A picture of Representative Candice S. Miller
Candice M.
Republican MI 10

About Rep. Candice
  • Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015

    by Representative Candice S. Miller

    Posted on 2015-12-16

    submit to reddit

    Read More about Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015

    MILLER of Michigan. Mr. Speaker, I move to suspend the rules [[Page H9353]] and pass the bill (H.R. 3878) to enhance cybersecurity information sharing and coordination at ports in the United States, and for other purposes, as amended.



    The Clerk read the title of the bill.

    The text of the bill is as follows: H.R. 3878 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015''.

    SEC. 2. IMPROVING CYBERSECURITY RISK ASSESSMENTS, INFORMATION SHARING, AND COORDINATION.

    The Secretary of Homeland Security shall-- (1) develop and implement a maritime cybersecurity risk assessment model within 120 days after the date of the enactment of this Act, consistent with the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity and any update to that document pursuant to Public Law 113-274, to evaluate current and future cybersecurity risks (as that term is defined in the second section 226 of the Homeland Security Act of 2002 (6 U.S.C. 148)); (2) evaluate, on a periodic basis but not less than once every two years, the effectiveness of the cybersecurity risk assessment model established under paragraph (1); (3) seek to ensure participation of at least one information sharing and analysis organization (as that term is defined in section 212 of the Homeland Security Act of 2002 (6 U.S.C. 131)) representing the maritime community in the National Cybersecurity and Communications Integration Center, pursuant to subsection (d)(1)(B) of the second section 226 of the Homeland Security Act of 2002 (6 U.S.C. 148); (4) establish guidelines for voluntary reporting of maritime-related cybersecurity risks and incidents (as such terms are defined in the second section 226 of the Homeland Security Act of 2002 (6 U.S.C. 148)) to the Center (as that term is defined subsection (b) of the second section 226 of the Homeland Security Act of 2002 (6 U.S.C. 148)), and other appropriate Federal agencies; and (5) request the National Maritime Security Advisory Committee established under section 70112 of title 46, United States Code, to report and make recommendations to the Secretary on enhancing the sharing of information related to cybersecurity risks and incidents between relevant Federal agencies and State, local, and tribal governments and consistent with the responsibilities of the Center (as that term is defined subsection (b) of the second section 226 of the Homeland Security Act of 2002 (6 U.S.C. 148)); relevant public safety and emergency response agencies; relevant law enforcement and security organizations; maritime industry; port owners and operators; and terminal owners and operators.

    SEC. 3. CYBERSECURITY ENHANCEMENTS TO MARITIME SECURITY ACTIVITIES.

    The Secretary of Homeland Security, acting through the Commandant of the Coast Guard, shall direct-- (1) each Area Maritime Security Advisory Committee established under section 70112 of title 46, United States Code, to facilitate the sharing of cybersecurity risks and incidents to address port-specific cybersecurity risks, which may include the establishment of a working group of members of Area Maritime Security Advisory Committees to address port-specific cybersecurity vulnerabilities; and (2) that any area maritime security plan and facility security plan required under section 70103 of title 46, United States Code approved after the development of the cybersecurity risk assessment model required by paragraph (1) of section 2 include a mitigation plan to prevent, manage, and respond to cybersecurity risks.

    SEC. 4. VULNERABILITY ASSESSMENTS AND SECURITY PLANS.

    Title 46, United States Code, is amended-- (1) in section 70102(b)(1)(C), by inserting ``cybersecurity,'' after ``physical security,''; and (2) in section 70103(c)(3)(C), by striking ``and'' after the semicolon at the end of clause (iv), by redesignating clause (v) as clause (vi), and by inserting after clause (iv) the following: ``(v) prevention, management, and response to cybersecurity risks; and''.

    The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from Michigan (Mrs. Miller) and the gentlewoman from California (Mrs. Torres) each will control 20 minutes.

    The Chair recognizes the gentlewoman from Michigan.

    General Leave Mrs. MILLER of Michigan. Mr. Speaker, I ask unanimous consent that all Members have 5 legislative days within which to revise and extend their remarks and include any extraneous materials on the bill under consideration.

    The SPEAKER pro tempore. Is there objection to the request of the gentlewoman from Michigan? There was no objection.

    Mrs. MILLER of Michigan. Mr. Speaker, I yield myself such time as I may consume.

    Mr. Speaker, I rise in support of H.R. 3878, and I urge its passage.

    Since the terrorist attacks of 9/11, the U.S. Congress has appropriated $2.4 billion in port security grant funds to protect port facilities against potential terror attacks. As a nation, we have done a fairly good job of updating the physical security at ports, but the U.S. Government has been very slow to ensure that our ports are secure from cyber vulnerabilities.

    For example, cybersecurity of our Nation's critical infrastructure has been on the Government Accountability Office's High Risk List since 2003, yet we have not fully engaged on cybersecurity efforts at the Nation's 360 seaports.

    The threat of a cyber attack is real, and, when addressing the protection of maritime critical infrastructure, we must clearly define the roles and responsibilities for ensuring our Nation's ports are protected.

    Under the Maritime Transportation Security Act of 2002, the Coast Guard is identified as the government agency responsible for ensuring the physical security at our Nation's port infrastructure. This bill makes it clear that the Coast Guard is also the primary agency responsible for ensuring the maritime sector is prepared to prevent and to respond to cybersecurity risk and vulnerability.

    More than $1 trillion of goods--from cars, to oil, to corn, and everything in between--move through our Nation's seaports each and every year. Like many industries in America, port facilities and ship operators are increasingly moving cargo through our ports using automated industrial control systems.

    While this automation certainly has a lot of benefits, such as reducing the time that it takes to stock our shelves and lowering the cost of doing business, it doesn't come without risks. These computer systems are controlling machinery at port facilities to move containers and fill tanks and onload and offload ships.

    Terror groups, nation-states, criminal organizations, hackers, and even disgruntled employees could breach these systems, with potentially catastrophic results to the Nation's security and economy.

    Breaches in the maritime domain are particularly concerning, not only from an economic standpoint, but because the dangerous cargos, such as liquefied natural gas and other dangerous cargos, that also pass through our Nation's seaports are at risk.

    Just as we have hardened physical security at our Nation's ports, we need to do the same in virtual space to protect the systems critical to the maritime transportation system against malicious actors. This bill does just that, and it requires the Coast Guard to develop a comprehensive cyber risk assessment specific to the vulnerabilities of the maritime industry. It directs the Secretary of Homeland Security to encourage participation with information sharing to better streamline coordination at the national level.

    H.R. 3878 is a bipartisan piece of legislation, introduced by my colleague from California (Mrs. Torres), and I give her great credit for this piece of legislation, working with so many Members on this. It actually is the result of a hearing held by the Homeland Security Subcommittee that I chaired back in October on the subject of cybersecurity at our Nation's ports.

    {time} 1230 The bill clarifies the Department of Homeland Security's role in maritime cybersecurity as well as it ensures that port facilities work with the Coast Guard to identify cyber risks and vulnerabilities and share best practices across the industry. This is the first step, Mr. Speaker, in protecting our ports from cyber threats, and I certainly urge my colleagues to join this commonsense, bipartisan legislation.

    Again, I want to thank the gentlewoman from California for her work on this issue.

    Mr. Speaker, I reserve the balance of my time.

    Mrs. TORRES. Mr. Speaker, I yield myself such time as I may consume.

    Mr. Speaker, I rise in support of H.R. 3878, the Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act.

    Mr. Speaker, I introduced H.R. 3878, the Strengthening Cybersecurity Information Sharing and Coordination in [[Page H9354]] Our Ports Act, to ensure the Department of Homeland Security takes a more proactive approach to address cybersecurity risks at our Nation's ports and to improve cybersecurity information sharing and coordination between public and private partners at maritime facilities.

    The United States has approximately 360 commercial sea and river ports which use cyber technology to move over $1 trillion worth of cargo each year. The Ports of Los Angeles and Long Beach and other ports in California account for almost 40 percent of the cargo entering this country, and nearly 30 percent of the country's exports leave through California ports.

    The Port of Los Angeles is the number one port by container volume and cargo value in the United States, seeing around $1.2 billion worth of cargo each day. Each year, the Port of Long Beach handles more than 6.8 million 20-foot container units in cargo value at $180 billion and is the second busiest port in the U.S. With so much economic activity happening at our Nation's ports, protecting the cyber networks they rely on is critical to our local and national economy.

    This past October, the Subcommittee on Border and Maritime Security on which I serve held a hearing focused on the threat of cyber attacks at a port and how the Coast Guard is working with private and public partners to protect maritime critical infrastructure against such attacks. This is of particular interest to me because many of the goods that enter through the Ports of Long Beach and Los Angeles come directly to my district where the goods are redistributed throughout the Nation. The hearing was called in response to a June 2014 GAO report recommending the Department of Homeland Security take action to strengthen cybersecurity at our Nation's ports.

    Mr. Speaker, the report found that maritime Sector Coordinating Councils are no longer active. These councils include port owners, operators, and related private industry associations. This means that today there is no one entity that coordinates information sharing between the ports, the private sector, and government stakeholders.

    At the October subcommittee hearing, we received testimony that information sharing on cyber risks at ports should be stronger and that some ports lack the resources to prevent, identify, and respond to cyber attacks. To address these challenges, I introduced H.R. 3878, which will require the Secretary of Homeland Security and the Commandant of the U.S. Coast Guard to take several steps to enhance cybersecurity at our ports.

    Specifically, it requires the Secretary of Homeland Security to establish guidelines for reporting cybersecurity risks, to develop and implement a maritime cybersecurity risk model, and to make recommendations on enhancing the sharing of cyber information. It also requires the Coast Guard to direct Area Maritime Security Committees to address cybersecurity risks. These measures will create an environment where DHS, the Coast Guard, ports, and stakeholders work together to enhance cybersecurity at our Nation's ports.

    Mr. Speaker, I would like to thank Chairman McCaul and Subcommittee Chairwoman Miller for their cooperation and the bipartisan nature of the staff discussions on this bill. Mr. Speaker, I urge my colleagues to support H.R. 3878.

    I reserve the balance of my time.

    Mrs. MILLER of Michigan. Mr. Speaker, I yield such time as he may consume to the distinguished gentleman from New York (Mr. Donovan).

  • submit to reddit
  • Register your constituent account to respond

    Constituent Register