[Congressional Record Volume 156, Number 151 (Thursday, November 18, 2010)]
[Extensions of Remarks]
[Page E1976]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




 H.R. 6423, THE ``HOMELAND SECURITY CYBER AND PHYSICAL INFRASTRUCTURE 
                        PROTECTION ACT 0F 2010''

                                 ______
                                 

                        HON. BENNIE G. THOMPSON

                             of mississippi

                    in the house of representatives

                      Thursday, November 18, 2010

  Mr. THOMPSON of Mississippi. Madam Speaker, illegal penetrations or 
``hacks'' of computer networks have become an increasingly serious 
homeland security issue. Not only do they threaten the personal 
fortunes and identities of our citizens but also the effective 
functioning of our government, our infrastructure, our economy, and our 
national security. As Americans at all levels of society--from their 
personal lives to their professional work--grow increasingly reliant on 
computers and those computers become ever more connected, the scope of 
this security vulnerability continues to expand at a dizzying rate. 
Over the past year or so, there has been an active Congressional debate 
about what should be done to address this significant homeland security 
vulnerability. The introduction of the ``Homeland Security Cyber and 
Physical Infrastructure Protection Act of 2010,'' is intended to 
refocus the debate away from Presidential Internet shut-down authority 
and other ``what ifs'' and back to the central Federal cybersecurity 
challenge--the mismatch between the Department of Homeland Security's, 
DHS, designation, since 2003, as the ``focal point for security of 
cyberspace,'' and the authorities conferred to DHS to fulfill its 
cybersecurity mission with respect to networks operated by Federal 
civilian agencies and critical infrastructure.
  The ``Homeland Security Cyber and Physical Infrastructure Protection 
Act of 2010,'' seeks to enhance DHS' cybersecurity capacity by 
authorizing the DHS Office of Cybersecurity and Communications and 
creating a new Cybersecurity Compliance Division to oversee the 
establishment of performance-based standards responsive to the 
particular risks to the (1) .gov domain and (2) critical infrastructure 
networks, respectively. This bill is designed to require DHS to work 
with network operators to develop tailored security plans that meet 
risk-based, performance-based standards, as is being done in DHS' 
Chemical Facility Anti-terrorism program.
  ``Homeland Security Cyber and Physical Infrastructure Protection Act 
of 2010,'' is focused on providing the Department of Homeland Security, 
DHS, with the resources and authority that it needs to fulfill its 
Federal responsibility as the protector of our Nation's cyberspace. 
Specifically, the bill seeks to give DHS the resource and authority 
needed to strengthen the cybersecurity of (1) Federal government 
networks--the ``.gov'' domain--and (2) critical infrastructure in the 
private sector.
  From a security and good-government standpoint, the way to deliver 
better cybersecurity is to leverage, modify, and enhance existing 
structures and efforts, rather than make wholesale bureaucratic 
changes. To that end, my bill authorizes a cybersecurity operation 
within the Department of Homeland Security that not only runs parallel 
to the Department's infrastructure protection work but also leverages, 
modifies, and enhances existing cybersecurity structures and programs. 
My bill specifically directs DHS to issue risk-based, performance-based 
cybersecurity standards for computer networks for systems in the .gov 
domain and those within the private sector that are within designated 
critical infrastructure.
  For DHS' efforts to succeed, there needs to be ``buy-in'' on the 
front end and compliance on the hack end. The bill fosters ``buy-in'' 
from the operators of the civilian Federal networks by establishing a 
working group comprised of Federal agencies, and chaired by the 
Secretary of Homeland Security, that is responsible for establishing 
risk-based, performance-based standards and corresponding remedies, 
including penalties, for non-compliance with these standards. 
Similarly, to foster ``buy-in'' for risk-based, performance-based 
standards for the critical infrastructure firms, DHS is directed to 
develop the standards in consultation with a wide range of 
stakeholders--from the Intelligence Community to the heads of sector-
specific agencies to councils representing the interests of private 
sector companies--and subject the standards to the notice and comment 
regulatory process.
  With respect to compliance, my bill directs DHS to look at approaches 
to foster compliance--such as liability protection under the Safety 
Act--and grants DHS the authority to delegate enforcement to another 
Federal department that has an existing regulatory authority over that 
sector. In some cases, delegation will prevent private sector firms 
from being subjected to redundant and overlapping regulations.
  To ensure compliance, civilian Federal networks will be regularly 
monitored by DHS to ensure that each agency is in compliance with the 
standards adopted by the Federal agency working group. The bill 
requires DHS to report infractions and corresponding remedies to the 
Office of Management and Budget, who, in turn, is required to execute 
the corresponding penalty or remedy.
  My bill also includes a number of provisions to improve the reporting 
of cyber incidents, the sharing of information on cyber threats, the 
capacity of DHS to hire 500 additional cyber professionals and the 
level of cybersecurity research and development activities.
  Taken together, the ``Homeland Security Cyber and Physical 
Infrastructure Protection Act of 2010,'' will make our Nation more 
secure and better position DHS--the ``focal point for the security of 
cyberspace,'' under Homeland Security Presidential Directive 7--to 
fulfill its critical homeland security mission. I urge Members to join 
me and cosponsor this important, common-sense homeland security 
legislation.

                          ____________________