[Congressional Record Volume 163, Number 171 (Tuesday, October 24, 2017)]
[House]
[Pages H8104-H8107]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
STRENGTHENING CYBERSECURITY INFORMATION SHARING AND COORDINATION IN OUR
PORTS ACT OF 2017
Mr. McCAUL. Mr. Speaker, I move to suspend the rules and pass the
bill (H.R. 3101) to enhance cybersecurity information sharing and
coordination at ports in the United States, and for other purposes, as
amended.
The Clerk read the title of the bill.
The text of the bill is as follows
H.R. 3101
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Strengthening Cybersecurity
Information Sharing and Coordination in Our Ports Act of
2017''.
[[Page H8105]]
SEC. 2. IMPROVING CYBERSECURITY RISK ASSESSMENTS, INFORMATION
SHARING, AND COORDINATION.
The Secretary of Homeland Security shall--
(1) develop and implement a maritime cybersecurity risk
assessment model within 120 days after the date of the
enactment of this Act, consistent with the National Institute
of Standards and Technology Framework for Improving Critical
Infrastructure Cybersecurity and any update to that document
pursuant to Public Law 113-274, to evaluate current and
future cybersecurity risks (as such term is defined in
section 227 of the Homeland Security Act of 2002 (6 U.S.C.
148));
(2) evaluate, on a periodic basis but not less often than
once every two years, the effectiveness of the maritime
cybersecurity risk assessment model under paragraph (1);
(3) seek to ensure participation of at least one
information sharing and analysis organization (as such term
is defined in section 212 of the Homeland Security Act of
2002 (6 U.S.C. 131)) representing the maritime community in
the National Cybersecurity and Communications Integration
Center, pursuant to subsection (d)(1)(B) of section 227 of
such Act;
(4) establish guidelines for voluntary reporting of
maritime-related cybersecurity risks and incidents (as such
terms are defined in section 227 of such Act) to the Center
(as such term is defined subsection (b) of such section 227),
and other appropriate Federal agencies; and
(5) request the National Maritime Security Advisory
Committee established under section 70112 of title 46, United
States Code, to report and make recommendations to the
Secretary on enhancing the sharing of information related to
cybersecurity risks and incidents, consistent with the
responsibilities of the Center, between relevant Federal
agencies and--
(A) State, local, and tribal governments;
(B) relevant public safety and emergency response agencies;
(C) relevant law enforcement and security organizations;
(D) maritime industry;
(E) port owners and operators; and
(F) terminal owners and operators.
SEC. 3. CYBERSECURITY ENHANCEMENTS TO MARITIME SECURITY
ACTIVITIES.
The Secretary of Homeland Security, acting through the
Commandant of the Coast Guard, shall direct--
(1) each Area Maritime Security Advisory Committee
established under section 70112 of title 46, United States
Code, to facilitate the sharing of cybersecurity risks and
incidents to address port-specific cybersecurity risks, which
may include the establishment of a working group of members
of Area Maritime Security Advisory Committees to address
port-specific cybersecurity vulnerabilities; and
(2) that any area maritime transportation security plan and
any vessel or facility security plan required under section
70103 of title 46, United States Code, approved after the
development of the cybersecurity risk assessment model
required by paragraph (1) of section 2 include a mitigation
plan to prevent, manage, and respond to cybersecurity risks
(as such term is defined in section 227 of the Homeland
Security Act of 2002 (6 U.S.C. 148)).
SEC. 4. VULNERABILITY ASSESSMENTS AND SECURITY PLANS.
Title 46, United States Code, is amended--
(1) in section 70102(b)(1)(C), by inserting
``cybersecurity,'' after ``physical security,''; and
(2) in section 70103(c)(3)(C), by striking ``and'' after
the semicolon at the end of clause (iv), by redesignating
clause (v) as clause (vi), and by inserting after clause (iv)
the following:
``(v) prevention, management, and response to cybersecurity
risks; and''.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from
Texas (Mr. McCaul) and the gentleman from Texas (Mr. Vela) each will
control 20 minutes.
The Chair recognizes the gentleman from Texas (Mr. McCaul).
General Leave
Mr. McCAUL. Mr. Speaker, I ask unanimous consent that all Members may
have 5 legislative days within which to revise and extend their remarks
and include extraneous material on the bill under consideration.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from Texas?
There was no objection.
Mr. McCAUL. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I rise today in support of the Strengthening
Cybersecurity Information Sharing and Coordination in Our Ports Act.
More than $1.3 trillion in cargo travels through American seaports
along our coasts every year. A safe but constant and unrestricted flow
of goods and services through our maritime transportation system have
played a vital role in allowing the United States to become the global
superpower it is today. To put it simply, our seaports are the gateways
to our economic survival.
Unfortunately, as our port systems increasingly benefit from new
technology, high-capacity information technology, and computer systems,
they are also increasingly finding themselves in the crosshairs of
those who are waging a cyber war against the United States. These
attacks originate from rogue hackers, terrorist groups, and adversarial
nation-states, and America is a constant target.
In recent years, China successfully stole over 20 million security
clearances from OPM. Russia has waged a cyber war against our political
system. Equifax had a breach that jeopardized sensitive information on
over 43 million people.
In June, the Port of Los Angeles, one that several of our committee
members will be visiting next week, was briefly shut down because of a
cyber attack. This is one of our busiest ports, and it is estimated
that it cost nearly $300 million in economic damage. We must do more to
strengthen cybersecurity of these essential maritime hubs.
Fortunately, we have that opportunity. The legislation before us
requires the Department and the Secretary of Homeland Security to
implement a risk assessment model which focuses on cybersecurity
vulnerabilities and risk. This assessment will be reviewed periodically
so we can determine the best security practices to implement at each
port.
The bill also requires that the DHS Secretary work with the National
and Area Maritime Security Advisory Committees to analyze and share
cyber risks and to report to Congress measures that have been taken to
improve cybersecurity at our Nation's ports. This bill will strengthen
the security of our homeland and protect our economic assets.
Mr. Speaker, I want to thank Congresswoman Torres and other members
of the Homeland Security Committee for their hard work on this issue. I
urge my colleagues to support this commonsense bill, and I reserve the
balance of my time.
Committee on Transportation and Infrastructure, House of
Representatives,
Washington, DC, October 19, 2017.
Hon. Michael T. McCaul,
Chairman, Committee on Homeland Security,
Washington, DC.
I write concerning H.R. 3101, the Strengthening
Cybersecurity Information Sharing and Coordination in Our
Ports Act of 2017. This legislation includes matters that
fall within the Rule X jurisdiction of the Committee on
Transportation and Infrastructure.
I recognize and appreciate your desire to bring this
legislation before the House of Representatives in an
expeditious manner, and accordingly, the Committee on
Transportation and Infrastructure will forego action on the
bill. However, this is conditional on our mutual
understanding that foregoing consideration of the bill does
not prejudice the Committee with respect to the appointment
of conferees or to any future jurisdictional claim over the
subject matters contained in the bill or similar legislation
that fall within the Committee's Rule X jurisdiction.
Further, this is conditional on our understanding that
mutually agreed upon changes to the legislation will be
incorporated into the bill prior to floor consideration.
Lastly, should a conference on the bill be necessary, I
request your support for the appointment of conferees from
the Committee on Transportation and Infrastructure during any
House-Senate conference convened on this or related
legislation.
Finally, I would ask that a copy this letter and your
response acknowledging our jurisdictional interest be
included in the bill report filed by the Committee on
Homeland Security, as well as in the Congressional Record
during consideration of the measure on the House floor, to
memorialize our understanding. I look forward to working with
the Committee on Homeland Security as the bill moves through
the legislative process.
Sincerely,
Bill Shuster,
Chairman.
____
House of Representatives,
Committee on Homeland Security,
Washington, DC, October 19, 2017.
Hon. Bill Shuster,
Chairman, Committee on Transportation and Infrastructure,
Washington, DC.
Dear Chairman Shuster: Thank you for your letter regarding
H.R. 3101, the ``Strengthening Cybersecurity Information
Sharing and Coordination in Our Ports Act of 2017.'' I
appreciate your support in bringing this legislation before
the House of Representatives, and accordingly, understand
that the Committee on Transportation and Infrastructure will
forego further consideration of the bill.
The Committee on Homeland Security concurs with the mutual
understanding that by foregoing consideration of this bill at
this time, the Committee on Transportation and
[[Page H8106]]
Infrastructure does not waive any jurisdiction over the
subject matter contained in this bill or similar legislation
in the future. In addition, should a conference on this bill
be necessary, I would support your request to have the
Committee represented on the conference committee. Further,
the Committee on Homeland Security agrees that mutually
agreed upon changes to the legislation will be incorporated
into the bill prior to floor consideration.
I will insert copies of this exchange in the report on the
bill and in the Congressional Record during consideration of
this bill on the House floor. I thank you for your
cooperation in this matter.
Sincerely,
Michael T. McCaul,
Chairman.
Mr. VELA. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I stand today in support of H.R. 3101, the Strengthening
Cybersecurity Information Sharing and Coordination in Our Ports Act.
Port facilities serve as a vital economic function for our Nation and
the communities in which they are located. The approximately 360
commercial maritime ports operating across the United States handle
more than $1.3 trillion in cargo, annually.
To facilitate and maintain this level of economic activity, the
maritime sector increasingly relies on technology to facilitate the
movement of cargo into and through port facilities. Collectively,
navigation, operations, and communication technologies enhance the
competitiveness, safety, and reliability of the U.S. maritime sector.
However, as port operations have become more automated, exposure to
cyber threats and attacks have also increased. This homeland security
threat is not unique to the maritime sector. In fact, since 2003, the
Government Accountability Office has warned about the vulnerability of
critical infrastructure and has called on the Federal Government to
support efforts to bolster cybersecurity.
To better protect port facilities from cyber attacks, Congress must
ensure that expertise in both the private and public sector is
leveraged effectively. H.R. 3101 would direct DHS to be more proactive
in how it addresses cybersecurity risks at our Nation's ports.
The first step in reducing cyber vulnerabilities is identifying the
weak points in network security through risk assessments. H.R. 3101
requires these assessments. The bill directs the Coast Guard to provide
port facilities with guidelines on how to report cybersecurity risks in
order to enhance the ability of both the Coast Guard and port operators
to respond effectively to such attacks.
By promoting cybersecurity information sharing and coordination
between public and private partners at maritime facilities, H.R. 3101
seeks to make a positive difference in how quickly terminal and port
operators are able to prevent, mitigate, and recover from such attacks.
H.R. 3101, if enacted, will help foster an environment in which DHS,
the Coast Guard, ports, and port stakeholders work together to enhance
the cybersecurity at our Nation's ports.
Lastly, I would like to note the bipartisan support for this bill in
the Homeland Security Committee. I thank Chairman McCaul, Ranking
Member Thompson, and my colleague Congresswoman Torres for their hard
work and leadership in this matter.
Mr. Speaker, when this bill was considered last Congress and earlier
this fall, committee colleagues on both sides of the aisle agreed that
H.R. 3101 is a timely and worthwhile measure to support. I urge my
colleagues to support H.R. 3101.
Mr. Speaker, I yield 5 minutes to the gentlewoman from California
(Mrs. Torres).
Mrs. TORRES. Mr. Speaker, before I begin, I want to thank the
chairman and also Ranking Member Thompson and Ranking Member Vela and
all of their committee staff for their great work and support of this
very important legislation. We would not be here today without their
commitment to keeping our ports safe. Thank you.
Mr. Speaker, you can't turn on the television or visit your favorite
website without seeing cyber threats dominating the news. All
industries, including our own Federal agencies, have been targets,
costing our economy dearly and exposing the personal information of
hundreds of millions of employees.
This is a growing problem that is not going away. Rather, these
threats are becoming more common and more severe. From the interference
in our elections to attacks on government workers, email hacks, and the
theft of credit card information, cyber threats are everywhere, and it
is time that we modernize the Federal Government's planning and
response to these threats.
In June, a Danish shipping company was infected with malware that
affected 17 of its shipping container terminals worldwide. The virus
spread to 2 million computers within a 2-hour period. As a result, the
largest terminal at the Port of Los Angeles shut down for 4 days from
the cyber attack.
A recent study estimated the cost of a shutdown of the Port of Los
Angeles and Long Beach at $1 billion per day to the local economy.
More than $1.3 trillion in cargo moves, annually, through our
Nation's 360 commercial ports, and many of the goods that enter through
the Port of Los Angeles and the Port of Long Beach come to my district
before being shipped to the rest of the country.
With this much economic activity and the increased use of cyber
technology to manage port operations ranging from communications and
navigation to engineering, safety, and cargo, it is critical to protect
our maritime cyber infrastructure.
{time} 1500
It is time that Congress modernize our Federal agencies. This is why
I am proud to bring the Strengthening Cybersecurity Information Sharing
and Coordination in Our Ports Act to the floor today.
This legislation would improve information sharing and cooperation in
addressing cybersecurity risks at our Nation's ports through several
measures: setting standards for reporting, providing guidance to ports,
bringing port representatives to the table for future planning, and
modernizing how the Coast Guard addresses cyber threats.
Mr. Speaker, these are commonsense measures. This bill has bipartisan
support. The Strengthening Cybersecurity Information Sharing and
Coordination in Our Ports Act passed the House unanimously last year,
and I am confident that passage today will push the Senate into action.
This legislation is supported by the Port of Los Angeles,
Congressional PORTS Caucus chairs, and it is endorsed by the Maritime &
Port Security Information Sharing and Analysis Organization. I urge my
colleagues to support this legislation because we simply can't afford
not to. Ports are too critical to our economy and our Nation.
Mr. McCAUL. Mr. Speaker, I have no other speakers. If the gentleman
from Texas has no other speakers, I am prepared to close once the
gentleman does.
Mr. Speaker, I reserve the balance of my time.
Mr. VELA. Mr. Speaker, I yield myself the balance of my time.
H.R. 3101 will help improve the way we manage cybersecurity risks at
our Nation's commercial maritime ports. With the increased need for and
use of technology at maritime facilities, it is in our national and
economic interest for there to be better cyber information sharing and
coordination efforts at our Nation's ports.
By assessing cyber risks at individual port facilities and
establishing countermeasures to mitigate these risks, the U.S. maritime
sector will be better prepared to protect these important centers of
economic activity.
Mr. Speaker, I encourage my colleagues to support H.R. 3101, and I
yield back the balance of my time.
Mr. McCAUL. Mr. Speaker, I yield myself the balance of my time.
I once again urge my colleagues to support this important
legislation. I want to thank Congresswoman Torres for her strong
leadership on this bill, Mr. Vela, Ranking Member Thompson.
Mr. Speaker, we have passed over 50 bills out of my committee, out of
the House floor, and sent them to the Senate, where they still sit
there with no action whatsoever. And when it comes to homeland security
measures, I believe that it is dangerous to do nothing, and I urge the
Senate to take up action on this bill and the other 50 bills that we
have sent over to the Senate.
Mr. Speaker, I yield back the balance of my time.
Ms. JACKSON LEE. Mr. Speaker, I rise in support of H.R. 3101, the
Strengthening Cybersecurity Information Sharing and Coordination in Our
Ports Act of 2017.
[[Page H8107]]
I thank Congresswoman Torres for introducing this important piece of
legislation that addresses security at our nation's ports.
H.R. 3101 requires the Department of Homeland Security (DHS) to
facilitate increased information sharing about cybersecurity among
maritime interests.
The bill requires DHS to:
Develop, implement, and continually review a maritime cybersecurity
risk assessment model to evaluate current and future cybersecurity
risks;
Seek input from at least one information sharing and analysis
organization representing maritime interests in the National
Cybersecurity and Communications Integration Center;
Establish voluntary reporting guidelines for maritime-related
cybersecurity risks and incidents;
Request that the National Maritime Security Advisory Committee report
and make recommendations to DHS about methods to enhance cybersecurity
and information sharing among security stakeholders from federal,
state, local, and tribal governments; public safety and emergency
response agencies; law enforcement and security organizations; maritime
industry participants; port owners and operators; and maritime terminal
owners and operators; and
Ensure that maritime security risk assessments include cybersecurity
risks to ports and the maritime border of the United States.
As a senior member of the House Committee on Homeland Security and
former Ranking Member of the Committee's Subcommittee on Border and
Maritime Security, I am well aware of the hard work that the Houston
Port Authority, and the Department of Homeland Security has done to
secure the port, its workers, and the millions of tons of imports and
exports that traverse the waters of the Port of Houston each week.
According to the U.S. Department of Transportation the U.S. maritime
border covers 95,000 miles of shoreline with 361 seaports.
Ocean transportation accounts for 95 percent of cargo tonnage that
moves in and out of the country, with 8,588 commercial vessels making
82,044 port calls in 2015.
The Port of Houston is a 25-mile-long complex of diversified public
and private facilities located just a few hours' sailing time from the
Gulf of Mexico.
In 2012, ship channel-related businesses contributed 1,026,820 jobs
and generated more than $178.5 billion in statewide economic activity.
In 2014, among U.S. ports the Port of Houston was ranked:
1st in foreign tonnage;
Largest Texas port with 46 percemt of market share by tonnage and 95
percent market share in containers by total TEUS in 2014;
Largest Gulf Coast container port, handling 67 percent of U.S. Gulf
Coast container traffic in 2014;
2nd in total foreign cargo value (based on U.S. Dept. of Commerce,
Bureau of Census).
The Government Accountability Office (GAO) reports that the Port of
Houston port, and its waterways, and vessels are part of an economic
engine handling more than $700 billion in merchandise annually.
The Port of Houston houses approximately 100 steamship lines offering
services that link Houston with 1,053 ports in 203 countries.
The Port of Houston is a $15 billion petrochemical complex, the
largest in the nation and second largest worldwide.
These statistics clearly communicate the potential for a terrorist
attack using nuclear or radiological material may in some estimations
be low, but should an attack occur the consequences would be
catastrophic, and for this reason we cannot be lax in our efforts to
deter, detect and defeat attempts by terrorists to perpetrate such a
heinous act of terrorism.
The Department of Homeland Security (DHS) plays an essential role in
domestic defense against the potential smuggling of a weapon of mass
destruction in a shipping container or the use of a bomb-laden small
vessel to carry out an attack at a port.
Earlier this year, a global malware attack occurred that caused
significant harm to international shipping giant A.P. Moller-Maersk.
That attack revealed serious vulnerabilities in our nation's maritime
security, which is still being assessed.
The only way port operations were able to resume following the attack
at one of our nation's busiest ports was to revert to a manual system
to process cargo and ships.
This was not the first time that cyber criminals used technology
against port operations.
Approximately $1.3 trillion in cargo passes through our nation's 360
commercial ports.
The convenience, precision and accuracy provided by digital
technology in processing cargo through our nation's ports adds to their
capacity to manage tonnage.
Securing cyber technology to manage port operations, ranging from
communication and navigation to engineering, safety, and cargo, is
critical to protect our nation's maritime cyber infrastructure.
Government leaders and security experts are concerned that the
maritime transportation system could be used by terrorists to smuggle
personnel, weapons of mass destruction, or other dangerous materials
into the United States.
They are also concerned that ships in U.S. ports, particularly large
commercial cargo ships or cruise ships, could be attacked by
terrorists.
A large-scale terrorist attack at a U.S. port, experts warn, could
not only cause local death and damage, but also paralyze global
maritime commerce.
This is of particular concern at the Port of Houston, which is the
busiest port in the nited States in terms of foreign tonnage, second-
busiest in the United States in terms of overall tonnage, and
fifteenth-busiest in the world.
DHS, through U.S. Customs and Border Protection, the Transportation
Security Administration, and the U.S. Coast Guard, administers several
essential programs that secure our Nation's ports and waterways.
I include in the Record a letter dated March 30, 2017, that I sent to
the Chair and Ranking Member of the Committee on Homeland Security
requesting a field hearing on the topic of port security.
I ask my colleagues join me in voting to pass H.R. 3101, the
Strengthening Cybersecurity Information Sharing and Coordination in Our
Ports Act of 2017.
Congress of the United States,
House of Representatives,
Washington, DC, March 30, 2017.
Hon. Michael McCaul,
Chair, House Committee on Homeland Security, House of
Representatives, Washington, DC.
Hon. Bennie Thompson,
Ranking Member, House Committee on Homeland Security, House
of Representatives, Washington, DC.
Dear Chairman McCaul and Ranking Member Thompson: Your
leadership to secure the homeland from terrorist attacks by
putting the needs of the nation first in matters before the
Committee is commendable. I am writing to request that as
Chair and Ranking Member that you invite senior members of
the Committee to join you for a meeting with Houston Port
facility security and industrial manufacturing professionals
to discuss the work and industry that takes place at that
port.
The issue of port security remains integral to our
Committee's work, and this opportunity for you, and senior
members of the committee to learn more about modern ports is
appreciated. Ports are indispensable to our nation's economic
health as engines of commercial transportation as well as the
gateway for food and essential goods to the nation's
interior. The evolution of major ports, like the Port of
Houston into co-location sites for manufacturing means port
security challenges have expanded.
Thank you for your work to secure our nation from terrorist
threats by keeping the committee abreast of the most critical
security issues facing our nation. I look forward to your
positive reply to this request.
Very truly yours,
Sheila Jackson Lee,
Member of Congress.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from Texas (Mr. McCaul) that the House suspend the rules and
pass the bill, H.R. 3101, as amended.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill, as amended, was passed.
A motion to reconsider was laid on the table.
____________________