[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6473 Introduced in House (IH)]

<DOC>






114th CONGRESS
  2d Session
                                H. R. 6473

To express the sense of Congress that information security is critical 
    to the economic security of the United States and to direct the 
 Assistant Secretary of Commerce for Communications and Information to 
   submit to Congress a report on the costs of information security.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            December 7, 2016

  Mr. Upton introduced the following bill; which was referred to the 
                    Committee on Energy and Commerce

_______________________________________________________________________

                                 A BILL


 
To express the sense of Congress that information security is critical 
    to the economic security of the United States and to direct the 
 Assistant Secretary of Commerce for Communications and Information to 
   submit to Congress a report on the costs of information security.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SENSE OF CONGRESS ON INFORMATION SECURITY.

    It is the sense of Congress that--
            (1) information is vital to all industries of the United 
        States for domestic and international commerce;
            (2) the modern United States economy relies increasingly on 
        digital information systems; and
            (3) information security is therefore critical to the 
        economic security of the United States and should be protected 
        in a manner that continues to promote economic growth.

SEC. 2. NTIA REPORT ON COSTS OF INFORMATION SECURITY TO UNITED STATES 
              ECONOMY.

    (a) In General.--Not later than 2 years after the date of the 
enactment of this Act, the Assistant Secretary of Commerce for 
Communications and Information shall submit to Congress a report on the 
direct and indirect costs of information security to the economy of the 
United States. In preparing such report, the Assistant Secretary shall 
use existing commercial indices and other publicly available 
information.
    (b) Required Considerations.--The report required by subsection (a) 
shall contain an estimate of the costs described in such subsection. In 
preparing such estimate, the Assistant Secretary shall consider costs 
that include the cost of--
            (1) keeping information systems secure;
            (2) actions necessary to mitigate compromise of information 
        systems;
            (3) measures used to hedge against such compromise; and
            (4) economic loss or harm caused by such compromise.

SEC. 3. DEFINITIONS.

    In this Act:
            (1) Information security.--The term ``information 
        security'' means protecting information and information systems 
        from unauthorized access, use, disclosure, disruption, 
        modification, or destruction in order to provide--
                    (A) integrity, which means guarding against 
                improper information modification or destruction, and 
                includes ensuring information nonrepudiation and 
                authenticity;
                    (B) confidentiality, which means preserving 
                authorized restrictions on access and disclosure, 
                including means for protecting personal privacy and 
                proprietary information;
                    (C) availability, which means ensuring timely and 
                reliable access to and use of information; and
                    (D) authentication, which means utilizing digital 
                credentials to assure the identity of users and 
                validate their access.
            (2) Information system.--The term ``information system'' 
        means any equipment or interconnected system or subsystems of 
        equipment that is used in the automatic acquisition, storage, 
        manipulation, management, movement, control, display, 
        switching, interchange, transmission, or reception of data or 
        information, and includes--
                    (A) networks and computers and other network-
                enabled devices;
                    (B) ancillary equipment;
                    (C) software, firmware, and related procedures;
                    (D) services, including support services; and
                    (E) related resources.
                                 <all>