House Homeland Security Committee Clears Two DHS Cybersecurity Bills
The House Homeland Security Committee approved two Department of Homeland Security-centric cybersecurity bills Tuesday, sending them to the full House for consideration. The committee approved the bills -- the Critical Infrastructure Research and Development Advancement Act (HR-2952) and the Homeland Security Cybersecurity Boots-on-the-Ground Act (HR-3107) -- on voice votes with amendments. The bills had received unanimous support from the House Cybersecurity Subcommittee in September (CD Sept 19 p20).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
HR-2952 will “enhance DHS’s research and development tools, streamline its public-private coordination efforts” and ensure DHS and its private sector partners are able to share technological solutions, said committee Chairman Michael McCaul, R-Texas. Rep. Susan Brooks, R-Ind., speaking on behalf of House Cybersecurity Subcommittee Chairman Pat Meehan, R-Pa., said the bill’s creation of a technology clearinghouse will “change the way DHS develops protections for critical infrastructure by creating and facilitating access to new and existing technologies.”
The committee passed one amendment to HR-2952, which would extend the scope of a required DHS-developed strategic plan guiding federal cybersecurity and physical security research and development efforts to protect critical infrastructure to include “all threats.” Rep. Sheila Jackson Lee, D-Texas, said she introduced the amendment to stress the “importance of considering all threats” in the interest of protecting critical infrastructure. Jackson Lee withdrew a second amendment, which would have required DHS to study vulnerabilities and threats to firewalls, software and other computer systems protections. Meehan, HR-2952’s sponsor, said he believed the amendment was “laudable,” but it went beyond the bill’s scope and would force DHS to constantly assess the nature of software vulnerabilities. Jackson Lee said she was withdrawing the amendment, but she wanted to work with Meehan to come up with alternate language that would not create additional burdens for DHS.
HR-3107, sponsored by Rep. Yvette Clarke, D-N.Y., includes provisions meant to bolster the quality of DHS’s cybersecurity workforce through the creation of a new cybersecurity occupation classification system, a strategic plan to address identified gaps in cyber knowledge and other assessments. Clarke said the bill would require that its civilian contractors receive proper clearances to handle sensitive cybersecurity information -- which she said was a clear vulnerability in the wake of former National Security Agency contractor Edward Snowden’s leaks about NSA surveillance programs.
The committee approved three amendments to HR-3107. An amendment from Jackson Lee would require DHS to begin creating a cybersecurity fellowship program that would pay for the tuition of undergraduate and graduate students in cybersecurity programs who agree to work for DHS “for an agreed-upon period of time.” Rep. Ron Barber, D-Ariz., said he supported the program because it was important that Congress encourage the “best and brightest” to work in federal agencies on such issues as cybersecurity. McCaul also said he supported the amendment because it would encourage the development of a strong cybersecurity workforce. Jackson Lee withdrew an additional amendment meant to determine how many cybersecurity roles at DHS are filled by outside contractors. She agreed to work with Clarke to confirm the existing bill addresses that concern. Jackson Lee also discussed -- but did not formally introduce -- an amendment to require a “brief report” on how DHS conducts its security clearances. Rep. Jeff Duncan, R-S.C., said the Office of Personnel Management does all security clearances, so asking DHS to conduct its own study is “unneeded and unwarranted.” Duncan also said the committee’s Oversight and Management Efficiency Subcommittee would hold a hearing at 9 a.m. Wednesday on the implications of the Washington Navy Yard shooting that would address DHS clearances.
An approved amendment from Rep. Bill Keating, D-Mass., would mandate that DHS use the cybersecurity occupation classification system to be developed through HR-3107. The original bill did not explicitly require DHS to use the system, which was important because one in five “mission critical” cybersecurity jobs within DHS are currently vacant, Keating said. Clarke said she supported the amendment because “it is important we bring clarity” to what the federal workforce does in emerging areas of expertise such as cybersecurity.
Another approved amendment from Rep. Eric Swalwell, D-Calif., would expand DHS’s cybersecurity workforce strategy to include recruitment efforts aimed at experienced professionals, members of “disadvantaged or underserved communities,” the unemployed and veterans. Swalwell said he wanted to ensure DHS was not solely targeting “the usual suspects,” namely young professionals and those just graduating from college. It’s particularly important for DHS to step up recruitment of veterans because “those on the battlefield are working with complex IT systems day in and day out,” Swalwell said. Rep. Jason Chaffetz, R-Utah, said the committee needed to clarify the amendment’s language to ensure DHS was still “hiring the best people.” Duncan said he was concerned the amendment might establish a quota system for DHS hiring. DHS needs to hire the best people rather than choose people “just because they're unemployed or of a certain group,” Duncan said. Swalwell and Barber said they did not believe the amendment established a quota system. McCaul said he believed the amendment’s intent addressed the concerns Chaffetz and Duncan raised, but said the committee could make additional changes to clarify the bill’s language.