[Congressional Record Volume 143, Number 84 (Tuesday, June 17, 1997)]
[Extensions of Remarks]
[Page E1232]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




             THE COMPUTER SECURITY ENHANCEMENT ACT OF 1997

                                 ______
                                 

                       HON. CONSTANCE A. MORELLA

                              of maryland

                    in the house of representatives

                         Tuesday, June 17, 1997

  Mrs. MORELLA. Mr. Speaker, I rise today to join Science Committee 
Chairman Sensenbrenner and ranking committee and subcommittee members 
Brown and Gordon in introducing H.R. 1903, The Computer Security 
Enhancement Act of 1997. H.R. 1903 is designed to improve the security 
of computer systems throughout the Government.
  In 1987, Congress passed the Computer Security Act which gave the 
National Institute of Standards and Technology [NIST] the lead 
responsibility for developing security standards and technical 
guidelines for civilian government agency computer systems. H.R. 1903 
updates this 10-year-old statute.
  The networking revolution of the last decade has improved the ability 
of Federal agencies to process and transfer data. It has also made that 
same data more vulnerable to corruption and theft.
  In February, the General Accounting Office [GAO] highlighted computer 
security as a government-wide, high-risk issue in its high risk series. 
Concurrent with the release of GAO's high risk report, I held the 
second in a series of briefing on computer security. During the 
briefing, members of the Science Committee heard from some of the most 
respected experts in the field of electronic information security. They 
all agreed that the Federal Government must do more to secure sensitive 
electronic data.
  The Federal Government is not alone in its need to secure electronic 
information. The corruption of electronic data threatens every sector 
of our economy. The market for high-quality computer security products 
is enormous, and the U.S. software and hardware industries are 
responding. The Federal Government, through NIST, can harness these 
market forces to improve computer security within Federal agencies at a 
fraction of the cost of developing its own hardware and software.
  The Computer Security Enhancement Act of 1997 will assist in this 
process. The bill reduces the cost and improves the availability of 
computer security technologies for Federal agencies by requiring NIST 
to promote the use of off-the-shelf products for meeting civilian 
agency computer security needs.
  The bill also enhances the role of the independent Computer System 
Security and Privacy Advisory Board in NIST's decisionmaking process. 
The board, which is made up of representatives from industry, federal 
agencies as well as other outside experts, should assist NIST in its 
development of standards and guidelines for Federal systems which are 
compatible with existing private sector technologies.
  Further, the bill requires NIST to develop standardized tests and 
procedures to evaluate the strength of foreign encryption products. 
Through such tests and procedures, NIST, with assistance from the 
private sector, will be able to judge the relative strength of foreign 
encryption, thereby defusing some of the concerns associated with the 
export of domestic encryption products.
  The bill also clarifies that NIST standards and guidelines are to be 
used for the acquisition of security technologies for the Federal 
Government and are not intended as restrictions on the production or 
use of encryption by the private sector.
  Additionally, H.R. 1903 addresses the shortage of university students 
studying computer security. Of the 5500 Ph.D's in computer science 
awarded over the last 5 years in Canada and the United States, only 16 
were in fields related to computer security. To help address such 
shortfalls, the bill establishes a new computer science fellowship 
program for graduate and undergraduate students studying computer 
security. The bill sets aside $250,000 a year, for each of the next two 
fiscal years, to enable NIST to finance computer security fellowships 
under an existing NIST grant program.
  The provisions of the Computer Security Enhancement Act should help 
maintain a strong domestic computer security industry. A strong 
industry will not only help our economy but also significantly improve 
the security of Federal computer systems.
  Mr. Speaker, H.R. 1903 alone will not solve the Federal Government's 
computer security problems. It is, however, an important step in the 
right direction. I commend Chairman Sensenbrenner for crafting a 
bipartisan bill that should substantially improve computer security for 
the Federal Government, and I encourage all of my colleagues to join in 
cosponsoring the Computer Security Enhancement Act of 1997.

                          ____________________