[Congressional Record Volume 163, Number 171 (Tuesday, October 24, 2017)]
[House]
[Pages H8104-H8107]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




STRENGTHENING CYBERSECURITY INFORMATION SHARING AND COORDINATION IN OUR 
                           PORTS ACT OF 2017

  Mr. McCAUL. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 3101) to enhance cybersecurity information sharing and 
coordination at ports in the United States, and for other purposes, as 
amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows

                               H.R. 3101

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Strengthening Cybersecurity 
     Information Sharing and Coordination in Our Ports Act of 
     2017''.

[[Page H8105]]

  


     SEC. 2. IMPROVING CYBERSECURITY RISK ASSESSMENTS, INFORMATION 
                   SHARING, AND COORDINATION.

       The Secretary of Homeland Security shall--
       (1) develop and implement a maritime cybersecurity risk 
     assessment model within 120 days after the date of the 
     enactment of this Act, consistent with the National Institute 
     of Standards and Technology Framework for Improving Critical 
     Infrastructure Cybersecurity and any update to that document 
     pursuant to Public Law 113-274, to evaluate current and 
     future cybersecurity risks (as such term is defined in 
     section 227 of the Homeland Security Act of 2002 (6 U.S.C. 
     148));
       (2) evaluate, on a periodic basis but not less often than 
     once every two years, the effectiveness of the maritime 
     cybersecurity risk assessment model under paragraph (1);
       (3) seek to ensure participation of at least one 
     information sharing and analysis organization (as such term 
     is defined in section 212 of the Homeland Security Act of 
     2002 (6 U.S.C. 131)) representing the maritime community in 
     the National Cybersecurity and Communications Integration 
     Center, pursuant to subsection (d)(1)(B) of section 227 of 
     such Act;
       (4) establish guidelines for voluntary reporting of 
     maritime-related cybersecurity risks and incidents (as such 
     terms are defined in section 227 of such Act) to the Center 
     (as such term is defined subsection (b) of such section 227), 
     and other appropriate Federal agencies; and
       (5) request the National Maritime Security Advisory 
     Committee established under section 70112 of title 46, United 
     States Code, to report and make recommendations to the 
     Secretary on enhancing the sharing of information related to 
     cybersecurity risks and incidents, consistent with the 
     responsibilities of the Center, between relevant Federal 
     agencies and--
       (A) State, local, and tribal governments;
       (B) relevant public safety and emergency response agencies;
       (C) relevant law enforcement and security organizations;
       (D) maritime industry;
       (E) port owners and operators; and
       (F) terminal owners and operators.

     SEC. 3. CYBERSECURITY ENHANCEMENTS TO MARITIME SECURITY 
                   ACTIVITIES.

       The Secretary of Homeland Security, acting through the 
     Commandant of the Coast Guard, shall direct--
       (1) each Area Maritime Security Advisory Committee 
     established under section 70112 of title 46, United States 
     Code, to facilitate the sharing of cybersecurity risks and 
     incidents to address port-specific cybersecurity risks, which 
     may include the establishment of a working group of members 
     of Area Maritime Security Advisory Committees to address 
     port-specific cybersecurity vulnerabilities; and
       (2) that any area maritime transportation security plan and 
     any vessel or facility security plan required under section 
     70103 of title 46, United States Code, approved after the 
     development of the cybersecurity risk assessment model 
     required by paragraph (1) of section 2 include a mitigation 
     plan to prevent, manage, and respond to cybersecurity risks 
     (as such term is defined in section 227 of the Homeland 
     Security Act of 2002 (6 U.S.C. 148)).

     SEC. 4. VULNERABILITY ASSESSMENTS AND SECURITY PLANS.

       Title 46, United States Code, is amended--
       (1) in section 70102(b)(1)(C), by inserting 
     ``cybersecurity,'' after ``physical security,''; and
       (2) in section 70103(c)(3)(C), by striking ``and'' after 
     the semicolon at the end of clause (iv), by redesignating 
     clause (v) as clause (vi), and by inserting after clause (iv) 
     the following:
       ``(v) prevention, management, and response to cybersecurity 
     risks; and''.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
Texas (Mr. McCaul) and the gentleman from Texas (Mr. Vela) each will 
control 20 minutes.
  The Chair recognizes the gentleman from Texas (Mr. McCaul).


                             General Leave

  Mr. McCAUL. Mr. Speaker, I ask unanimous consent that all Members may 
have 5 legislative days within which to revise and extend their remarks 
and include extraneous material on the bill under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Texas?
  There was no objection.
  Mr. McCAUL. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise today in support of the Strengthening 
Cybersecurity Information Sharing and Coordination in Our Ports Act.
  More than $1.3 trillion in cargo travels through American seaports 
along our coasts every year. A safe but constant and unrestricted flow 
of goods and services through our maritime transportation system have 
played a vital role in allowing the United States to become the global 
superpower it is today. To put it simply, our seaports are the gateways 
to our economic survival.
  Unfortunately, as our port systems increasingly benefit from new 
technology, high-capacity information technology, and computer systems, 
they are also increasingly finding themselves in the crosshairs of 
those who are waging a cyber war against the United States. These 
attacks originate from rogue hackers, terrorist groups, and adversarial 
nation-states, and America is a constant target.
  In recent years, China successfully stole over 20 million security 
clearances from OPM. Russia has waged a cyber war against our political 
system. Equifax had a breach that jeopardized sensitive information on 
over 43 million people.
  In June, the Port of Los Angeles, one that several of our committee 
members will be visiting next week, was briefly shut down because of a 
cyber attack. This is one of our busiest ports, and it is estimated 
that it cost nearly $300 million in economic damage. We must do more to 
strengthen cybersecurity of these essential maritime hubs.
  Fortunately, we have that opportunity. The legislation before us 
requires the Department and the Secretary of Homeland Security to 
implement a risk assessment model which focuses on cybersecurity 
vulnerabilities and risk. This assessment will be reviewed periodically 
so we can determine the best security practices to implement at each 
port.
  The bill also requires that the DHS Secretary work with the National 
and Area Maritime Security Advisory Committees to analyze and share 
cyber risks and to report to Congress measures that have been taken to 
improve cybersecurity at our Nation's ports. This bill will strengthen 
the security of our homeland and protect our economic assets.
  Mr. Speaker, I want to thank Congresswoman Torres and other members 
of the Homeland Security Committee for their hard work on this issue. I 
urge my colleagues to support this commonsense bill, and I reserve the 
balance of my time.

         Committee on Transportation and Infrastructure, House of 
           Representatives,
                                 Washington, DC, October 19, 2017.
     Hon. Michael T. McCaul,
     Chairman, Committee on Homeland Security,
     Washington, DC.
       I write concerning H.R. 3101, the Strengthening 
     Cybersecurity Information Sharing and Coordination in Our 
     Ports Act of 2017. This legislation includes matters that 
     fall within the Rule X jurisdiction of the Committee on 
     Transportation and Infrastructure.
       I recognize and appreciate your desire to bring this 
     legislation before the House of Representatives in an 
     expeditious manner, and accordingly, the Committee on 
     Transportation and Infrastructure will forego action on the 
     bill. However, this is conditional on our mutual 
     understanding that foregoing consideration of the bill does 
     not prejudice the Committee with respect to the appointment 
     of conferees or to any future jurisdictional claim over the 
     subject matters contained in the bill or similar legislation 
     that fall within the Committee's Rule X jurisdiction. 
     Further, this is conditional on our understanding that 
     mutually agreed upon changes to the legislation will be 
     incorporated into the bill prior to floor consideration. 
     Lastly, should a conference on the bill be necessary, I 
     request your support for the appointment of conferees from 
     the Committee on Transportation and Infrastructure during any 
     House-Senate conference convened on this or related 
     legislation.
       Finally, I would ask that a copy this letter and your 
     response acknowledging our jurisdictional interest be 
     included in the bill report filed by the Committee on 
     Homeland Security, as well as in the Congressional Record 
     during consideration of the measure on the House floor, to 
     memorialize our understanding. I look forward to working with 
     the Committee on Homeland Security as the bill moves through 
     the legislative process.
           Sincerely,
                                                     Bill Shuster,
     Chairman.
                                  ____

                                         House of Representatives,


                               Committee on Homeland Security,

                                 Washington, DC, October 19, 2017.
     Hon. Bill Shuster,
     Chairman, Committee on Transportation and Infrastructure, 
         Washington, DC.
       Dear Chairman Shuster: Thank you for your letter regarding 
     H.R. 3101, the ``Strengthening Cybersecurity Information 
     Sharing and Coordination in Our Ports Act of 2017.'' I 
     appreciate your support in bringing this legislation before 
     the House of Representatives, and accordingly, understand 
     that the Committee on Transportation and Infrastructure will 
     forego further consideration of the bill.
       The Committee on Homeland Security concurs with the mutual 
     understanding that by foregoing consideration of this bill at 
     this time, the Committee on Transportation and

[[Page H8106]]

     Infrastructure does not waive any jurisdiction over the 
     subject matter contained in this bill or similar legislation 
     in the future. In addition, should a conference on this bill 
     be necessary, I would support your request to have the 
     Committee represented on the conference committee. Further, 
     the Committee on Homeland Security agrees that mutually 
     agreed upon changes to the legislation will be incorporated 
     into the bill prior to floor consideration.
       I will insert copies of this exchange in the report on the 
     bill and in the Congressional Record during consideration of 
     this bill on the House floor. I thank you for your 
     cooperation in this matter.
           Sincerely,
                                                Michael T. McCaul,
                                                         Chairman.

  Mr. VELA. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I stand today in support of H.R. 3101, the Strengthening 
Cybersecurity Information Sharing and Coordination in Our Ports Act.
  Port facilities serve as a vital economic function for our Nation and 
the communities in which they are located. The approximately 360 
commercial maritime ports operating across the United States handle 
more than $1.3 trillion in cargo, annually.
  To facilitate and maintain this level of economic activity, the 
maritime sector increasingly relies on technology to facilitate the 
movement of cargo into and through port facilities. Collectively, 
navigation, operations, and communication technologies enhance the 
competitiveness, safety, and reliability of the U.S. maritime sector.
  However, as port operations have become more automated, exposure to 
cyber threats and attacks have also increased. This homeland security 
threat is not unique to the maritime sector. In fact, since 2003, the 
Government Accountability Office has warned about the vulnerability of 
critical infrastructure and has called on the Federal Government to 
support efforts to bolster cybersecurity.
  To better protect port facilities from cyber attacks, Congress must 
ensure that expertise in both the private and public sector is 
leveraged effectively. H.R. 3101 would direct DHS to be more proactive 
in how it addresses cybersecurity risks at our Nation's ports.
  The first step in reducing cyber vulnerabilities is identifying the 
weak points in network security through risk assessments. H.R. 3101 
requires these assessments. The bill directs the Coast Guard to provide 
port facilities with guidelines on how to report cybersecurity risks in 
order to enhance the ability of both the Coast Guard and port operators 
to respond effectively to such attacks.
  By promoting cybersecurity information sharing and coordination 
between public and private partners at maritime facilities, H.R. 3101 
seeks to make a positive difference in how quickly terminal and port 
operators are able to prevent, mitigate, and recover from such attacks.
  H.R. 3101, if enacted, will help foster an environment in which DHS, 
the Coast Guard, ports, and port stakeholders work together to enhance 
the cybersecurity at our Nation's ports.
  Lastly, I would like to note the bipartisan support for this bill in 
the Homeland Security Committee. I thank Chairman McCaul, Ranking 
Member Thompson, and my colleague Congresswoman Torres for their hard 
work and leadership in this matter.
  Mr. Speaker, when this bill was considered last Congress and earlier 
this fall, committee colleagues on both sides of the aisle agreed that 
H.R. 3101 is a timely and worthwhile measure to support. I urge my 
colleagues to support H.R. 3101.
  Mr. Speaker, I yield 5 minutes to the gentlewoman from California 
(Mrs. Torres).
  Mrs. TORRES. Mr. Speaker, before I begin, I want to thank the 
chairman and also Ranking Member Thompson and Ranking Member Vela and 
all of their committee staff for their great work and support of this 
very important legislation. We would not be here today without their 
commitment to keeping our ports safe. Thank you.
  Mr. Speaker, you can't turn on the television or visit your favorite 
website without seeing cyber threats dominating the news. All 
industries, including our own Federal agencies, have been targets, 
costing our economy dearly and exposing the personal information of 
hundreds of millions of employees.
  This is a growing problem that is not going away. Rather, these 
threats are becoming more common and more severe. From the interference 
in our elections to attacks on government workers, email hacks, and the 
theft of credit card information, cyber threats are everywhere, and it 
is time that we modernize the Federal Government's planning and 
response to these threats.
  In June, a Danish shipping company was infected with malware that 
affected 17 of its shipping container terminals worldwide. The virus 
spread to 2 million computers within a 2-hour period. As a result, the 
largest terminal at the Port of Los Angeles shut down for 4 days from 
the cyber attack.
  A recent study estimated the cost of a shutdown of the Port of Los 
Angeles and Long Beach at $1 billion per day to the local economy.
  More than $1.3 trillion in cargo moves, annually, through our 
Nation's 360 commercial ports, and many of the goods that enter through 
the Port of Los Angeles and the Port of Long Beach come to my district 
before being shipped to the rest of the country.
  With this much economic activity and the increased use of cyber 
technology to manage port operations ranging from communications and 
navigation to engineering, safety, and cargo, it is critical to protect 
our maritime cyber infrastructure.

                              {time}  1500

  It is time that Congress modernize our Federal agencies. This is why 
I am proud to bring the Strengthening Cybersecurity Information Sharing 
and Coordination in Our Ports Act to the floor today.
  This legislation would improve information sharing and cooperation in 
addressing cybersecurity risks at our Nation's ports through several 
measures: setting standards for reporting, providing guidance to ports, 
bringing port representatives to the table for future planning, and 
modernizing how the Coast Guard addresses cyber threats.
  Mr. Speaker, these are commonsense measures. This bill has bipartisan 
support. The Strengthening Cybersecurity Information Sharing and 
Coordination in Our Ports Act passed the House unanimously last year, 
and I am confident that passage today will push the Senate into action.
  This legislation is supported by the Port of Los Angeles, 
Congressional PORTS Caucus chairs, and it is endorsed by the Maritime & 
Port Security Information Sharing and Analysis Organization. I urge my 
colleagues to support this legislation because we simply can't afford 
not to. Ports are too critical to our economy and our Nation.
  Mr. McCAUL. Mr. Speaker, I have no other speakers. If the gentleman 
from Texas has no other speakers, I am prepared to close once the 
gentleman does.
  Mr. Speaker, I reserve the balance of my time.
  Mr. VELA. Mr. Speaker, I yield myself the balance of my time.
  H.R. 3101 will help improve the way we manage cybersecurity risks at 
our Nation's commercial maritime ports. With the increased need for and 
use of technology at maritime facilities, it is in our national and 
economic interest for there to be better cyber information sharing and 
coordination efforts at our Nation's ports.
  By assessing cyber risks at individual port facilities and 
establishing countermeasures to mitigate these risks, the U.S. maritime 
sector will be better prepared to protect these important centers of 
economic activity.
  Mr. Speaker, I encourage my colleagues to support H.R. 3101, and I 
yield back the balance of my time.
  Mr. McCAUL. Mr. Speaker, I yield myself the balance of my time.
  I once again urge my colleagues to support this important 
legislation. I want to thank Congresswoman Torres for her strong 
leadership on this bill, Mr. Vela, Ranking Member Thompson.
  Mr. Speaker, we have passed over 50 bills out of my committee, out of 
the House floor, and sent them to the Senate, where they still sit 
there with no action whatsoever. And when it comes to homeland security 
measures, I believe that it is dangerous to do nothing, and I urge the 
Senate to take up action on this bill and the other 50 bills that we 
have sent over to the Senate.
  Mr. Speaker, I yield back the balance of my time.
  Ms. JACKSON LEE. Mr. Speaker, I rise in support of H.R. 3101, the 
Strengthening Cybersecurity Information Sharing and Coordination in Our 
Ports Act of 2017.

[[Page H8107]]

  I thank Congresswoman Torres for introducing this important piece of 
legislation that addresses security at our nation's ports.
  H.R. 3101 requires the Department of Homeland Security (DHS) to 
facilitate increased information sharing about cybersecurity among 
maritime interests.
  The bill requires DHS to:
  Develop, implement, and continually review a maritime cybersecurity 
risk assessment model to evaluate current and future cybersecurity 
risks;
  Seek input from at least one information sharing and analysis 
organization representing maritime interests in the National 
Cybersecurity and Communications Integration Center;
  Establish voluntary reporting guidelines for maritime-related 
cybersecurity risks and incidents;
  Request that the National Maritime Security Advisory Committee report 
and make recommendations to DHS about methods to enhance cybersecurity 
and information sharing among security stakeholders from federal, 
state, local, and tribal governments; public safety and emergency 
response agencies; law enforcement and security organizations; maritime 
industry participants; port owners and operators; and maritime terminal 
owners and operators; and
  Ensure that maritime security risk assessments include cybersecurity 
risks to ports and the maritime border of the United States.
  As a senior member of the House Committee on Homeland Security and 
former Ranking Member of the Committee's Subcommittee on Border and 
Maritime Security, I am well aware of the hard work that the Houston 
Port Authority, and the Department of Homeland Security has done to 
secure the port, its workers, and the millions of tons of imports and 
exports that traverse the waters of the Port of Houston each week.
  According to the U.S. Department of Transportation the U.S. maritime 
border covers 95,000 miles of shoreline with 361 seaports.
  Ocean transportation accounts for 95 percent of cargo tonnage that 
moves in and out of the country, with 8,588 commercial vessels making 
82,044 port calls in 2015.
  The Port of Houston is a 25-mile-long complex of diversified public 
and private facilities located just a few hours' sailing time from the 
Gulf of Mexico.
  In 2012, ship channel-related businesses contributed 1,026,820 jobs 
and generated more than $178.5 billion in statewide economic activity.
  In 2014, among U.S. ports the Port of Houston was ranked:
  1st in foreign tonnage;
  Largest Texas port with 46 percemt of market share by tonnage and 95 
percent market share in containers by total TEUS in 2014;
  Largest Gulf Coast container port, handling 67 percent of U.S. Gulf 
Coast container traffic in 2014;
  2nd in total foreign cargo value (based on U.S. Dept. of Commerce, 
Bureau of Census).
  The Government Accountability Office (GAO) reports that the Port of 
Houston port, and its waterways, and vessels are part of an economic 
engine handling more than $700 billion in merchandise annually.
  The Port of Houston houses approximately 100 steamship lines offering 
services that link Houston with 1,053 ports in 203 countries.
  The Port of Houston is a $15 billion petrochemical complex, the 
largest in the nation and second largest worldwide.
  These statistics clearly communicate the potential for a terrorist 
attack using nuclear or radiological material may in some estimations 
be low, but should an attack occur the consequences would be 
catastrophic, and for this reason we cannot be lax in our efforts to 
deter, detect and defeat attempts by terrorists to perpetrate such a 
heinous act of terrorism.
  The Department of Homeland Security (DHS) plays an essential role in 
domestic defense against the potential smuggling of a weapon of mass 
destruction in a shipping container or the use of a bomb-laden small 
vessel to carry out an attack at a port.
  Earlier this year, a global malware attack occurred that caused 
significant harm to international shipping giant A.P. Moller-Maersk.
  That attack revealed serious vulnerabilities in our nation's maritime 
security, which is still being assessed.
  The only way port operations were able to resume following the attack 
at one of our nation's busiest ports was to revert to a manual system 
to process cargo and ships.
  This was not the first time that cyber criminals used technology 
against port operations.
  Approximately $1.3 trillion in cargo passes through our nation's 360 
commercial ports.
  The convenience, precision and accuracy provided by digital 
technology in processing cargo through our nation's ports adds to their 
capacity to manage tonnage.
  Securing cyber technology to manage port operations, ranging from 
communication and navigation to engineering, safety, and cargo, is 
critical to protect our nation's maritime cyber infrastructure.
  Government leaders and security experts are concerned that the 
maritime transportation system could be used by terrorists to smuggle 
personnel, weapons of mass destruction, or other dangerous materials 
into the United States.
  They are also concerned that ships in U.S. ports, particularly large 
commercial cargo ships or cruise ships, could be attacked by 
terrorists.
   A large-scale terrorist attack at a U.S. port, experts warn, could 
not only cause local death and damage, but also paralyze global 
maritime commerce.
  This is of particular concern at the Port of Houston, which is the 
busiest port in the nited States in terms of foreign tonnage, second-
busiest in the United States in terms of overall tonnage, and 
fifteenth-busiest in the world.
  DHS, through U.S. Customs and Border Protection, the Transportation 
Security Administration, and the U.S. Coast Guard, administers several 
essential programs that secure our Nation's ports and waterways.
  I include in the Record a letter dated March 30, 2017, that I sent to 
the Chair and Ranking Member of the Committee on Homeland Security 
requesting a field hearing on the topic of port security.
  I ask my colleagues join me in voting to pass H.R. 3101, the 
Strengthening Cybersecurity Information Sharing and Coordination in Our 
Ports Act of 2017.

                                    Congress of the United States,


                                     House of Representatives,

                                   Washington, DC, March 30, 2017.
     Hon. Michael McCaul,
     Chair, House Committee on Homeland Security, House of 
         Representatives, Washington, DC.
     Hon. Bennie Thompson,
     Ranking Member, House Committee on Homeland Security, House 
         of Representatives, Washington, DC.
       Dear Chairman McCaul and Ranking Member Thompson: Your 
     leadership to secure the homeland from terrorist attacks by 
     putting the needs of the nation first in matters before the 
     Committee is commendable. I am writing to request that as 
     Chair and Ranking Member that you invite senior members of 
     the Committee to join you for a meeting with Houston Port 
     facility security and industrial manufacturing professionals 
     to discuss the work and industry that takes place at that 
     port.
       The issue of port security remains integral to our 
     Committee's work, and this opportunity for you, and senior 
     members of the committee to learn more about modern ports is 
     appreciated. Ports are indispensable to our nation's economic 
     health as engines of commercial transportation as well as the 
     gateway for food and essential goods to the nation's 
     interior. The evolution of major ports, like the Port of 
     Houston into co-location sites for manufacturing means port 
     security challenges have expanded.
       Thank you for your work to secure our nation from terrorist 
     threats by keeping the committee abreast of the most critical 
     security issues facing our nation. I look forward to your 
     positive reply to this request.
           Very truly yours,
                                               Sheila Jackson Lee,
                                               Member of Congress.

  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from Texas (Mr. McCaul) that the House suspend the rules and 
pass the bill, H.R. 3101, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  A motion to reconsider was laid on the table.

                          ____________________