

114 HR 6473 IH: To express the sense of Congress that information security is critical to the economic security of the United States and to direct the Assistant Secretary of Commerce for Communications and Information to submit to Congress a report on the costs of information security.
U.S. House of Representatives
2016-12-07
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I114th CONGRESS2d SessionH. R. 6473IN THE HOUSE OF REPRESENTATIVESDecember 7, 2016Mr. Upton introduced the following bill; which was referred to the Committee on Energy and CommerceA BILLTo express the sense of Congress that information security is critical to the economic security of
			 the United States and to direct the Assistant Secretary of Commerce for
			 Communications and Information to submit to Congress a report on the costs
			 of information security.
	
 1.Sense of Congress on information securityIt is the sense of Congress that— (1)information is vital to all industries of the United States for domestic and international commerce;
 (2)the modern United States economy relies increasingly on digital information systems; and (3)information security is therefore critical to the economic security of the United States and should be protected in a manner that continues to promote economic growth.
			2.NTIA report on costs of information security to United States economy
 (a)In generalNot later than 2 years after the date of the enactment of this Act, the Assistant Secretary of Commerce for Communications and Information shall submit to Congress a report on the direct and indirect costs of information security to the economy of the United States. In preparing such report, the Assistant Secretary shall use existing commercial indices and other publicly available information.
 (b)Required considerationsThe report required by subsection (a) shall contain an estimate of the costs described in such subsection. In preparing such estimate, the Assistant Secretary shall consider costs that include the cost of—
 (1)keeping information systems secure; (2)actions necessary to mitigate compromise of information systems;
 (3)measures used to hedge against such compromise; and (4)economic loss or harm caused by such compromise.
 3.DefinitionsIn this Act: (1)Information securityThe term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—
 (A)integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
 (B)confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information;
 (C)availability, which means ensuring timely and reliable access to and use of information; and (D)authentication, which means utilizing digital credentials to assure the identity of users and validate their access.
 (2)Information systemThe term information system means any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, and includes—
 (A)networks and computers and other network-enabled devices; (B)ancillary equipment;
 (C)software, firmware, and related procedures; (D)services, including support services; and
 (E)related resources. 