Congressional Record, Volume 160 Issue 151 (Thursday, December 11, 2014)

[Congressional Record Volume 160, Number 151 (Thursday, December 11, 2014)]
[House]
[Pages H9062-H9065]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

Mr. McCAUL. Mr. Speaker, I move to suspend the rules and pass the
bill (S. 2519) to codify an existing operations center for
cybersecurity.
The Clerk read the title of the bill.
The text of the bill is as follows:

S. 2519

Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``National Cybersecurity
Protection Act of 2014''.

SEC. 2. DEFINITIONS.

In this Act--
(1) the term ``Center'' means the national cybersecurity
and communications integration center under section 226 of
the Homeland Security Act of 2002, as added by section 3;
(2) the term ``critical infrastructure'' has the meaning
given that term in section 2 of the Homeland Security Act of
2002 (6 U.S.C. 101);
(3) the term ``cybersecurity risk'' has the meaning given
that term in section 226 of the Homeland Security Act of
2002, as added by section 3;
(4) the term ``information sharing and analysis
organization'' has the meaning given that term in section
212(5) of the Homeland Security Act of 2002 (6 U.S.C.
131(5));
(5) the term ``information system'' has the meaning given
that term in section 3502(8) of title 44, United States Code;
and
(6) the term ``Secretary'' means the Secretary of Homeland
Security.

SEC. 3. NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION
CENTER.

(a) In General.--Subtitle C of title II of the Homeland
Security Act of 2002 (6 U.S.C. 141 et seq.) is amended by
adding at the end the following:

``SEC. 226. NATIONAL CYBERSECURITY AND COMMUNICATIONS
INTEGRATION CENTER.

``(a) Definitions.--In this section--
``(1) the term `cybersecurity risk' means threats to and
vulnerabilities of information or information systems and any
related consequences caused by or resulting from unauthorized
access, use, disclosure, degradation, disruption,
modification, or destruction of information or information
systems, including such related consequences caused by an act
of terrorism;
``(2) the term `incident' means an occurrence that--
``(A) actually or imminently jeopardizes, without lawful
authority, the integrity, confidentiality, or availability of
information on an information system; or
``(B) constitutes a violation or imminent threat of
violation of law, security policies, security procedures, or
acceptable use policies;
``(3) the term `information sharing and analysis
organization' has the meaning given that term in section
212(5); and
``(4) the term `information system' has the meaning given
that term in section 3502(8) of title 44, United States Code.
``(b) Center.--There is in the Department a national
cybersecurity and communications integration center (referred
to in this section as the `Center') to carry out certain
responsibilities of the Under Secretary appointed under
section 103(a)(1)(H).
``(c) Functions.--The cybersecurity functions of the Center
shall include--
``(1) being a Federal civilian interface for the multi-
directional and cross-sector sharing of information related
to cybersecurity risks, incidents, analysis, and warnings for
Federal and non-Federal entities;
``(2) providing shared situational awareness to enable
real-time, integrated, and operational actions across the
Federal Government and non-Federal entities to address
cybersecurity risks and incidents to Federal and non-Federal
entities;
``(3) coordinating the sharing of information related to
cybersecurity risks and incidents across the Federal
Government;
``(4) facilitating cross-sector coordination to address
cybersecurity risks and incidents, including cybersecurity
risks and incidents that may be related or could have
consequential impacts across multiple sectors;
``(5)(A) conducting integration and analysis, including
cross-sector integration and analysis, of cybersecurity risks
and incidents; and
``(B) sharing the analysis conducted under subparagraph (A)
with Federal and non-Federal entities;
``(6) upon request, providing timely technical assistance,
risk management support, and incident response capabilities
to Federal and non-Federal entities with respect to
cybersecurity risks and incidents, which may include
attribution, mitigation, and remediation; and
``(7) providing information and recommendations on security
and resilience measures to Federal and non-Federal entities,
including information and recommendations to--
``(A) facilitate information security; and
``(B) strengthen information systems against cybersecurity
risks and incidents.
``(d) Composition.--
``(1) In general.--The Center shall be composed of--
``(A) appropriate representatives of Federal entities, such
as--
``(i) sector-specific agencies;
``(ii) civilian and law enforcement agencies; and
``(iii) elements of the intelligence community, as that
term is defined under section 3(4) of the National Security
Act of 1947 (50 U.S.C. 3003(4));
``(B) appropriate representatives of non-Federal entities,
such as--
``(i) State and local governments;
``(ii) information sharing and analysis organizations; and
``(iii) owners and operators of critical information
systems;
``(C) components within the Center that carry out
cybersecurity and communications activities;
``(D) a designated Federal official for operational
coordination with and across each sector; and
``(E) other appropriate representatives or entities, as
determined by the Secretary.
``(2) Incidents.--In the event of an incident, during
exigent circumstances the Secretary may grant a Federal or
non-Federal entity immediate temporary access to the Center.
``(e) Principles.--In carrying out the functions under
subsection (c), the Center shall ensure--
``(1) to the extent practicable, that--
``(A) timely, actionable, and relevant information related
to cybersecurity risks, incidents, and analysis is shared;
``(B) when appropriate, information related to
cybersecurity risks, incidents, and analysis is integrated
with other relevant information and tailored to the specific
characteristics of a sector;
``(C) activities are prioritized and conducted based on the
level of risk;
``(D) industry sector-specific, academic, and national
laboratory expertise is sought and receives appropriate
consideration;
``(E) continuous, collaborative, and inclusive coordination
occurs--
``(i) across sectors; and
``(ii) with--

``(I) sector coordinating councils;
``(II) information sharing and analysis organizations; and
``(III) other appropriate non-Federal partners;

``(F) as appropriate, the Center works to develop and use
mechanisms for sharing information related to cybersecurity
risks and incidents that are technology-neutral,
interoperable, real-time, cost-effective, and resilient; and
``(G) the Center works with other agencies to reduce
unnecessarily duplicative sharing of information related to
cybersecurity risks and incidents;
``(2) that information related to cybersecurity risks and
incidents is appropriately safeguarded against unauthorized
access; and
``(3) that activities conducted by the Center comply with
all policies, regulations, and laws that protect the privacy
and civil liberties of United States persons.
``(f) No Right or Benefit.--
``(1) In general.--The provision of assistance or
information to, and inclusion in the Center of, governmental
or private entities under this section shall be at the sole
and unreviewable discretion of the Under Secretary appointed
under section 103(a)(1)(H).
``(2) Certain assistance or information.--The provision of
certain assistance or information to, or inclusion in the
Center of, one governmental or private entity pursuant to
this section shall not create a right or benefit, substantive
or procedural, to similar assistance or information for any
other governmental or private entity.''.
(b) Technical and Conforming Amendment.--The table of
contents in section 1(b) of the Homeland Security Act of 2002
(6 U.S.C. 101 note) is amended by inserting after the item
relating to section 225 the following:

``Sec. 226. National cybersecurity and communications integration
center.''.

[[Page H9063]]

SEC. 4. RECOMMENDATIONS REGARDING NEW AGREEMENTS.

(a) In General.--Not later than 180 days after the date of
enactment of this Act, the Secretary shall submit
recommendations on how to expedite the implementation of
information-sharing agreements for cybersecurity purposes
between the Center and non-Federal entities (referred to in
this section as ``cybersecurity information-sharing
agreements'') to--
(1) the Committee on Homeland Security and Governmental
Affairs and the Committee on the Judiciary of the Senate; and
(2) the Committee on Homeland Security and the Committee on
the Judiciary of the House of Representatives.
(b) Contents.--In submitting recommendations under
subsection (a), the Secretary shall--
(1) address the development and utilization of a scalable
form that retains all privacy and other protections in
cybersecurity information-sharing agreements that are in
effect as of the date on which the Secretary submits the
recommendations, including Cooperative Research and
Development Agreements; and
(2) include in the recommendations any additional
authorities or resources that may be needed to carry out the
implementation of any new cybersecurity information-sharing
agreements.

SEC. 5. ANNUAL REPORT.

Not later than 1 year after the date of enactment of this
Act, and every year thereafter for 3 years, the Secretary
shall submit to the Committee on Homeland Security and
Governmental Affairs and the Committee on the Judiciary of
the Senate, the Committee on Homeland Security and the
Committee on the Judiciary of the House of Representatives,
and the Comptroller General of the United States a report on
the Center, which shall include--
(a) information on the Center, including--
(1) an assessment of the capability and capacity of the
Center to carry out its cybersecurity mission under this Act;
(2) the number of representatives from non-Federal entities
that are participating in the Center, including the number of
representatives from States, nonprofit organizations, and
private sector entities, respectively;
(3) the number of requests from non-Federal entities to
participate in the Center and the response to such requests;
(4) the average length of time taken to resolve requests
described in paragraph (3);
(5) the identification of--
(A) any delay in resolving requests described in paragraph
(3) involving security clearance processing; and
(B) the agency involved with a delay described in
subparagraph (A);
(6) a description of any other obstacles or challenges to
resolving requests described in paragraph (3) and a summary
of the reasons for denials of any such requests;
(7) the extent to which the Department is engaged in
information sharing with each critical infrastructure sector,
including--
(A) the extent to which each sector has representatives at
the Center;
(B) the extent to which owners and operators of critical
infrastructure in each critical infrastructure sector
participate in information sharing at the Center; and
(C) the volume and range of activities with respect to
which the Secretary has collaborated with the sector
coordinating councils and the sector-specific agencies to
promote greater engagement with the Center; and
(8) the policies and procedures established by the Center
to safeguard privacy and civil liberties.

SEC. 6. GAO REPORT.

Not later than 2 years after the date of enactment of this
Act, the Comptroller General of the United States shall
submit to the Committee on Homeland Security and Governmental
Affairs of the Senate and the Committee on Homeland Security
of the House of Representatives a report on the effectiveness
of the Center in carrying out its cybersecurity mission.

SEC. 7. CYBER INCIDENT RESPONSE PLAN; CLEARANCES; BREACHES.

(a) Cyber Incident Response Plan; Clearances.--Subtitle C
of title II of the Homeland Security Act of 2002 (6 U.S.C.
141 et seq.), as amended by section 3, is amended by adding
at the end the following:

``SEC. 227. CYBER INCIDENT RESPONSE PLAN.

``The Under Secretary appointed under section 103(a)(1)(H)
shall, in coordination with appropriate Federal departments
and agencies, State and local governments, sector
coordinating councils, information sharing and analysis
organizations (as defined in section 212(5)), owners and
operators of critical infrastructure, and other appropriate
entities and individuals, develop, regularly update,
maintain, and exercise adaptable cyber incident response
plans to address cybersecurity risks (as defined in section
226) to critical infrastructure.

``SEC. 228. CLEARANCES.

``The Secretary shall make available the process of
application for security clearances under Executive Order
13549 (75 Fed. Reg. 162; relating to a classified national
security information program) or any successor Executive
Order to appropriate representatives of sector coordinating
councils, sector information sharing and analysis
organizations (as defined in section 212(5)), owners and
operators of critical infrastructure, and any other person
that the Secretary determines appropriate.''.
(b) Breaches.--
(1) Requirements.--The Director of the Office of Management
and Budget shall ensure that data breach notification
policies and guidelines are updated periodically and
require--
(A) except as provided in paragraph (4), notice by the
affected agency to each committee of Congress described in
section 3544(c)(1) of title 44, United States Code, the
Committee on the Judiciary of the Senate, and the Committee
on Homeland Security and the Committee on the Judiciary of
the House of Representatives, which shall--
(i) be provided expeditiously and not later than 30 days
after the date on which the agency discovered the
unauthorized acquisition or access; and
(ii) include--

(I) information about the breach, including a summary of
any information that the agency knows on the date on which
notification is provided about how the breach occurred;
(II) an estimate of the number of individuals affected by
the breach, based on information that the agency knows on the
date on which notification is provided, including an
assessment of the risk of harm to affected individuals;
(III) a description of any circumstances necessitating a
delay in providing notice to affected individuals; and
(IV) an estimate of whether and when the agency will
provide notice to affected individuals; and

(B) notice by the affected agency to affected individuals,
pursuant to data breach notification policies and guidelines,
which shall be provided as expeditiously as practicable and
without unreasonable delay after the agency discovers the
unauthorized acquisition or access.
(2) National security; law enforcement; remediation.--The
Attorney General, the head of an element of the intelligence
community (as such term is defined under section 3(4) of the
National Security Act of 1947 (50 U.S.C. 3003(4)), or the
Secretary may delay the notice to affected individuals under
paragraph (1)(B) if the notice would disrupt a law
enforcement investigation, endanger national security, or
hamper security remediation actions.
(3) OMB report.--During the first 2 years beginning after
the date of enactment of this Act, the Director of the Office
of Management and Budget shall, on an annual basis--
(A) assess agency implementation of data breach
notification policies and guidelines in aggregate; and
(B) include the assessment described in clause (i) in the
report required under section 3543(a)(8) of title 44, United
States Code.
(4) Exception.--Any element of the intelligence community
(as such term is defined under section 3(4) of the National
Security Act of 1947 (50 U.S.C. 3003(4)) that is required to
provide notice under paragraph (1)(A) shall only provide such
notice to appropriate committees of Congress.
(c) Rule of Construction.--Nothing in the amendment made by
subsection (a) or in subsection (b)(1) shall be construed to
alter any authority of a Federal agency or department.
(d) Technical and Conforming Amendment.--The table of
contents in section 1(b) of the Homeland Security Act of 2002
(6 U.S.C. 101 note), as amended by section 3, is amended by
inserting after the item relating to section 226 the
following:

``Sec. 227. Cyber incident response plan.
``Sec. 228. Clearances.''.

SEC. 8. RULES OF CONSTRUCTION.

(a) Prohibition on New Regulatory Authority.--Nothing in
this Act or the amendments made by this Act shall be
construed to grant the Secretary any authority to promulgate
regulations or set standards relating to the cybersecurity of
private sector critical infrastructure that was not in effect
on the day before the date of enactment of this Act.
(b) Private Entities.--Nothing in this Act or the
amendments made by this Act shall be construed to require any
private entity--
(1) to request assistance from the Secretary; or
(2) that requested such assistance from the Secretary to
implement any measure or recommendation suggested by the
Secretary.

The SPEAKER pro tempore. Pursuant to the rule, the gentleman from
Texas (Mr. McCaul) and the gentleman from Mississippi (Mr. Thompson)
each will control 20 minutes.
The Chair recognizes the gentleman from Texas.

General Leave

Mr. McCAUL. Mr. Speaker, I ask unanimous consent that all Members
have 5 legislative days in which to revise and extend their remarks and
to include any extraneous material on the bill under consideration.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from Texas?
There was no objection.
Mr. McCAUL. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I would like to, first, start out by thanking--this was
not one person. This was a huge team effort, both in a bipartisan way
and bicameral way. I want to thank Pat

[[Page H9064]]

Meehan for his great leadership on this. I want to thank Yvette Clarke
for her great work and Bennie Thompson for being willing to come
together in a bipartisan way on our committee to get something good
done for the American people.
I want to thank Senators Carper and Coburn for moving forward--not
something that we see much this Congress, something actually coming out
of the Senate back to the House to pass out of this Congress, something
we haven't seen much these days.
I also want to thank the staff. I want to thank Alex Manning, who is
the staff director, and Brett DeWitt for his great work, tireless
hours, and on the Democrat side of the House as well, holding over 300
meetings with the private sector, working day in and day out to get to
the point where we are today on the House floor.
Mr. Speaker, I consider this to be a historic moment on the House
floor, as we pass the most significant cybersecurity legislation ever
passed by the Congress. This issue 10 years ago, no one would
understand it. Today, people are finally starting to wake up to the
fact that the threats from a cyber attack are real.
As we look at threats from China, from Russia, from Iran, we look at
the theft of IP--a lot of people have been hurt personally with Home
Depot and Target--we look at the theft of intellectual property from
Russia and China, we look at the espionage on a daily basis, every
Federal agency being hacked into, including the Pentagon, to steal
things out of this Federal Government, to hurt our national security,
and then, finally, we look at the most malicious threat, and that is a
threat to shut things down.
We saw recently, Mr. Speaker, an attack from Iran that shut down
30,000 hard drives of Aramco, the largest energy producer in Saudi
Arabia, while simultaneously hitting our financial sector. They
continue to hit our financial sector every day. They are hitting them
as I speak right now. We look at power grids being brought down and
water and energy. This threat is real. This threat must be dealt with.
I am pleased on the very last day of this Congress that we are going
to pass legislation that is going to protect America and make it safer,
that is going to protect our critical infrastructures from this daily
attack by foreign enemies that we have, unfortunately, across the
globe.

{time} 1015

How will that work? This bill will codify what is called the NCCIC.
The National Cybersecurity Protection Act will create and codify a
cyber command structure within DHS, the Department of Homeland
Security, that is a civilian interface to the private sector which has
been supported by both business groups like the Chamber and privacy
groups like the ACLU.
It is amazing how we can bring this coalition together, but that is
how strong this bill is: privacy and business coming together, doing
what is right.
This will create a safe harbor, Mr. Speaker, where the 16 critical
infrastructures, the 16 sectors, can come together. The Federal
Government can take our threat information, our malicious codes that
they use to attack us, and share that with the private sector. It also
allows the private sector to share the information that they have with
the Federal Government in a safe harbor that is protected both
businesswise and personally as well.
Eighty to 85 percent of this threat information lies in the private
sector. This coalition, if you will, this partnership of information
sharing will better protect our critical infrastructures, and most
importantly, to have the 16 sectors on the floor at the Department of
Homeland Security, at the cyber command, and at the NCCIC all on the
floor together sharing information, not just public and private, but
amongst the sectors themselves--which is not taking place today--will
go a long way to protecting American people and our critical
infrastructures.
We have great offensive capability in this country. Our military has
great cyber offensive capability to shut things down; in the wrong
hands, that makes us very vulnerable. Where our weakness, our
vulnerability lies is our ability to defend the Nation against these
cyber attacks, and they are getting worse and more malicious by
countries and state actors that don't really like us and want to do us
harm.
I am proud of the work that we have done. I am proud of the work we
have done in a bipartisan way, the work this committee has done, and I
am proud of what the Senate has finally achieved to bring this finally
to the point where we can pass this bill out of the United States
Congress and have it signed into law by the President of the United
States.
At the end of the day, it is what we got elected here to do, and that
is to do good things to govern and get good things done on behalf of
the American people.
Mr. Speaker, I reserve the balance of my time.
Mr. THOMPSON of Mississippi. Mr. Speaker, I yield myself such time as
I may consume.
Mr. Speaker, I rise in strong support of the Senate amendment to S.
2519, the National Cybersecurity Protection Act of 2014. This
bipartisan measure is a product of extensive bicameral negotiations
and, in many ways, the culmination of years of oversight work by this
committee.
It not only sends a strong message of support for the Department of
Homeland Security as the lead civilian agency for cybersecurity, but
also pays special attention to the challenge of bolstering network
security for critical infrastructure.
Over the past decade, Americans have come to understand the need for
cybersecurity to be woven into everything that a company, government,
or an individual does, from running the most intricate machinery to
everyday participation in social media.
Americans used to depend on the two oceans to protect us from
invasion. Interconnectedness resulting from advancement in technology
has fostered great economic, scientific, social, and cultural rewards.
At the same time, their interconnectedness allows our enemies to do
harm without ever stepping foot on U.S. soil.
One of the strengths of S. 2519 is that it emphasizes voluntary
information sharing and collaboration between the Department and
critical infrastructure owners and operators to address this national
threat. Importantly, it does so in a manner that is consistent with our
constitutional values and principles.
Much like the House-passed version of this measure, H.R. 3696, that
was heralded by the ACLU as ``pro-security and pro-privacy,'' the
measure under consideration today effectively avoids the privacy and
civil liberties pitfalls that have plagued other cyber information-
sharing legislation.
S. 2519 leverages existing private-public partnerships such as
information sharing and analysis centers and sector coordinating
councils to foster better information sharing and does so without
dangling the controversial liability protection ``carrot'' before
companies. The opportunity to access timely threat information from a
Federal civilian agency should be carrot enough to motivate companies
to engage with DHS.
The legislation before us today represents an important moment for
the committee and the 113th Congress. At the beginning of this
Congress, expectations were high for some legislative action in the
area of cybersecurity. It has taken some time to get here, but what we
have before us is something solid that sets forth what DHS must do as a
lead civilian agency for cybersecurity.
We have seen cybersecurity legislation fail to become law multiple
times. While President Obama's executive order is making progress in
attempts to shore up some cyber weaknesses in our Nation's fabric, more
work needs to be done.
With this cybersecurity legislation, we will be doing our part as DHS
authorizers to raise the level of cybersecurity, particularly within
the Federal Government and protecting our Nation's critical
infrastructure.
I reserve the balance of my time.
Mr. McCAUL. Mr. Speaker, I yield such time as he may consume to the
distinguished gentleman from Pennsylvania (Mr. Meehan).
Let me also, on a point of privilege, say what an honor it has been
to serve with you, sir. We are going to miss you on this committee.
Mr. MEEHAN. Mr. Speaker, let me thank the gentleman again for his
leadership not just on this particular issue, but his leadership of the
committee and, as I had said before, working with my colleagues on the
other

[[Page H9065]]

side in a bipartisan fashion for these important issues.
I will be brief on this, but I can tell you that it is not the
brevity of my words that will instill the seriousness of this issue.
When the chairman mentioned that this is some of the most important
legislation we have ever done on cybersecurity, I echo that sentiment
because the nature of the threat is real, growing, and constantly
changing.
The ability for us to be able to be adaptive in real time to
communicate with the private sector and the government facilities to
protect our homeland is critical.
A second point--and that is significant as well--is very real
attention was paid to the issue of privacy, recognizing the individual
desire to be assured that private information is not inappropriately
utilized or misapplied by anybody, let alone the government.
This bill was the product of work that was done in detail with over
300 different meetings working through the complexities of this
particular issue. As has already been articulated, it is one of the few
bills that I would imagine in this Congress--or any Congress--that has
strong endorsement from the Chamber of Commerce and the ACLU
simultaneously.
Lastly, by organizing by sector, this creates the framework. This is
the important foundation. There is still so much more to be done, but
this is the foundation of the house, of the structure that will allow
us to create and continue to create the kind of edifice that will
enable our private sector, our government sector, and indeed all of
those who are engaged in this issue in the country to be better
positioned to protect Americans, their information, and their safety.
I strongly endorse this, and I thank the gentleman for his
leadership.
Mr. THOMPSON of Mississippi. Mr. Speaker, I yield such time as she
may consume to the gentlewoman from New York (Ms. Clarke), the ranking
member of the Subcommittee on Cybersecurity, Infrastructure Protection,
and Security Technologies.
Ms. CLARKE of New York. Mr. Speaker, again, I thank the ranking
member for yielding me the time.
Mr. Speaker, I rise in support of S. 2519, the National Cybersecurity
Protection Act of 2014. We have worked long and hard to develop and
describe how DHS can best accomplish its complex cybersecurity mission.
I am pleased that our bipartisan and bicameral negotiations have been
fruitful and look forward to the progress that the Department can make
next year.
In closing, I would like to express what an honor it has been to
serve under the leadership of Ranking Member Thompson, Chairman McCaul,
and alongside Chairman Meehan in service to the homeland security
mission of our Nation.
I look forward to our continued collaboration as I move to my new
assignment on the Energy and Commerce Committee in the 114th Congress.
Mr. McCAUL. Mr. Speaker, I have no further speakers, and I reserve
the balance of my time.
Mr. THOMPSON of Mississippi. Mr. Speaker, I rise in strong support of
this legislation and thank my principal partner in the House, Chairman
McCaul, for his unwavering commitment to this issue and willingness to
work across the aisle to get it done.
I also want to recognize the contributions of the chairman and
ranking member of the Cybersecurity Subcommittee, Representatives
Meehan and Clarke, and our Senate partners.
Finally, I would like to acknowledge staff that helped us get this to
this point, Rosaline Cohen and Chris Schepis on my staff and Brett
DeWitt and Alex Manning on the majority staff.
Again, let me compliment the chair for not giving up and for staying
the course. Even doing it on the last day gets it done.
Mr. Speaker, I urge a ``yea'' vote, and I yield back the balance of
my time.
Mr. McCAUL. Mr. Speaker, I yield myself such time as I may consume.
I too want to recognize all the Members involved, the Senate, and
staff. To my ranking member, Bennie Thompson, I guess, as Churchill
said:

Never, ever give up.

Here we are on the last day of this Congress getting this done. What
a gratifying experience it is. What a great moment it is not just for
this Congress but, more importantly, for the American people and what
it represents.
Seventy-three years ago this week, this Nation was attacked at Pearl
Harbor. There are a lot of people that make analogies to what would be
a cyber Pearl Harbor if we are caught unprepared. I believe this bill
will go a long way to defending the Nation from what would be called a
cyber Pearl Harbor event.
My father served as a B-17 bombardier in the European theater. He
flew over 32 missions, including the air campaign in advance of the D-
day invasion and the Battle of the Bulge. They dropped kinetic bombs.
In the cyber world that we live in, we have to worry about digital
bombs and how we can stop that from hurting the United States, from
impacting the United States, from bringing the United States to its
knees. I believe this is the first step of many, and I look forward to
working on more legislation next Congress, but this is the historic
first step that we have taken in this Congress to move forward on this
very important issue and get it done to protect the American people.
With that, let me again thank everyone for their efforts. This has
been a great day for America.
Mr. Speaker, I yield back the balance of my time.

{time} 1030

The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from Texas (Mr. McCaul) that the House suspend the rules and
pass the bill, S. 2519.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill was passed.
A motion to reconsider was laid on the table.

____________________