[Congressional Record Volume 163, Number 202 (Tuesday, December 12, 2017)]
[Extensions of Remarks]
[Pages E1689-E1690]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




      CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY ACT OF 2017

                                 ______
                                 

                               speech of

                        HON. SHEILA JACKSON LEE

                                of texas

                    in the house of representatives

                       Monday, December 11, 2017

  Ms. JACKSON LEE. Mr. Speaker, I rise to speak in support of H.R. 
3359, the Cybersecurity and Infrastructure Security Agency Act of 2017.
  I thank Chairman McCaul for introducing this important piece of 
legislation that addresses the cybersecurity needs of our nation.
  H.R. 3359, amends the Homeland Security Act of 2002 to redesignate 
the Department of Homeland Security's (DHS's) National Protection and 
Programs Directorate as the Cybersecurity and Infrastructure Security 
Agency (CISA).
  Under its new designation the CISA would be headed by a Director of 
National Cybersecurity and Infrastructure Security, who will be 
responsible for leading national efforts to protect and enhance the 
security and resilience of U.S. cybersecurity, emergency 
communications, and critical infrastructure.
  CISA will be composed of DHS components reorganized as: the 
Cybersecurity Division; the Infrastructure Security Division; and the 
Emergency Communications Division, which was previously the Office for 
Emergency Communications.
  The agency will also have its own privacy officer to ensure 
compliance with relevant federal laws.
  CISA must carry out DHS's responsibilities concerning chemical 
facilities antiterrorism standards.
  The bill requires DHS to:
  develop, implement, and continually review a maritime cybersecurity 
risk assessment model to evaluate current and future cybersecurity 
risks;
  seek input from at least one information sharing and analysis 
organization representing maritime interests in the National 
Cybersecurity and Communications Integration Center;
  establish voluntary reporting guidelines for maritime-related 
cybersecurity risks and incidents;
  request that the National Maritime Security Advisory Committee report 
and make recommendations to DHS about methods to enhance cybersecurity 
and information sharing

[[Page E1690]]

among security stakeholders from federal, state, local, and tribal 
governments; public safety and emergency response agencies; law 
enforcement and security organizations; maritime industry participants; 
port owners and operators; and maritime terminal owners and operators; 
and
  ensure that maritime security risk assessments include cybersecurity 
risks to ports and the maritime border of the United States.
  As with other threats that this nation has faced and overcome, we 
must create the resources and the institutional responses to protect 
our nation against cyber threats while preserving our liberties and 
freedoms.
  We cannot accomplish this task without the full cooperation and 
support of the private sector, computing research community and 
academia.
  Earlier this Congress, I introduced H.R. 3202, the Cyber 
Vulnerability Disclosure Reporting Act, which was passed by the full 
Homeland Security Committee.
  H.R. 3202 requires the Secretary of Homeland Security to submit a 
report on the policies and procedures developed for coordinating cyber 
vulnerability disclosures.
  The report will include an annex with information on instances in 
which cyber security vulnerability disclosure policies and procedures 
were used to disclose details on identified weaknesses in computing 
systems that or digital devices at risk.
  The report will provide information on the degree to which the 
information provided by DHS was used by industry and other 
stakeholders.
  The reason that I worked to bring this bill before the committee is 
the problem often referred to as a ``Zero Day Event,'' which describes 
the situation that network security professionals may find themselves 
when a previously unknown error in computing code is exploited by a 
cybercriminal or terrorist.
  I am pleased that the Committee on Homeland Security passed H.R. 3202 
to address the need to support information sharing regarding threats to 
computing networks.
  I look forward to the Full House consideration of H.R. 3202.
  In the first few weeks of this Congress I introduced a number of 
measures on the topic of cybersecurity to address gaps in our nation's 
cyber defensive posture:
  SCOUTS Act--H.R. 940;
  CAPITALS Act--H.R. 54;
  SAFETI Act--H.R. 950;
  Terrorism Prevention and Critical Infrastructure--H.R. 945; and
  Cybersecurity and Federal Workforce Enhancement Act--H.R. 935.
  H.R. H.R. 940, the ``Securing Communications of Utilities from 
Terrorist Threats'' or the ``SCOUTS Act,'' directs the Secretary of 
Homeland Security, in coordination with the sector-specific agencies, 
to work with critical infrastructure owners and operators and State, 
local, tribal, and territorial entities to seek voluntary participation 
on ways that DHS can best defend against and recover from terrorist 
attacks that could have a debilitating impact on national security, 
economic stability, public health and safety, or any combination 
thereof.
  H.R. 940, is relevant to today's hearing because it addresses the 
need for a two way communication process that enables private sector 
participants in information sharing arrangements with DHS to 
communicate their views on the effectiveness of the information 
provided; the method of information sharing; and their particular needs 
as time passes.
  Specifically the bill establishes voluntary listening opportunities 
for sector specific entities to communicate their challenges regarding 
cybersecurity, including what needs they may have for critical 
infrastructure protection; and how DHS is helping or not helping to 
meet those needs.
  The Society of Maintenance and Reliability Professionals have 
endorsed H.R. 940, and input on the legislation included the Edison 
Electric Institute, an electric utility association.
  H.R. 54, the Department of Homeland Security's Cybersecurity Asset 
Protection of Infrastructure under Terrorist Attack Logistical 
Structure or CAPITALS Act, which directs the Department of Homeland 
Security (DHS) to produce a report to Congress regarding the 
feasibility of establishing a DHS Civilian Cyber Defense National 
Resource.
  H.R. 950, requires a report and assessment regarding Department of 
Homeland Security's response to terrorist threats to Federal elections. 
The Comptroller General of the United States is directed to conduct an 
assessment of the effectiveness of Department of Homeland Security 
actions to protect election systems from cyber-attacks and to make 
recommendations for improvements to the actions taken by DHS if 
determined appropriate.
  H.R. 935, The ``Cybersecurity and Federal Workforce Enhancement Act'' 
identifies and trains people already in the workforce who can obtain 
the skills to address our nation's deficit in the number of workers and 
positions available for those with needed skills.
  H.R. 940, the ``Securing Communications of Utilities from Terrorist 
Threats'' or the ``SCOUTS Act,'' is the relevant to today's hearing 
because this bill focuses on the communications sent by DHS to sector 
specific entities and the ability of these entities to communicate to 
the agencies their perspective on the usefulness of the information; 
the form of communication that would be most helpful; and requires a 
report to Congress by DHS on the views of critical infrastructure 
owners and operators on the information sharing process related to 
cybersecurity.
  Each of these bills will build upon an aggressive approach for 
securing cyber technology to manage critical infrastructure, chemical 
facilities, and port operations, ranging from communication and 
navigation to engineering, safety, and pipelines, that are critical to 
protect our nation's interest.
  Over the past year, Russian actors' targeted U.S. election 
infrastructure, hackers escalated efforts to breach the domestic energy 
sector, and WannaCry and NotPetya ransomware wreaked havoc on public 
and private infrastructure around the world.
  According to Symantec, a leading provider of cybersecurity solutions, 
said that ``The world of cyber espionage experienced a notable shift 
towards more overt activity, designed to destabilize and disrupt 
targeted organizations and countries.''
  As cyber threats continue to evolve and become more sophisticated, so 
must U.S. efforts to confront them.
  The Department of Homeland Security, through the National Protection 
and Programs Directorate (NPPD), plays a central role in the federal 
government's cybersecurity apparatus and in coordinating federal 
efforts to secure critical infrastructure.
  DHS is charged with coordinating agency efforts to secure the 
(dot).gov Domain, while also serving as the hub for cybersecurity 
information sharing between and among the private sector and federal 
government.
  It is my hope that as this Congress moves forward that we will seek 
out the best ways to bring the brightest and most qualified people into 
the government as cybersecurity professionals.