[Congressional Record Volume 162, Number 145 (Monday, September 26, 2016)]
[House]
[Pages H5880-H5881]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                     CYBER PREPAREDNESS ACT OF 2016

  Mr. DONOVAN. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 5459) to amend the Homeland Security Act of 2002 to enhance 
preparedness and response capabilities for cyber attacks, bolster the 
dissemination of homeland security information related to cyber 
threats, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 5459

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Cyber Preparedness Act of 
     2016''.

     SEC. 2. INFORMATION SHARING.

       Title II of the Homeland Security Act of 2002 is amended--
       (1) in section 210A (6 U.S.C. 124h)--
       (A) in subsection (b)--
       (i) in paragraph (10), by inserting before the semicolon at 
     the end the following: ``, including, in coordination with 
     the national cybersecurity and communications integration 
     center under section 227, accessing timely technical 
     assistance, risk management support, and incident response 
     capabilities with respect to cyber threat indicators, 
     defensive measures, cybersecurity risks, and incidents (as 
     such terms are defined in such section), which may include 
     attribution, mitigation, and remediation, and the provision 
     of information and recommendations on security and 
     resilience, including implications of cybersecurity risks to 
     equipment and technology related to the electoral process'';
       (ii) in paragraph (11), by striking ``and'' after the 
     semicolon;
       (iii) by redesignating paragraph (12) as paragraph (14); 
     and
       (iv) by inserting after paragraph (11) the following new 
     paragraphs:
       ``(12) review information relating to cybersecurity risks 
     that is gathered by State, local, and regional fusion 
     centers, and incorporate such information, as appropriate, 
     into the Department's own information relating to 
     cybersecurity risks;
       ``(13) ensure the dissemination to State, local, and 
     regional fusion centers of information relating to 
     cybersecurity risks; and'';
       (B) in subsection (c)(2)--
       (i) by redesignating subparagraphs (C) through (G) as 
     subparagraphs (D) through (H), respectively; and
       (ii) by inserting after subparagraph (B) the following new 
     subparagraph:
       ``(C) The national cybersecurity and communications 
     integration center under section 227.'';
       (C) in subsection (d)--
       (i) in paragraph (3), by striking ``and'' after the 
     semicolon;
       (ii) by redesignating paragraph (4) as paragraph (5); and
       (iii) by inserting after paragraph (3) the following new 
     paragraph:
       ``(4) assist, in coordination with the national 
     cybersecurity and communications integration center under 
     section 227, fusion centers in using information relating to 
     cybersecurity risks to develop a comprehensive and accurate 
     threat picture; and''; and
       (D) in subsection (j)--
       (i) by redesignating paragraphs (1) through (5) as 
     paragraphs (2) through (6), respectively; and
       (ii) by inserting before paragraph (2), as so redesignated, 
     the following new paragraph:
       ``(1) the term `cybersecurity risk' has the meaning given 
     that term in section 227;''; and
       (2) in section 227 (6 U.S.C. 148)--
       (A) in subsection (c)--
       (i) in paragraph (5)(B), by inserting ``, including State 
     and major urban area fusion centers, as appropriate'' before 
     the semicolon at the end;
       (ii) in paragraph (7), in the matter preceding subparagraph 
     (A), by striking ``information and recommendations'' each 
     place it appears and inserting ``information, 
     recommendations, and best practices''; and
       (iii) in paragraph (9), by inserting ``and best practices'' 
     after ``defensive measures''; and
       (B) in subsection (d)(1)(B)(ii), by inserting ``and State 
     and major urban area fusion centers, as appropriate'' before 
     the semicolon at the end.

     SEC. 3. HOMELAND SECURITY GRANTS.

       Subsection (a) of section 2008 of the Homeland Security Act 
     of 2002 (6 U.S.C. 609) is amended--
       (1) by redesignating paragraphs (4) through (14) as 
     paragraphs (5) through (15), respectively; and
       (2) by inserting after paragraph (3) the following new 
     paragraph:
       ``(4) enhancing cybersecurity, including preparing for and 
     responding to cybersecurity risks and incidents and 
     developing State-wide cyber threat information analysis and 
     dissemination activities;''.

     SEC. 4. SENSE OF CONGRESS.

       It is the sense of Congress that to facilitate the timely 
     dissemination to appropriate State, local, and private sector 
     stakeholders of homeland security information related to 
     cyber threats, the Secretary of Homeland Security should, to 
     the greatest extent practicable, work to share actionable 
     information related to cyber threats in an unclassified form.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
York (Mr. Donovan) and the gentleman from New Jersey (Mr. Payne) each 
will control 20 minutes.
  The Chair recognizes the gentleman from New York.


                             General Leave

  Mr. DONOVAN. Mr. Speaker, I ask unanimous consent that all Members 
have 5 legislative days to revise and extend their remarks and to 
include any extraneous material on the bill under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New York?
  There was no objection.
  Mr. DONOVAN. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, September is National Preparedness Month, and as 
chairman of the Committee on Homeland Security's Subcommittee on 
Emergency Preparedness, Response, and Communications, I think it is 
fitting that we are here today to consider a number of bills that will 
enhance our homeland security, including legislation I introduced, H.R. 
5459, the Cyber Preparedness Act of 2016.
  Cybersecurity is a major national security issue, and the threat is 
real and immediate. For instance, a cyber attack causing widespread 
power outages could have major cascading consequences on public health 
and safety; however, it appears that the Nation is not adequately 
prepared to prevent and respond to cyber attacks.
  Since 2012, FEMA has released an annual National Preparedness Report, 
which highlights States' progress in meeting 32 core capabilities as 
defined by the National Preparedness Goal. Each year, States have 
ranked their cybersecurity capabilities as one of their lowest.
  In May, my subcommittee, the Emergency Preparedness, Response, and 
Communications Subcommittee, held a joint hearing with the Homeland 
Security Committee's Subcommittee on Cybersecurity, Infrastructure 
Protection, and Security Technologies to look at the current state of 
cyber preparedness and how the Federal Government can help the States 
address some of the challenges that they face.
  Witnesses explained that, while great progress has been made in 
enhancing their cybersecurity capabilities, challenges still remain, 
especially with regard to information sharing of cyber threats and 
risks and whether Homeland Security grants may be used for 
cybersecurity enhancements.
  I introduced H.R. 5459, the Cyber Preparedness Act of 2016, to 
address a number of findings from this hearing. My legislation 
addresses these findings by enhancing cyber risk information sharing 
with State and major urban area fusion centers; authorizing 
representatives from State and urban area fusion centers to be assigned 
to the National Cybersecurity and Communications Integration Center, 
and permitting the NCCIC personnel to be deployed to fusion centers; 
sharing information on cyber preparedness best practices with State and 
local stakeholders; clarifying the eligibility of

[[Page H5881]]

State Homeland Security Grant Program and Urban Areas Security 
Initiative funding for cybersecurity enhancements; and working to 
combat the overclassification of cyber risk information so that it can 
be shared more broadly with stakeholders with a need to know.
  I appreciate that Chairmen McCaul and Ratcliffe and Ranking Member 
Payne have joined me as original cosponsors of H.R. 5459. This 
bipartisan legislation was reported favorably by the Committee on 
Homeland Security earlier this month.
  I urge my colleagues to join me in supporting this bipartisan bill.
  I reserve the balance of my time.
  Mr. PAYNE. Mr. Speaker, I yield myself such time as I may consume.
  I rise in support of H.R. 5459, the Cyber Preparedness Act of 2016.
  Mr. Speaker, in May the Committee on Homeland Security held a hearing 
to examine how the Department of Homeland Security assists States in 
preparing and responding to cyber attacks. Historically, States have 
rated cybersecurity among the core capabilities in which they have the 
least confidence.
  At the hearing, we heard compelling testimony from State emergency 
managers and chief information officers about the initiatives States 
are undertaking to reverse that trend and prevent cyber attacks within 
their State. For instance, some States like New Jersey and California 
have begun developing their own cyber information-sharing capabilities 
akin to DHS' National Cybersecurity and Communications Integration 
Center.
  One of the consistent challenges witnesses identified, however, was 
the lack of robust cyber information sharing. H.R. 5459 addresses this 
challenge by promoting the sharing of cyber threat indicators and 
information, as well as cybersecurity best practices, with State and 
major urban area fusion centers.
  The bill also designates cybersecurity as an allowable use of State 
Homeland Security Grants and Urban Areas Security Initiative funds.
  Mr. Speaker, cyber attacks on systems that underpin the operation of 
critical infrastructure have the potential to wreak havoc on our 
communities. State emergency managers and chief information officers 
have made clear that the better sharing of cyber information is 
essential to preventing cyber attacks. H.R. 5459 seeks to improve cyber 
information sharing with fusion centers.
  Moreover, I would note that, with respect to cyber threats to 
election equipment, the committee adopted an amendment to specifically 
direct DHS to share cyber threat information regarding election 
equipment and technology with fusion centers. The right to vote is 
among the most cherished, and the integrity of our election process is 
fundamental to our democracy. We must protect it.
  I urge my colleagues to support H.R. 5459.
  I yield back the balance of my time.
  Mr. DONOVAN. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I once again urge my colleagues to support H.R. 5459.
  I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New York (Mr. Donovan) that the House suspend the rules 
and pass the bill, H.R. 5459, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  A motion to reconsider was laid on the table.

                          ____________________