The House Cybersecurity Task Force today unveiled its recommendations to help guide legislative action for the remainder of this Congress and beyond. The Task Force formally delivered its report to the Speaker and Majority Leader earlier this week.
"Cybersecurity attacks are a direct threat to our economy and job creation, as well as our national security. The task force has addressed this critical issue in a thoughtful and substantive way, and I look forward to working with our committee chairmen and all our members to examine and act on these recommendations in the coming weeks and months. I particularly want to thank Rep. Thornberry and our members for all of their hard work in putting together this report," said House Speaker John Boehner.
Reflecting a growing concern about malicious cyber activity, House Speaker John Boehner and Majority Leader Eric Cantor formally created the Cybersecurity Task Force in June. They asked Rep. Mac Thornberry to lead the effort and appointed members from nine committees with significant jurisdiction on the issue, as well as three at-large members. They charged the group with making recommendations in four key areas: authorities, information sharing and public-private partnerships, critical infrastructure, and domestic legal frameworks.
"These recommendations provide sound, concrete steps to help strengthen our cybersecurity now, while also highlighting issues that need more work," said Rep. Thornberry, who chaired the Task Force. "Starting with incentives, information sharing, and updating some key laws can lead to real progress rather than more gridlock like we have seen with larger proposals," he continued.
The recommendations highlight the critical need for the improvement of existing information sharing structures and the development of an active defense capability. Taken together, such efforts would improve security and disseminate real-time information designed to help target and defeat malicious cyber activity.
Also included in the framework is the adoption of voluntary incentives to encourage private companies to improve cybersecurity, such as the development of voluntary standards through a public-private partnership, utilizing existing tax credits and grant funding to promote increased security, and studying the possible role the insurance industry may play in strengthening cybersecurity. Suggestions for oversight and reporting requirements are also outlined.
The group mentions several federal laws dealing with cybersecurity that need to be updated with an eye toward reform, including Federal Information Security Management Act (FISMA) of 2002, Computer Fraud and Abuse Act (CFAA) of 1986, as well as other communications laws and criminal statutes.
Finally, the Task Force acknowledges that updating legal authorities is among the most complex issues facing lawmakers. It does recommend certain areas where Congress should begin action on updating these authorities, including the federal government defining a proactive process for Defense Support of Civil Authorities (DSCA) and increased support from the Department of Defense to the broader federal government. The group also suggests that Congress should formalize the Department of Homeland Security's current role in coordinating cybersecurity for federal civilian agencies' computer and networks.
The Task Force represents a broad cross-section of the House Republican Conference and the committees of jurisdiction on the issue of cybersecurity. In addition to Rep. Thornberry, Members serving in the group include Reps. Robert Aderholt (R-AL), Jason Chaffetz (R-UT), Mike Coffman (R-CO), Bob Goodlatte (R-VA), Robert Hurt (R-VA), Bob Latta (R-OH), Dan Lungren (R-CA), Mike McCaul (R-TX), Tim Murphy (R-PA), Steve Stivers (R-OH), and Lee Terry (R-NE).
Comments from Task Force Members:
Rep. Robert Aderholt: "Cybersecurity poses some of the most serious economic and national security challenges our nation faces. Additionally, in today's tight budget environment we must ensure every dollar spent equals security realized. I am proud of the work of the Cybersecurity Task Force and the fiscally responsible policy recommendations we have laid out today. I look forward to working with my colleagues on this vital national security issue going forward."
Rep. Jason Chaffetz: "America is under attack. As a nation we must do a better job of identifying, preventing, and proactively engaging those who would do us harm."
Rep. Mike Coffman: "Cybersecurity is a rapidly evolving challenge, and I am confident that our Task Force's recommendations will put us on the right track in helping to protect our networks from attacks that could threaten both our national and economic security."
Rep. Bob Goodlatte: "I applaud the work of the Task Force and in particular Chairman Thornberry. I look forward to continuing our efforts in this important and vital area. These recommendations provide an excellent framework for the House to craft legislation relating to cybersecurity."
Rep. Robert Hurt: "I appreciate the opportunity to be a part of the Cybersecurity Task Force and to work with my colleagues on cybersecurity policy, and I want to thank Congressman Thornberry for his leadership on this very important issue. Cybersecurity affects nearly every aspect of our lives -- our economy, financial sector, national security, and daily communications -- and it is critical that we take the necessary steps to increase our cybersecurity protections across the country. Together, the Task Force has produced a unified set of recommendations that will help modernize our approach to cybersecurity to keep pace with the evolving threats, while remaining committed to the principles of a limited government, the protection of individual privacy and property rights, a commitment to safety and security, and a partnership with the private sector. As we all work together to implement solutions to address the growing threats of cyber attacks, it is my hope that both the House and the Senate will act on these recommendations."
Rep. Bob Latta: "The security of our Nation's information networks is a critical matter of personal privacy and economic competitiveness. The recommendations of the Task Force will be used to educate Members of Congress, as well as constituents, about the gravity of this issue. If 85 percent of the threats to our information systems can be prevented with public knowledge and best practices, we can go a long way to reducing cyber attacks."
Rep. Dan Lungren: "The world of cyberthreats and cyberwarfare is upon us. We have to establish cybersecurity as a priority sooner rather than later. The consensus among experts is that 85% of current cyberthreats can be thwarted by current cyber hygiene. Public awareness is one of our first priorities."
Rep. Mike McCaul: "Admiral Mike Mullen has called cyber warfare one of the greatest threats to our national security. Today this task force is ready to move forward to address our most critical needs. Our recommendations echo many of those in the CSIS report we presented to the President when he took office including securing federal networks from theft and espionage, and protecting our critical infrastructure. I look forward to swift progress passing many of the ideas where we have agreement including my Cybersecurity Enhancement Act, which unanimously passed through committee and awaits a vote on the House floor."
Rep. Tim Murphy: "The new frontier of national security is cybersecurity. The recommendations unveiled this week were developed out of the experiences and ideas of national security experts, private sector innovators, and our congressional colleagues with an understanding of the dangers that come with electronic vulnerability. Our framework centers on the premise that cybersecurity entails all aspects of our society, from government business to commercial transactions to our national infrastructure."
Rep. Steve Stivers: "The cyber threat is real and impacts all aspects of our lives, including our jobs, national security, and personal information. As a member of the House Cybersecurity Task Force, I believe the recommendations will ensure the federal government leads by example, protects critical infrastructure, and creates incentives for private sector companies to adopt cybersecurity protection standards. By strengthening a partnership with the private sector, the federal government can step up cybersecurity protections, and at the same time raise awareness for all Americans to do our part to protect ourselves and our way of life."
Rep. Lee Terry: "After months of work on the Cyber Task Force, one thing is very clear, and that is that our country is in need of sound policy that will protect us from 21st century attacks to our critical infrastructure. I am confident that the framework we are providing the Speaker will help to shape this needed policy as Committees begin their work in drafting legislative language."