[Congressional Record Volume 164, Number 57 (Tuesday, April 10, 2018)]
[House]
[Page H3068]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
STB INFORMATION SECURITY IMPROVEMENT ACT
Mr. MITCHELL. Mr. Speaker, I move to suspend the rules and pass the
bill (H.R. 4921) to require the Surface Board of Transportation to
implement certain recommendations of the Inspector General of the
Department of Transportation, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 4921
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``STB Information Security
Improvement Act''.
SEC. 2. REQUIREMENTS.
(a) In General.--The Surface Transportation Board (in this
section referred to as the ``STB'') shall develop a timeline
and plan to implement the recommendations of the Inspector
General of the Department of Transportation in Report No.
FI2018002, including improvements--
(1) to identify controls, including risk management,
weakness remediation, and security authorization;
(2) to protect controls, including configuration
management, user identity and access management, and security
training;
(3) to detect controls, including continuous monitoring;
(4) to respond controls, including incident handling and
reporting;
(5) to recover controls for contingency planning; and
(6) any additional tools that will improve the
implementation of the recommendations.
(b) Implementation.--
(1) In general.--Not later than 180 days after the date of
enactment of this Act, the STB shall submit the plan and
timeline developed under subsection (a) to the Committee on
Transportation and Infrastructure of the House of
Representatives and the Committee on Commerce of the Senate.
(2) Report.--The STB shall report annually to such
Committees on the progress on implementation of the
recommendations until the implementation is complete.
(3) Plan implementation.--The STB shall designate an
individual to implement the plan developed under subsection
(a).
SEC. 3. NO ADDITIONAL FUNDS AUTHORIZED.
No additional funds are authorized to carry out the
requirements of this Act. Such requirements shall be carried
out using amounts otherwise authorized.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from
Michigan (Mr. Mitchell) and the gentleman from Massachusetts (Mr.
Capuano) each will control 20 minutes.
The Chair recognizes the gentleman from Michigan.
General Leave
Mr. MITCHELL. Mr. Speaker, I ask unanimous consent that all Members
have 5 legislative days to revise and extend their remarks and to
include extraneous material on H.R. 4921, as amended.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from Michigan?
There was no objection.
Mr. MITCHELL. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, the STB Information Security Improvement Act requires
the Surface Transportation Board to develop a timeline and plan to
implement the recommendations and improvements outlined in its
information security system.
After a concerning report from the Department of Transportation
inspector general that outlined deficiencies in the STB's information
security system, it is imperative that changes be made and there are
improvements in that system rapidly.
When the STB separated from DOT, Department of Transportation, in
December 2015, the agency gained full responsibility and control of its
IT system, and it currently lacks any meaningful or strong
cybersecurity system.
The improvements needed include basic building blocks, such as
changes to policies and procedures. The STB is encumbered by a number
of weaknesses, and its information security program has been determined
by the OIG to be at a low level of maturity according to OMB standards.
A summary of the bill is it requires the STB, the Surface
Transportation Board, to create a timeline and plan to implement
recommendations made by the DOT Office of Inspector General in their
report. Additionally, it requires the Surface Transportation Board to
annually update Congress on its progress until it has effectively been
completed and updated.
This bill ensures that the Surface Transportation Board addresses
these deficiencies so the agency can reduce the risk of an attack or
compromise to this critical information system.
I believe this bill will improve the Surface Transportation Board's
information security and is a good piece of legislation and oversight.
I again thank Chairman Shuster, Chairman Denham, and Mr. Gottheimer
for working with me on this bill.
Mr. Speaker, I reserve the balance of my time.
Mr. CAPUANO. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, very briefly, this is a short bill, an easy bill. It
simply tells the STB that they should do something about cybersecurity
as directed by their own inspector general.
It is a very simple bill. It is a bipartisan bill. It is something we
should pass as quickly as we can.
Mr. Speaker, I yield back the balance of my time.
Mr. MITCHELL. Mr. Speaker, I appreciate the bipartisan nature of the
bill. My colleague supported the bill, and Mr. Gottheimer is a
cosponsor.
I urge my colleagues to join in supporting this important
legislation, and I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from Michigan (Mr. Mitchell) that the House suspend the rules
and pass the bill, H.R. 4921, as amended.
The question was taken.
The SPEAKER pro tempore. In the opinion of the Chair, two-thirds
being in the affirmative, the ayes have it.
Mr. MITCHELL. Mr. Speaker, I object to the vote on the ground that a
quorum is not present and make the point of order that a quorum is not
present.
The SPEAKER pro tempore. Pursuant to clause 8 of rule XX, further
proceedings on this question will be postponed.
The point of no quorum is considered withdrawn.
____________________