A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.
Version History
3To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.CommentsClose CommentsPermalink
April 1, 2009
Mr. ROCKEFELLER (for himself, Ms. SNOWE, and Mr. NELSON of Florida) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation
A BILLCommentsClose CommentsPermalink
To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.CommentsClose CommentsPermalink
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,CommentsClose CommentsPermalink
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) SHORT TITLE- This Act may be cited as the ‘Cybersecurity Act of 2009’.
(b) TABLE OF CONTENTS- The table of contents for this Act is as follows:
Sec. 1. Short title; table of contents.
Sec. 2. Findings.
Sec. 3. Cybersecurity Advisory Panel.
Sec. 4. Real-time cybersecurity dashboard.
Sec. 5. State and regional cybersecurity enhancement program
Sec. 6. NIST standards development and compliance.
Sec. 7. Licensing and certification of cybersecurity professionals.
Sec. 8. Review of NTIA domain name contracts.
Sec. 9. Secure domain name addressing system.
Sec. 10. Promoting cybersecurity awareness.
Sec. 11. Federal cybersecurity research and development
Sec. 12. Federal Cyber Scholarship-for-Service program.
Sec. 13. Cybersecurity competition and challenge.
Sec. 14. Public-private clearinghouse
Sec. 15. Cybersecurity risk management report.CommentsClose CommentsPermalink
Sec. 16. Legal framework review and report.
Sec. 17. Authentication and civil liberties report.
Sec. 18. Cybersecurity responsibilities and authorities
Sec. 19. Quadrennial cyber review.
Sec. 20. Joint intelligence threat assessment.
Sec. 21. International norms and cybersecurity deterrence measures.
Sec. 22. Federal Secure Products and Services Acquisitions Board
Sec. 23. Definitions.
SEC. 2. FINDINGS.
The Congress finds the following:
(1) America’s failure to protect cyberspace is one of the most urgent national security problems facing the country.
(2) Since intellectual property is now often stored in digital form, industrial espionage that exploits weak cybersecurity dilutes our investment in innovation while subsidizing the research and development efforts of foreign competitors. In the new global competition, where economic strength and technological leadership are vital components of national power, failing to secure cyberspace puts us at a disadvantage.
(3) According to the 2009 Annual Threat Assessment, ‘a successful cyber attack against a major financial service provider could severely impact the national economy, while cyber attacks against physical infrastructure computer systems such as those that control power grids or oil refineries have the potential to disrupt services for hours or weeks’ and that ‘Nation states and criminals target our government and private sector information networks to gain competitive advantage in the commercial sector.’.
(4) The Director of National Intelligence testified before the Congress on February 19, 2009, that ‘a growing array of state and non-state adversaries are increasingly targeting-for exploitation and potentially disruption or destruction-our information infrastructure, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries’ and these trends are likely to continue.
(5) John Brennan, the Assistant to the President for Homeland Security and Counterterrorism wrote on March 2, 2009, that ‘our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated.’.
(6) Paul Kurtz, a Partner and chief operating officer of Good Harbor Consulting as well as a senior advisor to the Obama Transition Team for cybersecurity, recently stated that the United States is unprepared to respond to a ‘cyber-Katrina’ and that ‘a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector.’.
(7) The Cyber Strategic Inquiry 2008, sponsored by Business Executives for National Security and executed by Booz Allen Hamilton, recommended to ‘establish a single voice for cybersecurity within government’ concluding that the ‘unique nature of cybersecurity requires a new leadership paradigm.’.
(8) Alan Paller, the Director of Research at the SANS Institute, testified before the Congress that ‘the fight against cybercrime resembles an arms race where each time the defenders build a new wall, the attackers create new tools to scale the wall. What is particularly important in this analogy is that, unlike conventional warfare where deployment takes time and money and is quite visible, in the cyber world, when the attackers find a new weapon, they can attack millions of computers, and successfully infect hundreds of thousands, in a few hours or days, and remain completely hidden.’.
(9) According to the February 2003 National Strategy to Secure Cyberspace, ‘our nation’s critical infrastructures are composed of public and private institutions in the sectors of agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking finance, chemicals and hazardous materials, and postal and shipping. Cyberspace is their nervous system--the control system of our country’ and that ‘the cornerstone of America’s cyberspace security strategy is and will remain a public-private partnership.’.
http://www.opencongress.org/bill/111-s773/textBooz Allen Hamilton is supporting it!