Cybersecurity Enhancement Act of 2014by Representative Eddie Bernice Johnson
Posted on 2014-12-11
in the house of representatives
Thursday, December 11, 2014
Ms. EDDIE BERNICE JOHNSON of Texas. Mr. Speaker, I rise in support of
S. 1353, the Cybersecurity Enhancement Act of 2014.
I want to commend several Members on both sides of the aisle and both chambers who have worked on this bill for many years. I want to thank Representatives Lipinski and McCaul and Senators Rockefeller and Thune for their longstanding, bipartisan leadership on this critical topic of cybersecurity research and development.
This bipartisan bill is overall a very good bill that contributes in essential ways to any comprehensive effort to keep our nation, our businesses, and our citizens safe from malicious cyber attacks.
S. 1353 incorporates a number of pieces from H.R. 756, the Cybersecurity Enhancement Act of 2013 that moved on a bipartisan basis through the Science, Space, and Technology Committee, and then was passed overwhelmingly on the House floor last April.
While S. 1353 is a good bill and I will be supporting it, I want to talk about what is not in this bill but was in H.R. 756. I hope that as we continue to discuss actions our government can take to better secure our cyberspace, we keep these topics on the table.
The first of these topics is human factors. The fact is that people, not software or hardware, remain the weakest link in our cybersecurity. Whether it's weak passwords, or falling victim to phishing, or using corrupted thumb drives, people unwittingly compromise their own security and that of large networks and companies every day. To truly secure our cyberspace, it is vital that we understand how and why people make the decisions they do, and how we might develop better policies and technologies to reduce risky behaviors. Unfortunately, a section contained in H.R. 756 to direct just this type of research was not incorporated into S. 1353. I hope we continue to make human factors a priority going forward.
The second topic is workforce. The federal government and private sector alike is suffering from a lack of adequately trained cybersecurity professionals. Unfortunately, women and underrepresented minorities are still significantly underrepresented in computer and information sciences. We can't expect to fix the shortage of skilled cybersecurity professionals with much less than half of our brain power. I wish S. 1353 included more language on how our agencies can help address this shortage. As I see it, our only option is to continue to make this a priority.
Finally, Mr. Speaker, I want to address a concern that NIST had about some of the language in this bill. In one of the opening paragraphs of the bill, paragraph (e)(1), NIST is directed to prevent duplication of regulatory processes and prevent conflict of regulatory requirements. I just want to clarify two things. First, by definition, NIST's processes are non-regulatory. Second, NIST cannot be held responsible for regulatory actions or processes at other agencies.
The language is ambiguous on this second point so I just wanted to make sure we are clear in our expectations for NIST. To address a second concern that NIST raised, I hope that limitation clause in paragraph (e)(2) does not prevent regulatory agencies from using information gained through the processes in this bill to fix duplicative or outdated regulations.
With that Mr. Speaker, I urge my colleagues to support this bill.
HONORING OUTGOING CONGRESSIONAL BLACK CAUCUS CHAIRWOMAN, CONGRESSWOMAN MARCIA FUDGE ______ HON. YVETTE D. CLARKE of new york in the house of representatives Thursday, December 11, 2014