BREAK IN TRANSCRIPT
Mr. ISSA. Mr. Speaker, I yield myself such time as I may consume.
Cybersecurity threats represent one of the most serious national security and economic challenges we face in our Nation. Whether it's criminal hackers, organized crime, terrorist networks, or nation-states, our Nation is under siege from dangerous cybersecurity threats that grow daily in frequency and sophistication.
It is critical that the Federal Government address cybersecurity threats in a manner that keeps pace with our Nation's growing dependence on technology, but current Federal law does not adequately address the nature of today's cybersecurity threats.
Since the enactment in 2002 of the Federal Information Security Management Act, or FISMA, it has become a ``check the box'' compliance activity that all too often has little to do with minimizing cyber threats. And yet the Government Accountability Office recently found that security incidents among 24 key agencies increased by 650 percent, or more than six-fold, in the last 5 years.
To address the rising challenge posed by cyber threats, Ranking Member Cummings and I introduced last Congress a bill to reauthorize FISMA. That bill was adopted by the House unanimously.
Recently, Mr. Cummings and I reintroduced that legislation as H.R. 1163, the Federal Information Security Amendments Act of 2013. The bill was voted out of our committee by unanimous vote on March 20. This bill aims to harness the last decade of technological innovation in securing Federal information systems.
To enhance the current framework of securing Federal information technology systems, our bill calls for automated and continuous monitoring of government information systems--and I'm going to repeat--automated and continuous monitoring of government information systems. And it ensures that continuous monitoring finally incorporates regular threat assessments, not just ``check the box.''
The bill also reaffirms the role of the Office of Management and Budget with respect to FISMA, recognizing that the budgetary leverage of the Executive Office of the President is necessary to ensure agencies are focused on effective security IT systems. Mr. Speaker, that's particularly significant because IT is the backbone of every single large and small agency of the government; and only with the power of the President through the Office of Management and Budget can you, in fact, ensure that the President has transparency and his authority is respected throughout all these agencies.
We can no longer afford the ``check the box'' that came out of the first piece of legislation. It wasn't its intent, and the six-fold increase in the last 5 years says it has failed us.
While our bill does not include new requirements, restrictions, or mandates on private, non-Federal computer systems, H.R. 1163 does highlight the need for stronger public-private partnership. Again, as we interface over the public Internet, it is critical that the weakest link be prevented. To that extent, this bill has received strong support from cybersecurity experts and industry, including TechAmerica, the Information Technology Industry Council, and the Business Software Alliance.
I'd like to personally thank Ranking Member Cummings for partnering, both personally and through his staff, to create a bill that is necessary, timely, and accurate to meet the growing threat of cybersecurity.
I encourage all Members to support this timely legislation, and I reserve the balance of my time.
BREAK IN TRANSCRIPT
Mr. ISSA. Mr. Speaker, I yield myself 1 1/2 minutes.
I want to associate myself with the ranking member's statements.
Mr. Cummings does make the great point that Homeland Security is, in fact, doing a great deal. And if there is an active activity through NSA and other agencies, we applaud that.
A great deal of what this bill reauthorization is intended to do, in working with the subcommittee ranking member Mr. Connolly, is to recognize that there needs to be a public-private partnership. We need our private entities to be as strong as they can be so they don't become conduits for espionage and for attacks. But also that, in fact, it's the smallest entity of government, the one that you don't think much of, the one that may not be high priority that, in fact, also has to be protected: commerce at our public parks; commerce occurring throughout the Federal Government; and, in fact, just the records that are so often collected and maintained in places like the Veterans Administration and so on.
Although they may not represent an immediate threat to national security, as a veteran, I must tell you the fact that those records sit there tells all of us, millions of veterans, that we want to have a robust maintenance of cybersecurity, something that under the current statute we believe the box is being checked, but not all that needs to be done is being done.
I reserve the balance of my time.
BREAK IN TRANSCRIPT
Mr. ISSA. Mr. Chairman, I yield myself the balance of my time.
Mr. Speaker, H.R. 1163 has many authors: Mr. Cummings and myself, Mr. Connolly, Mr. Chaffetz, Mr. Tierney. It also has every committee chairman and every ranking member here in the House. And I would like to take a moment to thank all the committee chairmen of Homeland Security, Foreign Affairs, and House Administration, because staffs from all of those committees, particularly with the acquiescence of the chairmen and ranking members, have contributed to our fact-finding to try to produce a good bill here today.
I think often our committee is viewed as, what is your authority and so on. This is an odd situation in which, in order for us to bring the bill here today, we really needed all the agencies and all the personnel here to be brought to bear so that we could try to fashion a piece of legislation that would allow the Federal Government to work better, that would allow the executive branch to execute better on behalf of the American people.
Lastly, I would like to thank the outside groups, many of which I mentioned in my opening statement, but even more who responded when this bill was posted for comment. They responded with constructive suggestions.
I know there is a lot of trepidation any time the government is, in fact, looking at data passing through the system, but this and other legislation is a balancing act. We cannot have the economy that we enjoy today if these systems are shut down by attacks. At the same time, I know I join with the ranking member and all of the authors of this legislation in that we are committed to making sure we maintain the personal freedom and the privacy that goes with what we are entrusted to here in the government.
So, in closing, Mr. Speaker, this is an update. It is not the last time we will have to update cybersecurity. It is not the last time we will be here concerned about America's economy so dependent on the Internet, but it is a good bill. It is ready.
I urge its approval, and I yield back the balance of my time.
BREAK IN TRANSCRIPT