|
S.773 Title: A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes. Sponsor: Sen Rockefeller, John D., IV (introduced 4/1/2009) Cosponsors (3)
Latest Major Action: 4/1/2009 Referred to Senate committee. Status: Read twice and referred to the Committee on Commerce, Science, and Transportation.
<snip>
SEC. 2. FINDINGS.
The Congress finds the following:
(1) America's failure to protect cyberspace is one of the most urgent national security problems facing the country.
(2) Since intellectual property is now often stored in digital form, industrial espionage that exploits weak cybersecurity dilutes our investment in innovation while subsidizing the research and development efforts of foreign competitors. In the new global competition, where economic strength and technological leadership are vital components of national power, failing to secure cyberspace puts us at a disadvantage.
(3) According to the 2009 Annual Threat Assessment, `a successful cyber attack against a major financial service provider could severely impact the national economy, while cyber attacks against physical infrastructure computer systems such as those that control power grids or oil refineries have the potential to disrupt services for hours or weeks' and that `Nation states and criminals target our government and private sector information networks to gain competitive advantage in the commercial sector.'.
(4) The Director of National Intelligence testified before the Congress on February 19, 2009, that `a growing array of state and non-state adversaries are increasingly targeting-for exploitation and potentially disruption or destruction-our information infrastructure, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries' and these trends are likely to continue.
(5) John Brennan, the Assistant to the President for Homeland Security and Counterterrorism wrote on March 2, 2009, that `our nation's security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated.'.
(6) Paul Kurtz, a Partner and chief operating officer of Good Harbor Consulting as well as a senior advisor to the Obama Transition Team for cybersecurity, recently stated that the United States is unprepared to respond to a `cyber-Katrina' and that `a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector.'.
(7) The Cyber Strategic Inquiry 2008, sponsored by Business Executives for National Security and executed by Booz Allen Hamilton, recommended to `establish a single voice for cybersecurity within government' concluding that the `unique nature of cybersecurity requires a new leadership paradigm.'.
(8) Alan Paller, the Director of Research at the SANS Institute, testified before the Congress that `the fight against cybercrime resembles an arms race where each time the defenders build a new wall, the attackers create new tools to scale the wall. What is particularly important in this analogy is that, unlike conventional warfare where deployment takes time and money and is quite visible, in the cyber world, when the attackers find a new weapon, they can attack millions of computers, and successfully infect hundreds of thousands, in a few hours or days, and remain completely hidden.'.
(9) According to the February 2003 National Strategy to Secure Cyberspace, `our nation's critical infrastructures are composed of public and private institutions in the sectors of agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking finance, chemicals and hazardous materials, and postal and shipping. Cyberspace is their nervous system--the control system of our country' and that `the cornerstone of America's cyberspace security strategy is and will remain a public-private partnership.'.
(10) According to the National Journal, Mike McConnell, the former Director of National Intelligence, told President Bush in May 2007 that if the 9/11 attackers had chosen computers instead of airplanes as their weapons and had waged a massive assault on a U.S. bank, the economic consequences would have been `an order of magnitude greater' than those cased by the physical attack on the World Trade Center. Mike McConnell has subsequently referred to cybersecurity as the `soft underbelly of this country.'.
(11) The Center for Strategic and International Studies report on Cybersecurity for the 44th Presidency concluded that (A) cybersecurity is now a major national security problem for the United States, (B) decisions and actions must respect privacy and civil liberties, and (C) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure. The report continued stating that the United States faces `a long-term challenge in cyberspace from foreign intelligence agencies and militaries, criminals, and others, and that losing this struggle will wreak serious damage on the economic health and national security of the United States.'.
(12) James Lewis, Director and Senior Fellow, Technology and Public Policy Program, Center for Strategic and International Studies, testified on behalf of the Center for Strategic and International Studies that `the United States is not organized and lacks a coherent national strategy for addressing' cybersecurity.
(13) President Obama said in a speech at Purdue University on July 16, 2008, that `every American depends--directly or indirectly--on our system of information networks. They are increasingly the backbone of our economy and our infrastructure; our national security and our personal well-being. But it's no secret that terrorists could use our computer networks to deal us a crippling blow. We know that cyber-espionage and common crime is already on the rise. And yet while countries like China have been quick to recognize this change, for the last eight years we have been dragging our feet.' Moreover, President Obama stated that `we need to build the capacity to identify, isolate, and respond to any cyber-attack.'.
(14) The President's Information Technology Advisory Committee reported in 2005 that software is a major vulnerability and that `software development methods that have been the norm fail to provide the high-quality, reliable, and secure software that the IT infrastructure requires. . . . Today, as with cancer, vulnerable software can be invaded and modified to cause damage to previously healthy software, and infected software can replicate itself and be carried across networks to cause damage in other systems.'.
<snip>
SUMMARY AS OF:
4/1/2009--Introduced.
Cybersecurity Act of 2009 - Directs the President to establish or designate a Cybersecurity Advisory Panel to advise the President.
Defines "cyber" as: (1) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and (2) any matter relating to, or involving the use of, computers or computer networks.
Directs the Secretary of Commerce to: (1) develop and implement a system to provide cybersecurity status and vulnerability information regarding all federal information systems and networks managed by the Department of Commerce; and (2) provide financial assistance for the creation and support of Regional Cybersecurity Centers for small and medium sized U.S. businesses.
Requires the National Institute of Standards and Technology (NIST) to establish cybersecurity standards for all federal government, government contractor, or grantee critical infrastructure information systems and networks.
Makes NIST responsible for U.S. representation in all international cybersecurity standards development.
Directs the Secretary to develop or coordinate a national licensing, certification, and recertification program for cybersecurity professionals and makes it unlawful to provide certain cybersecurity services without being licensed and certified.
Requires Advisory Panel approval for renewal or modification of a contract related to the operation of the Internet Assigned Numbers Authority.
Requires development of a strategy to implement a secure domain name addressing system.
Requires the National Science Foundation (NSF) to support specified types of research and to establish a program of grants to higher education institutions to establish cybersecurity testbeds.
Amends the Cybersecurity Research and Development Act to expand the purposes of an existing program of computer and network security research grants.
Requires the NSF to establish a Federal Cyber Scholarship-for-Service program.
Requires NIST to establish cybersecurity competitions and challenges to recruit talented individuals for the federal information technology workforce and stimulate innovation.
Requires the Department of Commerce to serve as the clearinghouse of cybersecurity threat and vulnerability information. Grants the Secretary access to all relevant data concerning such networks notwithstanding any law or policy restricting access.
Directs the President to: (1) develop and implement a comprehensive national cybersecurity strategy; (2) on a quadrennial basis, complete a review of the cyber posture of the United States; and (3) work with representatives of foreign governments to develop norms, organizations, and other cooperative activities for international engagement to improve cybersecurity.
Requires the Director of National Intelligence and the Secretary of Commerce to submit to Congress an annual report on cybersecurity threats to and vulnerabilities of critical national information, communication, and data network infrastructure.
Establishes a Secure Products and Services Acquisitions Board to review and approve high value products and services acquisition and establish validation standards for software to be acquired by the federal government.
--------------------------------------------------------------------------------
MAJOR ACTIONS: ***NONE***
--------------------------------------------------------------------------------
ALL ACTIONS: 4/1/2009:
Read twice and referred to the Committee on Commerce, Science, and Transportation.
--------------------------------------------------------------------------------
TITLE(S): (italics indicate a title for a portion of a bill)
***NONE***
--------------------------------------------------------------------------------
COSPONSORS(3), ALPHABETICAL : (Sort: by date)
Sen Bayh, Evan - 4/2/2009 Sen Nelson, Bill - 4/1/2009
Sen Snowe, Olympia J. - 4/1/2009
--------------------------------------------------------------------------------
COMMITTEE(S):
Committee/Subcommittee: Activity:
Senate Commerce, Science, and Transportation Referral, In Committee
more at http://thomas.loc.gov |
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
