[House Report 111-410]
[From the U.S. Government Publishing Office]
111th Congress Report
HOUSE OF REPRESENTATIVES
2d Session 111-410
======================================================================
PROVIDING FOR CONSIDERATION OF THE BILL (H.R. 4061) TO ADVANCE
CYBERSECURITY RESEARCH, DEVELOPMENT, AND TECHNICAL STANDARDS, AND FOR
OTHER PURPOSES
_______
February 2, 2010.--Referred to the House Calendar and ordered to be
printed
_______
Mr. Arcuri, from the Committee on Rules,
submitted the following
R E P O R T
[To accompany H. Res. 1051]
The Committee on Rules, having had under consideration
House Resolution 1051, by a nonrecord vote, report the same to
the House with the recommendation that the resolution be
adopted.
SUMMARY OF PROVISIONS OF THE RESOLUTION
The resolution provides for consideration of H.R. 4061, the
``Cybersecurity Enhancement Act of 2009,'' under a structured
rule. The resolution waives all points of order against
consideration of the bill except those arising under clause 9
or 10 of rule XXI. The resolution provides 1 hour of general
debate equally divided and controlled by the chair and ranking
minority member of the Science and Technology Committee. The
resolution provides that the amendment in the nature of a
substitute recommended by the Science and Technology Committee
now printed in the bill shall be considered as an original bill
for the purpose of amendment and shall be considered as read.
The resolution waives all points of order against the amendment
in the nature of a substitute except those arising under clause
10 of rule XXI. This waiver does not affect the point of order
available under clause 9 of rule XXI (regarding earmark
disclosure). The resolution further makes in order only those
amendments printed in this report. The amendments made in order
may be offered only in the order printed in this report, may be
offered only by a Member designated in this report, shall be
considered as read, shall be debatable for the time specified
in this report equally divided and controlled by the proponent
and an opponent, shall not be subject to amendment, and shall
not be subject to a demand for division of the question. All
points of order against the amendments except those arising
under clause 9 or 10 of rule XXI are waived. The resolution
provides one motion to recommit with or without instructions.
The resolution provides that the Chair may entertain a motion
that the Committee rise only if offered by the chair of the
Science and Technology Committee or his designee. Finally, the
resolution provides that the Chair may not entertain a motion
to strike out the enacting words of the bill.
EXPLANATION OF WAIVERS
Although the rule waives all points of order against
consideration of the bill (except those arising under clause 9
or 10 of rule XXI), the Committee is not aware of any points of
order. The waiver is prophylactic.
The waiver of all points of order (except those arising
under clause 10 of rule XXI) against the amendment in the
nature of a substitute includes a waiver of clause 7 of rule
XVI regarding germaneness.
COMMITTEE VOTES
The results of each record vote on an amendment or motion
to report, together with the names of those voting for and
against, are printed below:
Rules Committee Record Vote No. 307
Date: February 2, 2010.
Measure: H.R. 4061.
Motion by: Mr. Dreier.
Summary of motion: To make in order and provide the
necessary waivers for an amendment by Rep. Sessions (TX), #3,
which would maintain FY 2011 authorization levels in the bill
for three years, instead of increasing them annually.
Results: Defeated 2-8.
Vote by Members: McGovern--Nay; Hastings (FL)--Nay;
Matsui--Nay; Cardoza--Nay; Arcuri--Nay; Perlmutter--Nay;
Pingree--Nay; Polis--Nay; Dreier--Yea; Foxx--Yea.
SUMMARY OF AMENDMENTS MADE IN ORDER
1. Hastings, Alcee (FL), Rodriguez (TX): Would address the
lack of minority representation in the cybersecurity industry--
including women and African-Americans, Hispanics, and Native
Americans. The amendment adds language in Sec. 107 to describe
how successful programs are engaging said minorities and in
Sec. 108 to include minority-serving institutions on the
Cybersecurity University-Industry Task Force. (10 minutes)
2. Polis (CO): Would allow participants in the Federal
Cyber Scholarship for Service program to seek out opportunities
for internships, or other meaningful appointments, in the
private sector. (10 minutes)
3. Flake, Jeff (AZ): Would prohibit the earmarking of funds
authorized for grants in the bill. (10 minutes)
4. Matheson (UT): Would require the National Science
Foundation to study ways to improve detection, investigation,
and prosecution of cyber crimes including piracy of
intellectual property, crimes against children, and organized
crime. (10 minutes)
5. Roskam (IL): Would strengthen the involvement of
community colleges in the development and implementation of a
national cybersecurity strategy. (10 minutes)
6. Edwards, Donna (MD): Would direct NIST to work in
cooperation with State, Federal, and private sector partners to
develop a framework that States may follow in order to achieve
effective cybersecurity practices in a timely and cost
effective manner. (10 minutes)
7. Paulsen (MN): Would include international cooperation
where appropriate as part of the Cybersecurity Strategic
Research and Development Plan. (10 minutes)
8. Dahlkemper (PA): Would allow collaboration between and
among community colleges, universities, and Manufacturing
Extension Partnership Centers as an additional use for the
Computer and Network Security Capacity Building Grants under
the Cyber Security Research and Development Act. (10 minutes)
9. Garamendi, John: Would provide for regional workshops as
part of the Cybersecurity Awareness and Education program. (10
minutes)
10. McCarthy, Carolyn (NY), Kratovil (MD): Would emphasize
that cybersecurity awareness and education efforts focus on
novice computer users, young and elderly populations, low-
income populations, and populations in areas of planned
broadband expansion or deployment. (10 minutes)
11. Smith, Adam (WA): Would add ``job security clearance
and suitability requirements'' to the issues that are to be
considered in the cybersecurity workforce assessment. (10
minutes)
12. Langevin (RI): Would direct the Cybersecurity Workforce
Assessment to examine expanding temporary assignments of
private sector cybersecurity professionals to Federal agencies.
(10 minutes)
13. Sanchez, Loretta (CA): Would facilitate access to
realistic threats and vulnerabilities for academic researchers
during the development of the strategic plan in section 103
Cybersecurity Strategic Research and Development Program. Would
also amend section 108 Cybersecurity University-Industry Task
Force to propose guidelines for the sharing of lessons learned
of the effectiveness of new technologies from the private
sector to the public sector. (10 minutes)
14. Cuellar (TX): Would add to the Cybersecurity Strategic
Research and Development plan a requirement to determine how to
strengthen all levels of cybersecurity education and training
programs to secure an adequate, well-trained workforce. (10
minutes)
15. Shea-Porter (NH): Would extend the service obligation
for recipients of cybersecurity scholarships or fellowships on
a sliding scale depending on the degree program. (10 minutes)
16. Clarke (NY): Would enhance the existing cybersecurity
workforce assessment by including contractors. (10 minutes)
17. Bright (AL): Would require a National Academy of
Sciences study on the role of community colleges in
cybersecurity education. The study would also identify best
practices related to cybersecurity education between community
colleges and four-year educational institutions. (10 minutes)
18. Connolly (VA): Would emphasize that promotion of
cybersecurity education also must include ``children and young
adults'' along with the other targeted audiences. (10 minutes)
19. Halvorson (IL), Shea-Porter (NH): Would add veteran
status as an additional item for consideration when selecting
individuals for the Federal Cyber Scholarship for Service. (10
minutes)
20. Kilroy (OH): Would amend the Federal Cyber Scholarship
for Service program to include support for outreach activities
that will improve the recruitment of high school and community
college students into cybersecurity-related fields. (10
minutes)
21. Kissell, Larry (NC): Would instruct the National
Science Foundation Director to include language in its Computer
and Network Security Capacity Building Grants mission statement
highlighting importance of curriculum on the principles and
techniques of designing secure software. (10 minutes)
22. Kratovil (MD): Would instruct the Director of the
National Science Foundation to establish, on a merit-reviewed
and competitive basis, a National Center of Excellence for
Cybersecurity as part of the Networking and Information
Technology and Research Development Program. (10 minutes)
23. Nye (VA): Would direct the Comptroller General to
submit a report examining weaknesses within the current
cybersecurity infrastructure. (10 minutes)
24. Owens (NY): Would require the Cybersecurity Strategic
Research and Development plan to include a component on
technologies to secure sensitive information shared among
Federal agencies. (10 minutes)
25. Heinrich (NM): Would allow national laboratories to be
included as stakeholders in the Cybersecurity Strategic
Research and Development Plan. (10 minutes)
TEXT OF AMENDMENTS TO BE MADE IN ORDER
1. An Amendment To Be Offered by Representative Hastings, Alcee of
Florida or His Designee, Debatable for 10 Minutes
Page 21, line 4, strike ``and an'' and insert ``an''.
Page 21, line 8, insert ``, and a description of how
successful programs are engaging the talents of women and
African-Americans, Hispanics, and Native Americans in the
cybersecurity workforce'' after ``private sector''.
Page 23, line 11, insert ``, and shall include
representatives from minority-serving institutions'' after ``in
cybersecurity''.
----------
2. An Amendment To Be Offered by Representative Polis, Jared of
Colorado or His Designee, Debatable for 10 Minutes
Page 13, line 22, insert ``or, at the discretion of the
Director, with appropriate private sector entities'' after
``technology workforce''.
----------
3. An Amendment To Be Offered by Representative Flake, Jeff of Arizona
or His Designee, Debatable for 10 Minutes
Page 12, after line 25, insert the following new subsection:
(h) Prohibition on Earmarks.--None of the funds appropriated
under this section, and the amendments made by this section may
be used for a Congressional earmark as defined in clause 9(d)
of rule XXI of the Rules of the House of Representatives.
----------
4. An Amendment To Be Offered by Representative Matheson, Jim of Utah
or His Designee, Debatable for 10 Minutes
Page 9, line 23, strike ``is amended'' and insert ``is
amended--
(1)''.
Page 9, line 25, strike the period and insert ``; and''.
Page 9, after line 25, insert the following new paragraph:
(2) by amending subparagraph (I) to read as follows:
``(I) enhancement of the ability of law
enforcement to detect, investigate, and
prosecute cyber-crimes, including crimes that
involve piracy of intellectual property, crimes
against children, and organized crime.''.
----------
5. An Amendment To Be Offered by Representative Roskam, Peter of
Illinois or His Designee, Debatable for 10 Minutes
Page 8, line 20, insert ``and community colleges'' after
``minority serving institutions''.
Page 14, line 10, insert ``and community colleges'' after
``minority serving institutions''.
Page 21, line 6, insert ``, including community colleges,''
after ``institutions of higher education''.
Page 23, line 10, insert ``, including community colleges,''
after ``institutions of higher education''.
----------
6. An Amendment To Be Offered by Representative Edwards, Donna of
Maryland or Her Designee, Debatable for 10 Minutes
At the end of the bill, insert the following new section:
SEC. 205. PRACTICES AND STANDARDS.
The National Institute of Standards and Technology shall work
with other Federal, State, and private sector partners, as
appropriate, to develop a framework that States may follow in
order to achieve effective cybersecurity practices in a timely
and cost effective manner.
----------
7. An Amendment To Be Offered by Representative Paulsen, Erik of
Minnesota or His Designee, Debatable for 10 Minutes
Page 7, line 15, strike ``and''.
Page 7, line 20, strike the period and insert ``; and''.
Page 7, after line 20, insert the following new paragraph:
(7) outline how the United States can work
strategically with our international partners on
cybersecurity research and development issues where
appropriate.
----------
8. An Amendment To Be Offered by Representative Dahlkemper, Kathleen of
Pennsylvania or Her Designee, Debatable for 10 Minutes
Page 12, after line 25, insert the following new subsection:
(h) Computer and Network Security Capacity Building Grants--
Manufacturing Extension Partnership.--Section 5(a)(3) of the
Cyber Security Research and Development Act (15 U.S.C.
7404(a)(3)) is amended--
(1) by striking ``and'' at the end of subparagraph
(I);
(2) by redesignating subparagraph (J) as subparagraph
(K); and
(3) by inserting after subparagraph (I) the following
new subparagraph:
``(J) establishing or enhancing collaboration
in computer and network security between
community colleges, universities, and
Manufacturing Extension Partnership Centers;
and''.
----------
9. An Amendment To Be Offered by Representative Garamendi, John of
California or His Designee, Debatable for 10 Minutes
Page 28, line 21, and page 29, line 1, redesignate
subsections (b) and (c) as subsections (c) and (d),
respectively.
Page 28, after line 20, insert the following new subsection:
(b) Workshops.--In carrying out activities under subsection
(a)(1), the Institute is authorized to host regional workshops
to provide an overview of cybersecurity risks and best
practices to businesses, State, local, and tribal governments,
and educational institutions.
----------
10. An Amendment To Be Offered by Representative McCarthy, Carolyn of
New York or Her Designee, Debatable for 10 Minutes
Page 28, line 20, insert ``, especially with respect to
novice computer users, elderly populations, low-income
populations, and populations in areas of planned broadband
expansion or deployment'' after ``educational institutions''.
----------
11. An Amendment To Be Offered by Representative Smith, Adam of
Washington or His Designee, Debatable for 10 Minutes
Page 21, line 21, insert ``job security clearance and
suitability requirements,'' after ``job classification,''.
----------
12. An Amendment To Be Offered by Representative Langevin, James of
Rhode Island or His Designee, Debatable for 10 Minutes
Page 21, line 25, insert ``, including recommendations on the
temporary assignment of private sector cybersecurity
professionals to Federal agencies'' after ``cybersecurity
workforce''.
----------
13. An Amendment To Be Offered by Representative Sanchez, Loretta of
California or Her Designee, Debatable for 10 Minutes
Page 7, line 15, insert ``representing realistic threats and
vulnerabilities'' after ``event data''.
Page 23, line 2, strike ``rights and'' and insert
``rights,''.
Page 23, line 3, insert ``, and for the sharing of lessons
learned on the effectiveness of new technologies from the
private sector with the public sector'' after ``private
sector''.
----------
14. An Amendment To Be Offered by Representative Cuellar, Henry of
Texas or His Designee, Debatable for 10 Minutes
Page 7, line 15, strike ``and''.
Page 7, line 20, strike the period and insert ``; and''.
Page 7, after line 20, insert the following new paragraph:
(7) describe how the Program will strengthen all
levels of cybersecurity education and training programs
to ensure an adequate, well-trained workforce.
----------
15. An Amendment To Be Offered by Representative Shea-Porter, Carol of
New Hampshire or Her Designee, Debatable for 10 Minutes
Page 15, line 11, strike ``equal to the length of the
scholarship'' and insert ``as provided in paragraph (5)''.
Page 15, after line 24, insert the following new paragraph:
(5) Length of service.--The length of service
required in exchange for a scholarship under this
subsection shall be as follows:
(A) For a recipient in a bachelor's degree
program, 1 year more than the number of years
for which the scholarship was received.
(B) For a recipient in a Master's degree
program, 2 years more than the number of years
for which the scholarship was received.
(C) For a recipient in a doctorate degree
program, 3 years more than the number of years
for which the scholarship was received.
----------
16. An Amendment To Be Offered by Representative Clarke, Yvette of New
York or Her Designee, Debatable for 10 Minutes
Page 20, line 24, insert ``the extent to which different
agencies and departments rely on contractors to support the
Federal cybersecurity workforce,'' after ``agencies and
departments,''.
Page 21, line 22, strike ``and''.
Page 21, line 23, redesignate paragraph (5) as paragraph (6).
Page 21, after line 22, insert the following:
(5) a specific analysis of the capacity of the agency
workforce to manage contractors who are performing
cybersecurity work on behalf of the Federal Government;
and
----------
17. An Amendment To Be Offered by Representative Bright, Bobby of
Alabama or His Designee, Debatable for 10 Minutes
Page 27, after line 7, insert the following new section:
SEC. 111. NATIONAL ACADEMY OF SCIENCES STUDY ON THE ROLE OF COMMUNITY
COLLEGES IN CYBERSECURITY EDUCATION.
Not later than 120 days after the date of enactment of this
Act, the Director of the Office of Science and Technology
Policy, in consultation with the Director of the National
Coordination Office, shall enter into a contract with the
National Academy of Sciences to conduct and complete a study to
describe the role of community colleges in cybersecurity
education and to identify exemplary practices and partnerships
related to cybersecurity education between community colleges
and four-year educational institutions.
----------
18. An Amendment To Be Offered by Representative Connolly, Gerald of
Virginia or His Designee, Debatable for 10 Minutes
Page 28, line 12, insert ``, including among children and
young adults,'' after ``public awareness''.
----------
19. An Amendment To Be Offered by Representative Halvorson, Deborah of
Illinois or Her Designee, Debatable for 10 Minutes
Page 15, line 2, strike ``need and to'' and insert ``need,
to''.
Page 15, line 5, insert before the period at the end of
paragraph (2) ``, and to veterans. For purposes of this
paragraph, the term ``veteran'' means a person who--
(A) served on active duty (other than active
duty for training) in the Armed Forces of the
United States for a period of more than 180
consecutive days, and who was discharged or
released therefrom under conditions other than
dishonorable; or
(B) served on active duty (other than active
duty for training) in the Armed Forces of the
United States and was discharged or released
from such service for a service-connected
disability before serving 180 consecutive days.
For purposes of subparagraph (B), the term ``service-
connected'' has the meaning given such term under
section 101 of title 38, United States Code.
----------
20. An Amendment To Be Offered by Representative Kilroy, Mary Jo of
Ohio or Her Designee, Debatable for 10 Minutes
Page 14, line 10, strike ``and''.
Page 14, line 12, strike the period and insert ``; and''.
Page 14, after line 12, insert the following new
subparagraph:
(D) outreach to secondary schools and 2-year
institutions to increase the interest and
recruitment of students into cybersecurity-
related fields.
----------
21. An Amendment To Be Offered by Representative Kissell, Larry of
North Carolina or His Designee, Debatable for 10 Minutes
Page 11, lines 9 and 10, strike ``Section 5(a)(6) of such Act
(15 U.S.C. 7404(a)(6)) is amended to read as follows:'' and
insert ``Section 5(a) of such Act (15 U.S.C. 7404(a)) is
amended--
(1) in paragraph (3)(A), by inserting ``, including
curriculum on the principles and techniques of
designing secure software'' after ``network security'';
and
(2) by amending paragraph (6) to read as follows:
----------
22. An Amendment To Be Offered by Representative Kratovil, Jr., Frank
of Maryland or His Designee, Debatable for 10 Minutes
Page 27, after line 7, insert the following new section:
SEC. 111. NATIONAL CENTER OF EXCELLENCE FOR CYBERSECURITY.
(a) In General.--As part of the Program, the Director of the
National Science Foundation shall, in coordination with other
Federal agencies participating in the Program, establish a
National Center of Excellence for Cybersecurity.
(b) Merit Review.--The National Center of Excellence for
Cybersecurity shall be awarded on a merit-reviewed, competitive
basis.
(c) Activities Supported.--The National Center of Excellence
for Cybersecurity shall--
(1) involve institutions of higher education or
national laboratories and other partners, which may
include States and industry;
(2) make use of existing expertise in cybersecurity;
(3) interact and collaborate with Computer and
Network Security Research Centers to foster the
exchange of technical information and best practices;
(4) perform research to support the development of
technologies for testing hardware and software products
to validate operational readiness and certify stated
security levels;
(5) coordinate cybersecurity education and training
opportunities nationally;
(6) enhance technology transfer and commercialization
that promote cybersecurity innovation; and
(7) perform research on cybersecurity social and
behavioral factors, including human-computer
interactions, usability, user motivations, and
organizational cultures.
----------
23. An Amendment To Be Offered by Representative Nye, Glenn of Virginia
or His Designee, Debatable for 10 Minutes
Page 27, after line 7, insert the following new section:
SEC. 111. CYBERSECURITY INFRASTRUCTURE REPORT.
Not later than 1 year after the date of enactment of this
Act, the Comptroller General shall transmit to the Congress a
report examining key weaknesses within the current
cybersecurity infrastructure, along with recommendations on how
to address such weaknesses in the future and on the technology
that is needed to do so.
----------
24. An Amendment To Be Offered by Representative Owens, Bill of New
York or His Designee, Debatable for 10 Minutes
Page 6, line 24, insert ``, including technologies to secure
sensitive information shared among Federal agencies'' after
``digital infrastructure''.
----------
25. An Amendment To Be Offered by Representative Heinrich, Martin of
New Mexico or His Designee, Debatable for 10 Minutes
Page 8, line 20, insert ``National Laboratories,'' after
``minority serving institutions,''.
�