[House Report 111-410] [From the U.S. Government Publishing Office] 111th Congress Report HOUSE OF REPRESENTATIVES 2d Session 111-410 ====================================================================== PROVIDING FOR CONSIDERATION OF THE BILL (H.R. 4061) TO ADVANCE CYBERSECURITY RESEARCH, DEVELOPMENT, AND TECHNICAL STANDARDS, AND FOR OTHER PURPOSES _______ February 2, 2010.--Referred to the House Calendar and ordered to be printed _______ Mr. Arcuri, from the Committee on Rules, submitted the following R E P O R T [To accompany H. Res. 1051] The Committee on Rules, having had under consideration House Resolution 1051, by a nonrecord vote, report the same to the House with the recommendation that the resolution be adopted. SUMMARY OF PROVISIONS OF THE RESOLUTION The resolution provides for consideration of H.R. 4061, the ``Cybersecurity Enhancement Act of 2009,'' under a structured rule. The resolution waives all points of order against consideration of the bill except those arising under clause 9 or 10 of rule XXI. The resolution provides 1 hour of general debate equally divided and controlled by the chair and ranking minority member of the Science and Technology Committee. The resolution provides that the amendment in the nature of a substitute recommended by the Science and Technology Committee now printed in the bill shall be considered as an original bill for the purpose of amendment and shall be considered as read. The resolution waives all points of order against the amendment in the nature of a substitute except those arising under clause 10 of rule XXI. This waiver does not affect the point of order available under clause 9 of rule XXI (regarding earmark disclosure). The resolution further makes in order only those amendments printed in this report. The amendments made in order may be offered only in the order printed in this report, may be offered only by a Member designated in this report, shall be considered as read, shall be debatable for the time specified in this report equally divided and controlled by the proponent and an opponent, shall not be subject to amendment, and shall not be subject to a demand for division of the question. All points of order against the amendments except those arising under clause 9 or 10 of rule XXI are waived. The resolution provides one motion to recommit with or without instructions. The resolution provides that the Chair may entertain a motion that the Committee rise only if offered by the chair of the Science and Technology Committee or his designee. Finally, the resolution provides that the Chair may not entertain a motion to strike out the enacting words of the bill. EXPLANATION OF WAIVERS Although the rule waives all points of order against consideration of the bill (except those arising under clause 9 or 10 of rule XXI), the Committee is not aware of any points of order. The waiver is prophylactic. The waiver of all points of order (except those arising under clause 10 of rule XXI) against the amendment in the nature of a substitute includes a waiver of clause 7 of rule XVI regarding germaneness. COMMITTEE VOTES The results of each record vote on an amendment or motion to report, together with the names of those voting for and against, are printed below: Rules Committee Record Vote No. 307 Date: February 2, 2010. Measure: H.R. 4061. Motion by: Mr. Dreier. Summary of motion: To make in order and provide the necessary waivers for an amendment by Rep. Sessions (TX), #3, which would maintain FY 2011 authorization levels in the bill for three years, instead of increasing them annually. Results: Defeated 2-8. Vote by Members: McGovern--Nay; Hastings (FL)--Nay; Matsui--Nay; Cardoza--Nay; Arcuri--Nay; Perlmutter--Nay; Pingree--Nay; Polis--Nay; Dreier--Yea; Foxx--Yea. SUMMARY OF AMENDMENTS MADE IN ORDER 1. Hastings, Alcee (FL), Rodriguez (TX): Would address the lack of minority representation in the cybersecurity industry-- including women and African-Americans, Hispanics, and Native Americans. The amendment adds language in Sec. 107 to describe how successful programs are engaging said minorities and in Sec. 108 to include minority-serving institutions on the Cybersecurity University-Industry Task Force. (10 minutes) 2. Polis (CO): Would allow participants in the Federal Cyber Scholarship for Service program to seek out opportunities for internships, or other meaningful appointments, in the private sector. (10 minutes) 3. Flake, Jeff (AZ): Would prohibit the earmarking of funds authorized for grants in the bill. (10 minutes) 4. Matheson (UT): Would require the National Science Foundation to study ways to improve detection, investigation, and prosecution of cyber crimes including piracy of intellectual property, crimes against children, and organized crime. (10 minutes) 5. Roskam (IL): Would strengthen the involvement of community colleges in the development and implementation of a national cybersecurity strategy. (10 minutes) 6. Edwards, Donna (MD): Would direct NIST to work in cooperation with State, Federal, and private sector partners to develop a framework that States may follow in order to achieve effective cybersecurity practices in a timely and cost effective manner. (10 minutes) 7. Paulsen (MN): Would include international cooperation where appropriate as part of the Cybersecurity Strategic Research and Development Plan. (10 minutes) 8. Dahlkemper (PA): Would allow collaboration between and among community colleges, universities, and Manufacturing Extension Partnership Centers as an additional use for the Computer and Network Security Capacity Building Grants under the Cyber Security Research and Development Act. (10 minutes) 9. Garamendi, John: Would provide for regional workshops as part of the Cybersecurity Awareness and Education program. (10 minutes) 10. McCarthy, Carolyn (NY), Kratovil (MD): Would emphasize that cybersecurity awareness and education efforts focus on novice computer users, young and elderly populations, low- income populations, and populations in areas of planned broadband expansion or deployment. (10 minutes) 11. Smith, Adam (WA): Would add ``job security clearance and suitability requirements'' to the issues that are to be considered in the cybersecurity workforce assessment. (10 minutes) 12. Langevin (RI): Would direct the Cybersecurity Workforce Assessment to examine expanding temporary assignments of private sector cybersecurity professionals to Federal agencies. (10 minutes) 13. Sanchez, Loretta (CA): Would facilitate access to realistic threats and vulnerabilities for academic researchers during the development of the strategic plan in section 103 Cybersecurity Strategic Research and Development Program. Would also amend section 108 Cybersecurity University-Industry Task Force to propose guidelines for the sharing of lessons learned of the effectiveness of new technologies from the private sector to the public sector. (10 minutes) 14. Cuellar (TX): Would add to the Cybersecurity Strategic Research and Development plan a requirement to determine how to strengthen all levels of cybersecurity education and training programs to secure an adequate, well-trained workforce. (10 minutes) 15. Shea-Porter (NH): Would extend the service obligation for recipients of cybersecurity scholarships or fellowships on a sliding scale depending on the degree program. (10 minutes) 16. Clarke (NY): Would enhance the existing cybersecurity workforce assessment by including contractors. (10 minutes) 17. Bright (AL): Would require a National Academy of Sciences study on the role of community colleges in cybersecurity education. The study would also identify best practices related to cybersecurity education between community colleges and four-year educational institutions. (10 minutes) 18. Connolly (VA): Would emphasize that promotion of cybersecurity education also must include ``children and young adults'' along with the other targeted audiences. (10 minutes) 19. Halvorson (IL), Shea-Porter (NH): Would add veteran status as an additional item for consideration when selecting individuals for the Federal Cyber Scholarship for Service. (10 minutes) 20. Kilroy (OH): Would amend the Federal Cyber Scholarship for Service program to include support for outreach activities that will improve the recruitment of high school and community college students into cybersecurity-related fields. (10 minutes) 21. Kissell, Larry (NC): Would instruct the National Science Foundation Director to include language in its Computer and Network Security Capacity Building Grants mission statement highlighting importance of curriculum on the principles and techniques of designing secure software. (10 minutes) 22. Kratovil (MD): Would instruct the Director of the National Science Foundation to establish, on a merit-reviewed and competitive basis, a National Center of Excellence for Cybersecurity as part of the Networking and Information Technology and Research Development Program. (10 minutes) 23. Nye (VA): Would direct the Comptroller General to submit a report examining weaknesses within the current cybersecurity infrastructure. (10 minutes) 24. Owens (NY): Would require the Cybersecurity Strategic Research and Development plan to include a component on technologies to secure sensitive information shared among Federal agencies. (10 minutes) 25. Heinrich (NM): Would allow national laboratories to be included as stakeholders in the Cybersecurity Strategic Research and Development Plan. (10 minutes) TEXT OF AMENDMENTS TO BE MADE IN ORDER 1. An Amendment To Be Offered by Representative Hastings, Alcee of Florida or His Designee, Debatable for 10 Minutes Page 21, line 4, strike ``and an'' and insert ``an''. Page 21, line 8, insert ``, and a description of how successful programs are engaging the talents of women and African-Americans, Hispanics, and Native Americans in the cybersecurity workforce'' after ``private sector''. Page 23, line 11, insert ``, and shall include representatives from minority-serving institutions'' after ``in cybersecurity''. ---------- 2. An Amendment To Be Offered by Representative Polis, Jared of Colorado or His Designee, Debatable for 10 Minutes Page 13, line 22, insert ``or, at the discretion of the Director, with appropriate private sector entities'' after ``technology workforce''. ---------- 3. An Amendment To Be Offered by Representative Flake, Jeff of Arizona or His Designee, Debatable for 10 Minutes Page 12, after line 25, insert the following new subsection: (h) Prohibition on Earmarks.--None of the funds appropriated under this section, and the amendments made by this section may be used for a Congressional earmark as defined in clause 9(d) of rule XXI of the Rules of the House of Representatives. ---------- 4. An Amendment To Be Offered by Representative Matheson, Jim of Utah or His Designee, Debatable for 10 Minutes Page 9, line 23, strike ``is amended'' and insert ``is amended-- (1)''. Page 9, line 25, strike the period and insert ``; and''. Page 9, after line 25, insert the following new paragraph: (2) by amending subparagraph (I) to read as follows: ``(I) enhancement of the ability of law enforcement to detect, investigate, and prosecute cyber-crimes, including crimes that involve piracy of intellectual property, crimes against children, and organized crime.''. ---------- 5. An Amendment To Be Offered by Representative Roskam, Peter of Illinois or His Designee, Debatable for 10 Minutes Page 8, line 20, insert ``and community colleges'' after ``minority serving institutions''. Page 14, line 10, insert ``and community colleges'' after ``minority serving institutions''. Page 21, line 6, insert ``, including community colleges,'' after ``institutions of higher education''. Page 23, line 10, insert ``, including community colleges,'' after ``institutions of higher education''. ---------- 6. An Amendment To Be Offered by Representative Edwards, Donna of Maryland or Her Designee, Debatable for 10 Minutes At the end of the bill, insert the following new section: SEC. 205. PRACTICES AND STANDARDS. The National Institute of Standards and Technology shall work with other Federal, State, and private sector partners, as appropriate, to develop a framework that States may follow in order to achieve effective cybersecurity practices in a timely and cost effective manner. ---------- 7. An Amendment To Be Offered by Representative Paulsen, Erik of Minnesota or His Designee, Debatable for 10 Minutes Page 7, line 15, strike ``and''. Page 7, line 20, strike the period and insert ``; and''. Page 7, after line 20, insert the following new paragraph: (7) outline how the United States can work strategically with our international partners on cybersecurity research and development issues where appropriate. ---------- 8. An Amendment To Be Offered by Representative Dahlkemper, Kathleen of Pennsylvania or Her Designee, Debatable for 10 Minutes Page 12, after line 25, insert the following new subsection: (h) Computer and Network Security Capacity Building Grants-- Manufacturing Extension Partnership.--Section 5(a)(3) of the Cyber Security Research and Development Act (15 U.S.C. 7404(a)(3)) is amended-- (1) by striking ``and'' at the end of subparagraph (I); (2) by redesignating subparagraph (J) as subparagraph (K); and (3) by inserting after subparagraph (I) the following new subparagraph: ``(J) establishing or enhancing collaboration in computer and network security between community colleges, universities, and Manufacturing Extension Partnership Centers; and''. ---------- 9. An Amendment To Be Offered by Representative Garamendi, John of California or His Designee, Debatable for 10 Minutes Page 28, line 21, and page 29, line 1, redesignate subsections (b) and (c) as subsections (c) and (d), respectively. Page 28, after line 20, insert the following new subsection: (b) Workshops.--In carrying out activities under subsection (a)(1), the Institute is authorized to host regional workshops to provide an overview of cybersecurity risks and best practices to businesses, State, local, and tribal governments, and educational institutions. ---------- 10. An Amendment To Be Offered by Representative McCarthy, Carolyn of New York or Her Designee, Debatable for 10 Minutes Page 28, line 20, insert ``, especially with respect to novice computer users, elderly populations, low-income populations, and populations in areas of planned broadband expansion or deployment'' after ``educational institutions''. ---------- 11. An Amendment To Be Offered by Representative Smith, Adam of Washington or His Designee, Debatable for 10 Minutes Page 21, line 21, insert ``job security clearance and suitability requirements,'' after ``job classification,''. ---------- 12. An Amendment To Be Offered by Representative Langevin, James of Rhode Island or His Designee, Debatable for 10 Minutes Page 21, line 25, insert ``, including recommendations on the temporary assignment of private sector cybersecurity professionals to Federal agencies'' after ``cybersecurity workforce''. ---------- 13. An Amendment To Be Offered by Representative Sanchez, Loretta of California or Her Designee, Debatable for 10 Minutes Page 7, line 15, insert ``representing realistic threats and vulnerabilities'' after ``event data''. Page 23, line 2, strike ``rights and'' and insert ``rights,''. Page 23, line 3, insert ``, and for the sharing of lessons learned on the effectiveness of new technologies from the private sector with the public sector'' after ``private sector''. ---------- 14. An Amendment To Be Offered by Representative Cuellar, Henry of Texas or His Designee, Debatable for 10 Minutes Page 7, line 15, strike ``and''. Page 7, line 20, strike the period and insert ``; and''. Page 7, after line 20, insert the following new paragraph: (7) describe how the Program will strengthen all levels of cybersecurity education and training programs to ensure an adequate, well-trained workforce. ---------- 15. An Amendment To Be Offered by Representative Shea-Porter, Carol of New Hampshire or Her Designee, Debatable for 10 Minutes Page 15, line 11, strike ``equal to the length of the scholarship'' and insert ``as provided in paragraph (5)''. Page 15, after line 24, insert the following new paragraph: (5) Length of service.--The length of service required in exchange for a scholarship under this subsection shall be as follows: (A) For a recipient in a bachelor's degree program, 1 year more than the number of years for which the scholarship was received. (B) For a recipient in a Master's degree program, 2 years more than the number of years for which the scholarship was received. (C) For a recipient in a doctorate degree program, 3 years more than the number of years for which the scholarship was received. ---------- 16. An Amendment To Be Offered by Representative Clarke, Yvette of New York or Her Designee, Debatable for 10 Minutes Page 20, line 24, insert ``the extent to which different agencies and departments rely on contractors to support the Federal cybersecurity workforce,'' after ``agencies and departments,''. Page 21, line 22, strike ``and''. Page 21, line 23, redesignate paragraph (5) as paragraph (6). Page 21, after line 22, insert the following: (5) a specific analysis of the capacity of the agency workforce to manage contractors who are performing cybersecurity work on behalf of the Federal Government; and ---------- 17. An Amendment To Be Offered by Representative Bright, Bobby of Alabama or His Designee, Debatable for 10 Minutes Page 27, after line 7, insert the following new section: SEC. 111. NATIONAL ACADEMY OF SCIENCES STUDY ON THE ROLE OF COMMUNITY COLLEGES IN CYBERSECURITY EDUCATION. Not later than 120 days after the date of enactment of this Act, the Director of the Office of Science and Technology Policy, in consultation with the Director of the National Coordination Office, shall enter into a contract with the National Academy of Sciences to conduct and complete a study to describe the role of community colleges in cybersecurity education and to identify exemplary practices and partnerships related to cybersecurity education between community colleges and four-year educational institutions. ---------- 18. An Amendment To Be Offered by Representative Connolly, Gerald of Virginia or His Designee, Debatable for 10 Minutes Page 28, line 12, insert ``, including among children and young adults,'' after ``public awareness''. ---------- 19. An Amendment To Be Offered by Representative Halvorson, Deborah of Illinois or Her Designee, Debatable for 10 Minutes Page 15, line 2, strike ``need and to'' and insert ``need, to''. Page 15, line 5, insert before the period at the end of paragraph (2) ``, and to veterans. For purposes of this paragraph, the term ``veteran'' means a person who-- (A) served on active duty (other than active duty for training) in the Armed Forces of the United States for a period of more than 180 consecutive days, and who was discharged or released therefrom under conditions other than dishonorable; or (B) served on active duty (other than active duty for training) in the Armed Forces of the United States and was discharged or released from such service for a service-connected disability before serving 180 consecutive days. For purposes of subparagraph (B), the term ``service- connected'' has the meaning given such term under section 101 of title 38, United States Code. ---------- 20. An Amendment To Be Offered by Representative Kilroy, Mary Jo of Ohio or Her Designee, Debatable for 10 Minutes Page 14, line 10, strike ``and''. Page 14, line 12, strike the period and insert ``; and''. Page 14, after line 12, insert the following new subparagraph: (D) outreach to secondary schools and 2-year institutions to increase the interest and recruitment of students into cybersecurity- related fields. ---------- 21. An Amendment To Be Offered by Representative Kissell, Larry of North Carolina or His Designee, Debatable for 10 Minutes Page 11, lines 9 and 10, strike ``Section 5(a)(6) of such Act (15 U.S.C. 7404(a)(6)) is amended to read as follows:'' and insert ``Section 5(a) of such Act (15 U.S.C. 7404(a)) is amended-- (1) in paragraph (3)(A), by inserting ``, including curriculum on the principles and techniques of designing secure software'' after ``network security''; and (2) by amending paragraph (6) to read as follows: ---------- 22. An Amendment To Be Offered by Representative Kratovil, Jr., Frank of Maryland or His Designee, Debatable for 10 Minutes Page 27, after line 7, insert the following new section: SEC. 111. NATIONAL CENTER OF EXCELLENCE FOR CYBERSECURITY. (a) In General.--As part of the Program, the Director of the National Science Foundation shall, in coordination with other Federal agencies participating in the Program, establish a National Center of Excellence for Cybersecurity. (b) Merit Review.--The National Center of Excellence for Cybersecurity shall be awarded on a merit-reviewed, competitive basis. (c) Activities Supported.--The National Center of Excellence for Cybersecurity shall-- (1) involve institutions of higher education or national laboratories and other partners, which may include States and industry; (2) make use of existing expertise in cybersecurity; (3) interact and collaborate with Computer and Network Security Research Centers to foster the exchange of technical information and best practices; (4) perform research to support the development of technologies for testing hardware and software products to validate operational readiness and certify stated security levels; (5) coordinate cybersecurity education and training opportunities nationally; (6) enhance technology transfer and commercialization that promote cybersecurity innovation; and (7) perform research on cybersecurity social and behavioral factors, including human-computer interactions, usability, user motivations, and organizational cultures. ---------- 23. An Amendment To Be Offered by Representative Nye, Glenn of Virginia or His Designee, Debatable for 10 Minutes Page 27, after line 7, insert the following new section: SEC. 111. CYBERSECURITY INFRASTRUCTURE REPORT. Not later than 1 year after the date of enactment of this Act, the Comptroller General shall transmit to the Congress a report examining key weaknesses within the current cybersecurity infrastructure, along with recommendations on how to address such weaknesses in the future and on the technology that is needed to do so. ---------- 24. An Amendment To Be Offered by Representative Owens, Bill of New York or His Designee, Debatable for 10 Minutes Page 6, line 24, insert ``, including technologies to secure sensitive information shared among Federal agencies'' after ``digital infrastructure''. ---------- 25. An Amendment To Be Offered by Representative Heinrich, Martin of New Mexico or His Designee, Debatable for 10 Minutes Page 8, line 20, insert ``National Laboratories,'' after ``minority serving institutions,''.