[Congressional Record (Bound Edition), Volume 162 (2016), Part 5]
[House]
[Pages 6048-6050]
[From the U.S. Government Publishing Office, www.gpo.gov]




       NATIONAL CYBERSECURITY PREPAREDNESS CONSORTIUM ACT OF 2016

  Mr. RATCLIFFE. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 4743) to authorize the Secretary of Homeland Security to 
establish a National Cybersecurity Preparedness Consortium, and for 
other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 4743

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``National Cybersecurity 
     Preparedness Consortium Act of 2016''.

     SEC. 2. NATIONAL CYBERSECURITY PREPAREDNESS CONSORTIUM.

       (a) In General.--The Secretary of Homeland Security may 
     work with a consortium, including the National Cybersecurity 
     Preparedness Consortium, to support efforts to address 
     cybersecurity risks and incidents (as such terms are defined 
     in section 227 of the Homeland Security Act of 2002 (6 U.S.C. 
     148)), including threats of terrorism and acts of terrorism.
       (b) Assistance to the NCCIC.--The Secretary of Homeland 
     Security may work with a consortium to assist the national 
     cybersecurity and communications integration center of the 
     Department of Homeland Security (established pursuant to 
     section 227 of the Homeland Security Act of 2002) to--
       (1) provide training to State and local first responders 
     and officials specifically for preparing for and responding 
     to cybersecurity risks and incidents, including threats of 
     terrorism and acts of terrorism, in accordance with current 
     law;
       (2) develop and update a curriculum utilizing existing 
     programs and models in accordance with such section 227, for 
     State and local first responders and officials, related to 
     cybersecurity risks and incidents, including threats of 
     terrorism and acts of terrorism;
       (3) provide technical assistance services to build and 
     sustain capabilities in support of preparedness for and 
     response to cybersecurity risks and incidents, including 
     threats of terrorism and acts of terrorism, in accordance 
     with such section 227;
       (4) conduct cross-sector cybersecurity training and 
     simulation exercises for entities, including State and local 
     governments, critical infrastructure owners and operators, 
     and private industry, to encourage community-wide 
     coordination in defending against and responding to 
     cybersecurity risks and incidents, including threats of 
     terrorism and acts of terrorism, in accordance with 
     subsection (c) of section 228 of the Homeland Security Act of 
     2002 (6 U.S.C. 149);
       (5) help States and communities develop cybersecurity 
     information sharing programs, in accordance with section 227 
     of the Homeland Security Act of 2002, for the dissemination 
     of homeland security information related to cybersecurity 
     risks and incidents, including threats of terrorism and acts 
     of terrorism; and
       (6) help incorporate cybersecurity risk and incident 
     prevention and response (including related to threats of 
     terrorism and acts of terrorism) into existing State and 
     local emergency plans, including continuity of operations 
     plans.
       (c) Prohibition on Duplication.--In carrying out the 
     functions under subsection (b), the Secretary of Homeland 
     Security shall, to the greatest extent practicable, seek to 
     prevent unnecessary duplication of existing programs or 
     efforts of the Department of Homeland Security.
       (d) Considerations Regarding Selection of a Consortium.--In 
     selecting a consortium with which to work under this Act, the 
     Secretary of Homeland Security shall take into consideration 
     the following:
       (1) Any prior experience conducting cybersecurity training 
     and exercises for State and local entities.
       (2) Geographic diversity of the members of any such 
     consortium so as to cover different regions across the United 
     States.
       (e) Metrics.--If the Secretary of Homeland Security works 
     with a consortium pursuant to subsection (a), the Secretary 
     shall measure the effectiveness of the activities undertaken 
     by such consortium under this Act.
       (f) Outreach.--The Secretary of Homeland Security shall 
     conduct outreach to universities and colleges, including 
     historically Black colleges and universities, Hispanic-
     serving institutions, Tribal Colleges and Universities, and 
     other minority-serving institutions, regarding opportunities 
     to support efforts to address cybersecurity risks and 
     incidents, including threats of terrorism and acts of 
     terrorism, by working with the Secretary pursuant to 
     subsection (a).
       (g) Termination.--The authority to carry out this Act shall 
     terminate on the date that is five years after the date of 
     the enactment of this Act.
       (h) Consortium Defined.--In this Act, the term 
     ``consortium'' means a group primarily composed of non-profit 
     entities, including academic institutions, that develop, 
     update, and deliver cybersecurity training in support of 
     homeland security.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
Texas (Mr. Ratcliffe) and the gentleman from Mississippi (Mr. Thompson) 
each will control 20 minutes.
  The Chair recognizes the gentleman from Texas.


                             General Leave

  Mr. RATCLIFFE. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days in which to revise and extend their remarks 
and include any extraneous material on the bill under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Texas?
  There was no objection.
  Mr. RATCLIFFE. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, I rise in support of H.R. 4743. The National 
Cybersecurity Preparedness Consortium Act of 2016 allows the U.S. 
Department of Homeland Security to work with a consortium, including 
the National Cybersecurity Preparedness Consortium, to support efforts 
to address cybersecurity risks and incidents.
  This bill allows DHS to engage with a consortium to assist the 
National Cybersecurity and Communications Integration Center, or NCCIC, 
in providing

[[Page 6049]]

training to State and local first responders in preparing for and 
responding to cybersecurity risks and incidents. An example of a 
consortium DHS may work with under this bill is the National 
Cybersecurity Preparedness Consortium, or NCPC.
  The NCPC provides State and local communities with the tools they 
need to prevent, detect, respond to, and recover from cyber attacks. 
The consortium also evaluates communities' cybersecurity posture and 
provides them with a roadmap to correct deficiencies in the security of 
their information systems.
  Based out of the University of Texas at San Antonio's Center for 
Infrastructure Assurance and Security, the NCPC membership includes the 
University of Arkansas, the University of Memphis, Norwich University, 
and Texas A&M Engineering Extension Service.
  DHS is responsible for carrying out significant aspects of the 
Federal Government's cybersecurity mission. The Cybersecurity Act, 
which was recently signed into law, allows DHS to actively share cyber 
threat indicators and defensive measures with the private sector by 
affording liability protections.
  DHS's National Cybersecurity and Communications Integration Center is 
responsible for facilitating cross-sector coordination to address 
cybersecurity risks and incidents.
  H.R. 4743 allows DHS to work with any consortium, including the NCPC, 
in a number of activities, including providing technical assistance, 
conducting cross-sector cybersecurity training and simulation 
exercises, and helping States and local communities to develop 
cybersecurity information sharing programs. Allowing DHS to work with 
organizations already supporting State and local cyber preparedness and 
response will provide additional support to State and local entities.
  I urge all Members to join me in supporting this bill.
  I reserve the balance of my time.
  Mr. THOMPSON of Mississippi. Mr. Speaker, I yield myself such time as 
I may consume.
  I rise in support of H.R. 4743, the National Cybersecurity 
Preparedness Consortium Act of 2016.
  Mr. Speaker, H.R. 4743 allows the Department of Homeland Security to 
utilize university-based consortia to help provide cybersecurity 
training and support to State, local, and tribal leaders, including 
first responders.
  There is strong bipartisan support for this legislation, as 
introduced by the gentleman from Texas (Mr. Castro).
  H.R. 4743 authorizes DHS to use consortia to provide State and local 
governments with university-developed cyber training and technical 
assistance, including for the development of cyber information sharing 
that jurisdictions in need can use.
  Recent studies reveal that organizations at the State and local level 
describe their cybersecurity programs as being in the early and middle 
stages of maturity, and 86 percent of State and local respondents 
identified managing cybersecurity risk as one of their most stressful 
jobs.
  By partnering with consortia, DHS can make a meaningful impact on 
raising the levels of cybersecurity on the State, local, and tribal 
levels.
  Importantly, H.R. 4743 requires DHS, when selecting a consortium for 
participation in its cyber efforts, to not only take into account the 
prior experience of the institutions that would be conducting 
cybersecurity training exercises, but also the geographic diversity of 
the institutions participating in the consortium. The inclusion of 
geographic diversity should help reach more States and localities.
  Moreover, I am pleased that the bill requires DHS to do outreach to 
colleges and universities, including Historically Black Colleges and 
Universities, Hispanic-serving institutions, and other minority-serving 
institutions about opportunities to provide
research-based cybersecurity-related training exercises and technical 
assistance.
  Mr. Speaker, States and localities need the ability to prevent, 
detect, respond to, and recover from cyber events as they would have 
any other disaster or emergency situation. For this reason, I support 
H.R. 4743 and urge passage.
  I reserve the balance of my time.
  Mr. RATCLIFFE. Mr. Speaker, I yield 3 minutes to the gentleman from 
Texas (Mr. Hurd), my distinguished friend and colleague.
  Mr. HURD of Texas. Mr. Speaker, I thank the gentleman for his 
leadership on this issue and for yielding me some time.
  I would like to also thank the ranking member and my colleague from 
San Antonio on this piece of legislation that is so important to our 
hometown.
  It is no secret that cyber attacks are on the rise, and the 
unfortunate reality is that everyone is vulnerable. The costs of 
protecting your network and properly training communities on best 
practices in a digital world can be burdensome.
  As we all know, State and local communities, in many instances, do 
not possess the same digital resources as the Federal Government. 
States and communities need the ability to detect, respond to, and 
recover from cyber events just as they would any other disaster or 
emergency situation.
  That is why I am proud to be an original cosponsor of H.R. 4743, 
which will allow DHS to coordinate with a handful of universities that 
have been leading the way in cyber preparedness.
  One of these universities, the University of Texas at San Antonio, is 
located in my hometown and serves many of my constituents. Another 
leader in this field is none other than my alma mater, Texas A&M 
University.
  Building upon their great work and the breakthroughs of others across 
the country will be crucial to protecting our digital infrastructure at 
all levels. This will help us ensure that our first responders and 
government entities are adequately prepared for a significant cyber 
event.
  I thank my colleague from Texas for his attention to this issue. I 
fully support H.R. 4743, the National Cybersecurity Preparedness 
Consortium Act of 2016. I urge my colleagues to support this bill.
  Mr. THOMPSON of Mississippi. Mr. Speaker, I yield 4 minutes to the 
gentleman from Texas (Mr. Castro), the author of this bill.
  Mr. CASTRO of Texas. Mr. Speaker, I thank Ranking Member Thompson for 
yielding me this time and for his support of this legislation. He and 
his staff have been terrific partners in moving this bill forward.
  I would also like to thank my fellow Texans, Chairman McCaul, 
Congressman Hurd, Congressman Ratcliffe, and also Congressman Richmond, 
who is not a Texan, but is a wonderful person here in our body, for all 
of their work on this issue.
  Every day our Nation faces a growing number of potentially 
debilitating cyber threats. Our retailers, our banks, government 
agencies, military operations, and everyday private American citizens 
all face these threats. We must ensure that our defenses are as strong 
as possible because of that.
  I represent San Antonio, a national leader in the cybersecurity 
field. Institutions in San Antonio do cutting-edge cyber work that 
keeps our Nation safe.
  For example, the University of Texas at San Antonio leads the 
National Cybersecurity Preparedness Consortium, which helps communities 
across the Nation improve their cyber defenses.
  It is critical that localities understand the impact cyber attacks 
could have on their ability to function and are prepared to prevent, 
detect, respond to, and recover from harmful cyber incidents.
  UTSA and its cybersecurity consortium are educating communities about 
these cyber threats and helping them develop the defenses they need to 
successfully withstand a cyber emergency.
  This legislation allows consortiums like UTSAs to work more closely 
with DHS to address cybersecurity risks and incidents at the State and 
local level. This collaboration will bolster our cyber preparedness and 
keep us one step ahead of cyber attackers.
  Mr. Speaker, again I would like to thank the Homeland Security 
Committee's leadership for their partnership on this legislation and 
also all of the staff, both Republican and Democratic, who helped bring 
this to the floor.

[[Page 6050]]


  Mr. RATCLIFFE. Mr. Speaker, I reserve the balance of my time.
  Mr. THOMPSON of Mississippi. Mr. Speaker, I yield myself such time as 
I may consume.
  Mr. Speaker, the inspiration for this bill was important work being 
done by the National Cybersecurity Preparedness Consortium, a group of 
five universities led by the University of Texas at San Antonio that 
has helped to raise cyber preparedness at the State and local level by 
evaluating communities, cybersecurity postures, and providing them with 
a roadmap to correct deficiencies.
  While this consortium is making an important contribution to 
cybersecurity, there is an enormous need for training and technical 
assistance around the Nation. With the enactment of H.R. 4743, more 
institutions will be able to partner with DHS to provide such critical 
assistance.
  As such, I urge passage.
  I yield back the balance of my time.
  Mr. RATCLIFFE. Mr. Speaker, I once again urge my colleagues to 
support H.R. 4743.
  I yield back the balance of my time.
  Mr. McCAUL. Mr. Speaker, I rise in support of H.R. 4743, the National 
Cybersecurity Preparedness Consortium Act of 2016.
  This bill allows the Department of Homeland Security to work with a 
cybersecurity consortium to carry out training, technical assistance 
and simulation exercises for State and local officials, critical 
infrastructure owners and operators and private industry.
  The National Cybersecurity Preparedness Consortium, based at the 
University of Texas San Antonio's Center for Infrastructure Assurance 
and Security, provides research-based cybersecurity-related training 
and exercises to increase cybersecurity preparedness across the nation.
  Other members of the Consortium include the Texas Engineering 
Extension Service in the Texas A&M University system, the University of 
Memphis, the University of Arkansas System, and Norwich University.
  Last December, I helped usher through the landmark Cybersecurity Act 
of 2015. That legislation helps protect our nation's private sector and 
federal networks which are under continuous threat from foreign hackers 
and cyber terrorists. H.R. 4743 will be a value add in better securing 
the Nation's overall cybersecurity preparedness.
  Locally, first responders and government officials as well as 
critical infrastructure owners and operators and private industry are 
bombarded with cybersecurity threats in the same way as at the federal 
level.
  Helping organizations working to incorporate cybersecurity risk and 
incident prevention and response into State and local emergency plans 
is just one of the elements this bill encourages.
  Allowing DHS to work with organizations like the Consortium, will 
ensure more tools are available back at home for those working to 
prepare for and combat cyber attacks on a regular basis.
  I support this bill and urge my colleagues to do the same.
  Ms. JACKSON LEE. Mr. Speaker, I rise in strong support of H.R. 4743, 
the National Cybersecurity Preparedness Consortium Act of 2016, because 
it will establish an important resource to ensure that private sector 
entities are better prepared to protect against cyber threats.
  As a senior member of the House Committee on Homeland Security, I am 
well aware of the threats posed by cybersecurity vulnerabilities, and 
this bill takes an essential step to strengthen domestic cybersecurity.
  H.R. 4743 establishes a National Cybersecurity Preparedness 
Consortium to engage academic, nonprofit, private industry, and 
federal, state, and local government partners to address cybersecurity 
risks and incidents, including threats or acts of terrorism.
  The Consortium may provide training to State and local first 
responders and officials to equip them with the tools and skills needed 
to prepare for and respond to cybersecurity risks and incidents, 
including threats and acts of terrorism, in accordance with current 
law.
  I thank both Chairman McCaul and Ranking Member Thompson for the 
bipartisan work done to bring the bill before the House for 
Consideration.
  I am pleased that during the Committee markup of H.R. 4743, two 
important Jackson Lee Amendments were adopted.
  The first Jackson Lee Amendment to H.R. 4743 establishes metrics as a 
measure of the effectiveness of the National Cybersecurity Preparedness 
Consortium program.
  Having the information provided by my amendment to H.R. 4743, will 
allow the Congressional oversight committees to better plan future 
programs around cybersecurity collaborations that are intended to share 
knowledge on best practices in securing computer networks from attack.
  The second Jackson Lee Amendment added an additional objective of the 
bill, a directive that should help participants prepare to address 
continuity of operations.
  This amendment provides a focus for the Consortium's work on the 
issue of continuity of operation, which addresses whether an entity can 
survive a cyber-attack, continue to provide information or services 
during an attack; or the likelihood that the time to recovery from a 
successful cyberattack or threat is predictable and reasonable.
  Just as the attacks on the morning of September 11, 2001 came without 
notice so may a major cyber-attack.
  In March, of this year, U.S. Attorney General Lynch announced 
``wanted'' notices for a group of Iranian hackers the United States 
believes are behind a 2013 computer intrusion of a small New York dam 
and a series of cyberattacks on dozens of U.S. banks.
  There are many companies offering continuity of operations services 
to companies large and small with the intent that they will be there to 
support their clients in the event of a cyber incident.
  The work of the Consortium should go beyond planning to the answering 
questions regarding the operationalization of plans in the event of an 
attack or cyber incident.
  We know that planning is crucial, but we must encourage cybersecurity 
planning to go beyond the planning process to understand the capacity 
of an entity's continuity of operations plans by looking at continuity 
of operations of service providers should an incident impact an area or 
industry.
  I support H.R. 4743, because it provides this assurance by providing 
critical cybersecurity collaboration among experts and industries that 
are essential to critical infrastructure operations or have a 
significant economic presence in our nation's economy that a cyber-
attack would have broad repercussions.
  I ask my colleagues to join me in supporting H.R. 4743.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from Texas (Mr. Ratcliffe) that the House suspend the rules 
and pass the bill, H.R. 4743, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. RATCLIFFE. Mr. Speaker, on that I demand the yeas and nays.
  The yeas and nays were ordered.
  The SPEAKER pro tempore. Pursuant to clause 8 of rule XX, further 
proceedings on this motion will be postponed.

                          ____________________