural disasters,” he said. “We need research on how to make these systems more resilient and reliable.” The committee also adopted an amendment from Rep. Larry Buschon, R-Ind., to direct the interagency working group created by the bill to determine how federal science agencies could better use cloud computing services and an amendment from Johnson that updates the bill to reflect “the current landscape in the area of cyberphysical systems research.”