CONGRESSWOMAN ELISE STEFANIK
On Tuesday, April 16, 2013 the House is scheduled to consider H.R. 756, the Cybersecurity Enhancement Act of 2013, under a suspension of the rules. H.R. 756 was introduced on February 15, 2013 by Rep. Michael McCaul (R-TX) and was referred to the Committee on Science, Space, and Technology, which held a markup and reported the bill by voice vote.
H.R. 756 requires the development of a strategic plan to guide cybersecurity research and development (R&D) across the federal government. In developing the plan, advice will be solicited from federal and private stakeholders, including industry, academia, and other relevant organizations. H.R. 756 also requires the President to submit to Congress an assessment of the federal government’s cybersecurity workforce needs, including the needs of each agency and department, the skills sought by the federal government and the private sector in this field, and the capacity of institutions of higher education to meet the workforce needs.
H.R. 756 reauthorizes funding for established cybersecurity basic research and education grants at the National Science Foundation. Authorizations for the programs expired in 2007, but NSF has been utilizing appropriations to conduct them under their general authorities. In FY 2012, NSF estimates that it spent $185.6 million on these activities. H.R. 756 authorizes these activities for three years, FY 2014-FY2016, at $185 million per year, for a total authorization of $555 million.
In addition, H.R. 756 continues and enhances the Scholarship for Service program designed to recruit and train the next generation of cybersecurity professionals. Scholarship recipients will be given internships in the federal information technology workforce, and following graduation, will serve as cybersecurity professionals in the federal workforce for a prescribed period of time. Additionally, H.R. 756 establishes a university-industry task force to address grand cybersecurity research challenges and to explore mechanisms and models for carrying out public-private cybersecurity research partnerships. H.R.756 also strengthens the development of security automation standards and checklists for government systems, and ensures that federal agencies are informed of the availability of these security standards and related reference materials. Finally, H.R. 756 continues the coordination of cybersecurity awareness and education programs.
Increased reliance on information technology in the federal, private, and public sectors has amplified the vulnerabilities of these systems. Cyber criminals and state-sponsored entities increasingly seek access to America’s sensitive information and critical infrastructures. According to the Government Accountability Office (GAO), federal agencies have experienced a “dramatic increase in reports of security incidents,” with the total number of reported cybersecurity incidents increasing by 782 percent from 2006 to 2012. In FY 2010, federal agencies spent $8.6 billion on cybersecurity and the federal government spends more than $400 million on cybersecurity R&D annually. However, in 2009 GAO found the Nation’s information technology (IT) infrastructure was vulnerable to attack, as the federal agencies responsible for protecting the Nation’s IT infrastructure were not fulfilling their responsibilities. Responsibility for protecting U.S. cyber infrastructure is shared by various federal agencies, including the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST). Currently, the federal agencies involved in cybersecurity efforts operate without a coordinated and comprehensive strategy or plan. H.R. 756 primarily addresses and enhances important cybersecurity research efforts conducted by NSF and NIST.
The House passed similar legislation in the 111th and 112th Congresses (H.R. 4061 and H.R. 2096 respectively), but these measures were not taken up by the Senate. In the 112th Congress, the bill passed on April 27, 2012 by a vote of 395-10 (roll no. 193).
 U.S. Government Accountability Office, Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented, Feb. 2013, http://www.gao.gov/assets/660/652170.pdf.
According to CBO, “implementing H.R. 756 would cost $504 million over the 2014-2018 period and $52 million after 2018. Enacting the legislation would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply.” For more information, see CBO’s cost estimate on H.R. 756.