[Congressional Record Volume 145, Number 96 (Thursday, July 1, 1999)]
[Extensions of Remarks]
[Pages E1491-E1492]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




  INTRODUCTION OF H.R. 2413, THE COMPUTER SECURITY ENHANCEMENT ACT OF 
                                  1999

                                 ______
                                 

                    HON. F. JAMES SENSENBRENNER, JR.

                              of wisconsin

                    in the house of representatives

                         Thursday, July 1, 1999

  Mr. SENSENBRENNER. Mr. Speaker, I am pleased to introduce, H.R. 2413, 
the Computer Security Enhancement Act of 1999, a bipartisan bill to 
address our government's computer security needs. Joining me as 
cosponsors of this important legislation is Mr. Bart Gordon of 
Tennessee and Mrs. Connie Morella of Maryland, the Chairwoman of the 
Science Committee's Technology Subcommittee.
  The bill amends and updates the Computer Security Act of 1987 which 
gave the National Institute of Standards and Technology (NIST) the lead 
responsibility for developing security standards and technical 
guidelines for civilian government agencies' computer security. 
Specifically, the bill:
  1.  Reduces the cost and improves the availability of computer 
security technologies for Federal agencies by requiring NIST to promote 
the Federal use of off-the-shelf products for meeting civilian agency 
computer security needs.
  2.  Enhances the role of the independent Computer System Security and 
Privacy Advisory Board in NIST's decision-making process. The board, 
which is made up of representatives from industry, federal agencies and 
other outside experts, should assist NIST in its development of 
standards and guidelines for Federal systems.
  3.  Requires NIST to develop standardized tests and procedures to 
evaluate the strength of foreign encryption products. Through such 
tests and procedures, NIST, with assistance from the private sector, 
will be able to judge the relative strength of foreign encryption, 
thereby defusing some of the concerns associated with the expert of 
domestic encryption products.
  4.  Clarifies that NIST standards and guidelines are to be used for 
the acquisition of security technologies for the Federal Government and 
are not intended as restrictions on the production or use of encryption 
by the private sector.
  5.  Addresses the shortage of university students studying computer 
security. Of the 5,500 PhDs in Computer science awarded over the last 
five years in Canada and the U.S., only 16 were in fields related to 
computer security. To help address such short-falls, the bill 
establishes a new computer science fellowship program for graduate and 
undergraduate students studying computer security; and

[[Page E1492]]

  6.  Requires the National Research Council to conduct a study to 
assess the desirability of creating public key infrastructures. The 
study will also address advances in technology required for public key 
in technology required for public key infrastructure.
  7. Establishes a national panel for the purpose of exploring all 
relevant factors associated with the development of a national digital 
signature infrastructure based on uniform standards and of developing 
model practices and standards associated with certification 
authorities.
  All these measures are intended to accomplish two goals. First, 
assist NIST in meeting the ever-increasing computer security needs of 
Federal civilian agencies. Second, to allow the Federal Government, 
through NIST, to harness the ingenuity of the private sector to help 
address its computer security needs.
  Since the passage of the Computer Security Act, the networking 
revolution has improved the ability of Federal agencies to process and 
transfer data. It has also made that same data more vulnerable to 
corruption and theft.
  The General Accounting Office (GAO) has highlighted computer security 
as a government-wide, high-risk issue. GAO specifically identified the 
lack of adequate security for Federal civilian computer systems as a 
significant problem. Since June of 1993, the General Accounting Office 
(GAO) has issued over 30 reports detailing serious information security 
weaknesses at 24 of our largest Federal agencies.
  The Science Committee has held seven hearings on computer security 
since I became Chairman in 1997. During the hearings, Members of the 
Science Committee heard from some of the most respected experts in the 
field. They all agreed that the Federal Government must do more to 
secure the sensitive electronic data it possesses.
  The Federal Government is not alone in its need to secure electronic 
information. The corruption of electronic data threatens every sector 
of our economy. The market for high-quality computer security products 
is enormous, and the U.S. software and hardware industries are 
responding. The passage of this legislation will enable the Federal 
Government, through NIST, to benefit from these technological advances.
  I look forward to working with all interested parties to advance the 
Computer Security Enhancement Act of 1999. In my estimation, it is a 
good bill, and I am hopeful we can move it through the legislative 
process in short order.

                          ____________________