[Congressional Record Volume 168, Number 47 (Wednesday, March 16, 2022)]
[Extensions of Remarks]
[Page E265]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]





   HAITI DEVELOPMENT, ACCOUNTABILITY, AND INSTITUTIONAL TRANSPARENCY 
                             INITIATIVE ACT

                                 ______
                                 

                               speech of

                        HON. BENNIE G. THOMPSON

                             of mississippi

                    in the house of representatives

                        Wednesday, March 9, 2022

  Mr. THOMPSON of Mississippi. Mr. Speaker, I rise to address the 
gravity of the cyber threat to our national security and critical 
infrastructure, especially as we face potential cyber threats from 
Russia following its horrific invasion of Ukraine. The Federal 
Government must know when vital sectors of our Nation are affected by 
cyber attacks, so that we may deploy the full resources of the Federal 
Government to respond to and mitigate these attacks.
  Division Y of the bipartisan ``Consolidated Appropriations Act, 
2022'' will take significant steps to strengthen cybersecurity 
protections and ensure that the Cybersecurity and Infrastructure 
Security Agency, or CISA, is at the forefront of our Nation's response 
to serious cyber attacks by requiring timely reporting of these attacks 
to the Federal Government so that we can better prevent future 
incidents and hold attackers accountable.
  To be clear, Division Y of the Act, which is based on Rep. Yvette D. 
Clarke's H.R. 5440, the ``Cyber Incident Reporting for Critical 
Infrastructure Act of 2021,'' and its Senate companion legislation (S. 
2875) sponsored by Senator Gary C. Peters, does not impede the FBI or 
other law enforcement investigations against perpetrators of attacks.
  The plain text of Division Y makes Congress's intent clear. Although 
the reports themselves--and any ``communication[s], document[s], or 
material[s], or other record[s] created for the sole purpose of 
preparing, drafting or submitting'' those reports--may not be received 
in evidence, the FBI and other law enforcement entities nevertheless 
may make full use of the information contained in such materials in 
their investigations of a cyber incident or for other purposes 
authorized by the statute. Likewise, additional facts developed in 
those investigations may be used to further those investigations or 
activities, including in ex parte or other proceedings. In other words, 
although the FBI cannot attach the report filed with CISA in a warrant 
application or submit it in evidence in a trial, it may, as 
appropriate, use information contained in the reports and derived from 
them for a range of purposes, including obtaining a warrant and 
prosecuting bad actors. Further, the legislative language also is not 
intended to prohibit or discourage entities from reporting to CISA and 
law enforcement concurrently.
  The language of this division makes clear that the information may be 
used for cybersecurity or investigative purposes. In the new section 
2245 of the Homeland Security Act of 2002 created by this division, it 
clearly states that reports submitted to CISA under this provision can 
be used for ``the purpose of preventing, investigating, disrupting, or 
prosecuting an offense arising out of a cyber incident reported 
pursuant to'' the statute's requirements or through voluntary reporting 
provisions.
  Moreover, facts developed during an FBI investigation of a relevant 
cyber incident using other authorities are not subject to the 
evidentiary restrictions found in section 2245(c)(3) of the statute, 
including similar facts that may also have been disclosed to the 
Federal Government in the report to CISA.
  The FBI's efforts to hold accountable, disrupt, or deter perpetrators 
of cyber attacks are fully consistent with the goal of encouraging 
entities to disclose cyber incidents. As stakeholders work through the 
rulemaking process, the committees of jurisdiction in both the House 
and the Senate look forward to working with them to ensure that 
congressional intent is not misinterpreted, and that this legislation 
is implemented as intended.
  Mr. Speaker, the hard work of many of my colleagues went into the 
inclusion of this important legislation in the ``Consolidated 
Appropriations Act, 2022.'' I want to thank especially Representatives 
Clarke, John Katko, and Andrew R. Garbarino; and Senators Peters, Rob 
Portman, Mark R. Warner, and Susan M. Collins.

                          ____________________