[Congressional Record Volume 145, Number 96 (Thursday, July 1, 1999)]
[Extensions of Remarks]
[Page E1492]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




             THE COMPUTER SECURITY ENHANCEMENT ACT OF 1999

                                 ______
                                 

                            HON. BART GORDON

                              of tennessee

                    in the house of representatives

                         Thursday, July 1, 1999

  Mr. GORDON. Mr. Speaker, today, I am pleased to join Chairman 
Sensenbrenner in introducing the Computer Security Enhancement Act of 
1999. I was an original co-sponsor of similar legislation in the 105th 
Congress. The measure follows a stream of attacks just this past week 
on government Web sites including the Senate, White House, the National 
Oceanic Atmospheric Administration's severe weather warning site, the 
Defense Department and the FBI's National Infrastructure Protection 
Center, whose very purpose is to protect federal sites from such 
attacks.
  The Computer Security Enhancement Act of 1999 will encourage the use 
of computer security products, both by federal agencies and the private 
sector, which in turn will support the new electronic economy. I am 
convinced that we must have trustworthy and secure electronic network 
systems to foster the growth of electronic commerce. This legislation 
builds upon the successful track record of the National Institute of 
Standards and Technology (NIST) in working with industry and other 
federal agencies to develop a consensus on the necessary standards and 
protocols required to support electronic commerce.
  Chairman Sensenbrenner has already outlined the provisions of this 
bill. However, I would like to take a few minutes to explain provisions 
I added to this legislation that are based on H.R. 1572, the Digital 
Signature Act of 1999, which I introduced with the support of Chairman 
Sensenbrenner on 27 April 1999 to complement last year's Government 
Paperwork Elimination Act. When I introduced H.R. 1572, I stated that 
it was a work in progress. Section 13 of the Computer Security 
Enhancement Act, which we are introducing today, is the result of 
discussions I have had with industry and federal agencies.
  As a result of these discussions, the general provisions in H.R. 1572 
have been re-drafted to include all electronic authentication 
techniques. Section 13 requires NIST, working with industry, to develop 
minimum technical standards and guidelines for Federal agencies to 
follow when deploying any electronic authentication technologies. In 
addition, Section 13 authorizes the Undersecretary of Commerce for 
Technology to establish a National Policy Panel for Digital Signatures 
to explore the factors associated with the development of a National 
Digital Signature Infrastructure based on uniform model guidelines and 
standards to enable the widespread utilization of digital signatures in 
the private sector.
  I want to highlight that these provisions are technology neutral. 
Rather they encourage federal agencies to use uniform guidelines and 
criteria in deploying electronic authentication technologies and to 
ensure that their systems are interoperable. The provisions also 
encourage agencies to use commercial off-the-shelf software (COTS) 
whenever possible to meet their needs. None of these provisions give 
the Federal government the authority to establish standards or 
procedures for the private sector.
  The use of electronic authentication technologies are critical for 
the continued growth and security of electronic transactions on the 
Internet. With the rapid growth of the Internet we have lost the 
ability to actually ``know'' who we are communicating with is who they 
say they are. In order to exchange sensitive documents or to do 
business transactions with confidence it is important that electronic 
authentication systems are used that both uniquely identify both the 
sender and/or the recipient and verify that the information exchanged 
has not been altered in transit. Electronic authentication is as much 
of a computer security issue as having good firewalls, strong 
encryption, and virus scanners.
  I want to stress the underlying principle of the Computer Security 
Enhancement Act of 1999 is that it recognizes that government and 
private sector computer security needs are similar. Hopefully the 
result will be greater security and lower cost for everyone as we 
increasingly move towards an electronic economy.
  The bill we are introducing today is the result of close bipartisan 
cooperation and it has been a pleasure working with Chairman 
Sensenbrenner on this legislation.
  I urge my colleagues to support the Computer Security Enhancement Act 
of 1999.

                          ____________________