8 February 2002
Source:
http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile/latest&f=02020702.plt&t=/products/washfile/newsitem.shtml
US Department of State
International Information Programs
Washington File
_________________________________
07 February 2002
(Measure designed to fund research to protect infrastructure) (460)
By Merle D. Kellerhals, Jr.
Washington File Staff Writer
Washington -- The U.S. House of Representatives overwhelmingly
approved legislation February 7 that would provide $877.85 million
over five years to fund research among colleges, universities and
research organizations to develop ways to protect the nation's
computer networks from attack by terrorists and hackers.
"A cyber attack could knock out electricity, drinking water and sewage
systems, financial institutions, assembly lines and communications,"
House Science Committee Chairman Sherwood Boehlert, a New York
Republican, said February 7.
The House voted 400-12 for the "Cyber Security Research and
Development Act," which now goes to the U.S. Senate for consideration.
Boehlert said "the attacks of September 11th have turned our attention
to the nation's weaknesses, and again we find that our capacity to
conduct research and to educate will have to be enhanced if we are to
counter our foes over the long run. No less than the Cold War, the war
against terrorism will have to be waged in the laboratory as well as
on the battlefield."
The legislation creates research grants at the National Science
Foundation and the National Institute of Standards and Technology to
enhance computer security.
President Bush made securing the nation's critical infrastructure an
administration priority following the September 11th terrorist attacks
on the United States. He signed an executive order October 16, 2001 to
create the Critical Infrastructure Board to recommend policies and
coordinate programs for protecting information systems.
Critical infrastructures include telecommunications, electrical power
systems, gas and oil storage and transportation, banking and finance,
transportation, water supply systems, emergency services (including
medical, police, fire, and rescue), and continuity of government.
Threats to these critical infrastructures fall into two categories:
physical threats to tangible property and threats of electronic,
radio-frequency, or computer-based attacks on the information or
communications components that control critical infrastructures
("cyber threats").
CIA Director George Tenet said in April 1998 that the United States is
"currently building an information infrastructure -- the most complex
systems the world has ever known -- on an insecure foundation. We have
ignored the need to build trust into our systems. Simply hoping that
someday we can add the needed security before it is too late is not a
strategy."
Tenet said that U.S. national security and economic well being depend
upon a secure infrastructure system. A CIA report made public last
year indicates that the United States, China and Russia are training
soldiers to attack and defend targets through use of the global
Internet.
(The Washington File is a product of the Office of International
Information Programs, U.S. Department of State. Web site:
http://usinfo.state.gov)
[Congressional Record: February 7, 2002 (House)]
[Page H206-H215]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr07fe02-62]
CYBER SECURITY RESEARCH AND DEVELOPMENT ACT
The SPEAKER pro tempore (Mr. Shimkus). Pursuant to House Resolution
343 and rule XVIII, the Chair declares the House in the Committee of
the Whole House on the State of the Union for the consideration of the
bill, H.R. 3394.
{time} 1048
In the Committee of the Whole
Accordingly, the House resolved itself into the Committee of the
Whole House on the State of the Union for the consideration of the bill
(H.R. 3394) to authorize funding for computer and network security
research and development and research fellowship programs, and for
other purposes, with Mr. Sununu in the chair.
The Clerk read the title of the bill.
The CHAIRMAN. Pursuant to the rule, the bill is considered as having
been read the first time.
Under the rule, the gentleman from New York (Mr. Boehlert) and the
gentleman from Texas (Mr. Hall) each will control 30 minutes.
The Chair recognizes the gentleman from New York (Mr. Boehlert).
General Leave
Mr. BOEHLERT. Mr. Chairman, I ask unanimous consent that all Members
may have 5 legislative days within which to revise and extend their
remarks and to include extraneous material on H.R. 3394.
The CHAIRMAN. Is there objection to the request of the gentleman from
New York?
There was no objection.
Mr. BOEHLERT. Mr. Chairman, I yield myself such time as I may
consume.
Mr. Chairman, I am honored to bring H.R. 3349, The Cyber Security
Research and Development Act, before the House. Like other
congressional responses to terrorism, this is a bipartisan bill. I want
especially to thank our ranking minority member, the gentleman from
Texas (Mr. Hall), who joined me in introducing this bill; the gentleman
from Washington (Mr. Baird), whose own legislation is incorporated in
H.R. 3394; the gentleman from Michigan (Mr. Smith) and the gentleman
from Michigan (Dr. Ehlers) who chair the subcommittee with jurisdiction
over this bill, and their ranking members, the gentlewoman from Texas
(Ms. Johnson) and the gentleman from Michigan (Mr. Barcia).
Also, I would be remiss if I did not thank Dr. Bill Wulf, the
president of the National Academy of Engineering and one of the
Nation's leading computer scientists, whose ideas were the inspiration
for so much of this legislation.
I am convinced that over time H.R. 3394 will come to be seen as a
fundamental turning point in the Nation's approach to cybersecurity.
This bill is the equivalent of legislation the Congress passed in the
wake of the Sputnik launch in the late 1950s.
We will recall that the unexpected Soviet launch of the Sputnik
forced us to focus on the Nation's deficiencies in science and led us
to pass breathtaking, and, it turned out, overwhelmingly effective
legislation to improve
[[Page H207]]
the Nation's ability to conduct research and educate students.
Similarly, the attacks of September 11 have turned our attention to
the Nation's weaknesses, and, again, we find our capacity to conduct
research and to educate will have to be enhanced if we are to counter
our foes over the long run. No less than the Cold War, the war against
terrorism will have to be waged in the laboratory as well as on the
battlefield.
And I would add that I am pleased that the Committee on Science,
which was created in response to the Sputnik launch, will help lead the
effort to ensure our Nation's laboratories are up to the challenge.
One of the most critical problems our Nation's researchers need to
focus on is how to protect our Nation's computers systems and networks
from attack. For a while, most Americans have been focused exclusively
on the hijackings and the bombings and bioterrorism. The experts tell
us that the Nation is also profoundly at risk from cyber terrorism.
That is a new word that has entered our vocabulary, unfortunately, but
it is one we have to be constantly aware of, and we have to prepare.
In an era when virtually all the tools of our daily lives are
connected to and rely upon computer networks, a cyberattack could knock
out electricity, drinking water and sewage systems, financial
institutions, assembly lines and communications, and that is just
naming a few. We must improve our ability to respond to these threats,
and our response must go beyond immediate defensive measures. That is
not good enough.
We need to conduct the research and development necessary to make
computers and networks much harder to break into and much less subject
to damage when they are violated. That will require a focused, well-
funded research and development effort in cybersecurity, something we
are sorely lacking now.
In fact, expert witnesses at our Committee on Science hearings have
described the current state of cyber security research as woefully
underfunded, understaffed, timid, unimaginative and leaderless. That is
not good enough. H.R. 3394 will change all of that.
Our bill capitalizes on the expertise of two well-run Federal
agencies with historic links to both academia and industry necessary to
jump-start our cybersecurity efforts.
Under the bill the National Science Foundation will fund the creation
of new cybersecurity research centers, undergraduate and master's
degree programs and graduate fellowships. The National Institute of
Standards and Technology will create new program grant for partnerships
between academia and industry, new postdoctoral fellowships and a new
program to encourage senior researchers in other fields to work on
computer security.
The result over the next several years will be to promote new
research that produces innovative, creative approaches to computer
security, to draw more researchers into the field, and to develop a
cadre of students who will become the next generation of cybersecurity
researchers.
This approach is measured and targeted, and it will be successful. As
with the programs that were created in response to Sputnik, the
programs in H.R. 3394 will ensure that we make the long-term investment
in research and students needed to develop the tools that will protect
us from cyberattacks.
I want to emphasize, Mr. Chairman, that this bill will provide
funding for a wide range of research, a range far larger even than the
illustrative list that is even in the legislation. For example,
research would include work on firewall and antivirus technology,
vulnerability assessment, operations and control systems management,
and management of the interoperable digital certificates.
I also want to note that in addition to providing funding and
programming, this bill provides Federal leadership. The National
Science Foundation will have the responsibility of making sure that the
Nation's overall research and education enterprise is producing the
knowledge in students we need to combat cyberterrorism.
I have been asked by some, ``Cannot the private sector just take care
of this?'' Unfortunately, the answer is a resounding no. Even after
September 11, the private sector has little incentive to invest heavily
in cybersecurity because the market is more concerned with speed and
convenience. That is not my personal conclusion, that is what the
industry leaders in cybersecurity have said in testimony before our
committee.
In addition, we need to invest in our universities which will work
with private industry to do the basic research needed to come up with
radically new approaches to protecting our computer systems and to
attract the students who will keep the field healthy in the future.
That is why H.R. 3394 is endorsed by leading industry groups
including the National Association of Manufacturers, and the
Information Technology Association of America, as well as a wide range
of groups representing educational institutions.
The bill, I am pleased to report, is also supported by the
administration, which provided much guidance as H.R. 3394 moved through
our committee.
So I urge my colleagues to follow the lead of the Committee on
Science, which approved this bill without dissent. Years from now we
will see H.R. 3394 as the measure that galvanized the Federal
Government, industry and academia into eliminating the cybersecurity
weaknesses that today threaten our economy and our basic public
services. I urge support for this important bill.
Mr. Chairman, I reserve the balance of my time.
Mr. HALL of Texas. Mr. Chairman, I yield myself such time as I may
consume.
(Mr. HALL of Texas asked and was given permission to revise and
extend his remarks.)
Mr. HALL of Texas. Mr. Chairman, I rise in support of the Cyber
Security Research and Development Act. It is a bill that committee has
worked in a bipartisan manner, and I think it fills a very important
gap in current information technology research programs, namely the
need for improved security for our computers and digital communication
networks.
I, of course, congratulate and thank the Committee on Science
chairman, the gentleman from New York (Mr. Boehlert). He has done a
very good job of laying out the thrust of the bill, and I also thank
him for his leadership and thank him for working so closely with me and
with others on our side of the dock to bring this bill to this stage.
I also want to acknowledge the work of my colleague, the gentleman
from Washington (Mr. Baird), a clinical psychologist before he came to
the Congress, a man that has unusual ability and is knowledgeable about
research and development. Actually, it was a provision pertaining to
the National Institute of Standards and Technology, his provisions that
originated in his bill, that we have used in this bill.
Many systems that are vital to the Nation such as electric power
grids, transportation and financial services, all of these rely on the
transfer of information through computer networks.
{time} 1100
The trend in recent years of interconnecting computer networks has
had some unintended consequences, one of them being making access of
these very critical systems easier for criminals and actually
potentially easier for terrorists, and that is something that we are
very aware of today.
As a result, there have been an increased number of assaults on
network systems. Computer viruses, attacks by computer hackers, and
electronic identification theft have become more common. The events of
last fall, as the chairman stated, have made us all realize just how
vulnerable we are to attack, and we now understand that we have to
enhance the protection of the Nation's physical and electronic
infrastructure.
Mr. Chairman, H.R. 3394 establishes substantial new research programs
also at the National Science Foundation and the National Institute of
Standards and Technology. The goal of both of these multiyear programs
is not only to advance computer security research but also to expand
the community of computer security researchers.
These programs will support graduate students. They will support
post-doctoral researchers and senior researchers while encouraging
stronger ties between universities and industry.
The key to ensure information security for the long term is to
establish a
[[Page H208]]
vigorous and creative basic research effort focused on the security of
networked information systems. H.R. 3394 will make a major contribution
toward accomplishing this goal.
Mr. Chairman, I commend this measure to my colleagues and ask for
their support and ask for its passage by this House.
Mr. Chairman, I reserve the balance of my time.
Mr. BOEHLERT. Mr. Chairman, I am pleased to yield 3 minutes to the
distinguished gentleman from Michigan (Mr. Smith), who is the chairman
of the Subcommittee on Research of the Committee on Science and has
been a leader in this overall effort.
Mr. SMITH of Michigan. Mr. Chairman, we learned from the September 11
attack and from the information gathered in Afghanistan to expect the
unexpected.
Part of the new commitment to homeland security is improving the
security of our Nation's computer and networking infrastructure. In the
past decade this networking has been firmly embedded in our economy,
and we have become more dependent on these technologies. Whether it is
delivering agricultural products or supporting banking and financial
markets, moving electricity along interconnected grids, providing
government services or maintaining our national defense, we have become
dependent on computer networks for our economic and national security.
The networks I think also are a potent symbol of our open society and
free markets which thrive on the uninhibited flow of information.
However, the technological advancement in computers and software and
the networking and information technology which is a bill, H.R. 3400,
which is coming before this body in the next several weeks, the
potential threat of cyberattack is real and growing. Terrorists will
always probe for our weakest points, so we must remain vigilant and
confront these new realities.
As we become even more dependent on computer networks and as
terrorists become more technologically sophisticated, we should
anticipate the possibility of attacks launched on cyberspace.
Computer viruses, computer hackers, electronic identification theft
are just a few of the new challenges we face. What is needed is this
bill, which moves us into a comprehensive plan to address the growing
linkages between national security and cybersecurity. We need to engage
the best minds in America to make us immune from these kinds of
attacks.
H.R. 3394 does just that. It authorizes research programs at the
National Science Foundation and the National Institute of Standards and
Technology to decrease the vulnerability of our computer systems and
address emergency problems related to computer networking and
infrastructure.
Mr. Chairman, I think it is very important that we have coordination
among all government agencies in this effort, especially the military
complex, if we are to be efficient, effective and if we are to succeed.
We need this kind of legislation to move ahead; and I just want to
commend the gentleman from Texas (Mr. Hall), and certainly our
chairman, for the inspiration to timely move this bill forward; and I
urge all my colleagues to support it.
Mr. HALL of Texas. Mr. Chairman, I yield the balance of my time to
the gentleman from Washington (Mr. Baird), for purposes of control.
The CHAIRMAN. Without objection, the gentleman from Washington (Mr.
Baird) will control the time.
There was no objection.
Mr. BAIRD. Mr. Chairman, I yield myself such time as I may consume.
I would like to begin by commending and thanking the gentleman from
New York (Mr. Boehlert) and the gentleman from Texas (Mr. Hall) for
their leadership on this matter. I am tremendously honored that they
have chosen to include my computer security bill, which establishes a
research and development program on computer and network security
grants to the National Institute of Standards and Technology in today's
bill.
The chairman's legislation will address long-term needs in securing
the Nation's information infrastructure as well as securing or
strengthening the security of the nonclassified computer systems of
Federal agencies.
Because of September 11, focus and attention has been focused in an
unprecedented way on increasing our security against terrorism. Today,
security has to mean more than locking doors and installing metal
detectors. In addition to physical security, virtual systems that are
vital to the Nation's economy must be protected. Telecommunications and
computer technologies are vulnerable to attack from far away by enemies
who can remain anonymous, hidden in the vast maze of the Internet.
Examples of systems that rely on computer networks include the electric
power grid, rail networks, and financial transaction networks.
I should commend the gentleman from New York (Mr. Boehlert),
particularly, and former chair of the committee, the gentlewoman from
Maryland (Mrs. Morella), for their foresight in this because prior to
September 11 they had both had the foresight to conduct numerous
hearings on the issue of computer security. It is that kind of forward
thinking that we need and now in the post-September 11 time have the
opportunity to implement some of these measures that came forward in
those hearings.
The vulnerability of the Internet computer viruses, denial of service
attacks and defaced Web sites is well-known to the general public. Such
widely reported and indeed widely experienced events have increased in
frequency over time. These attacks disrupt business and government
activities, sometimes resulting in significant recovery costs. We have
yet to face a catastrophic cyberattack thus far; but Richard Clarke,
the President's new terrorism czar, has said that the government must
make cybersecurity a priority or we face the possibility of what he
termed a ``digital Pearl Harbor.''
Potentially vulnerable computer systems are largely owned and
operated by the private sector, but the government has an important
role in supporting the research and development activities that will
provide the tools for protecting information systems. An essential
component for ensuring improved information security is a vigorous and
creative basic research effort focused on the security of networked
information systems.
Witnesses at our Committee on Science hearings last year noted the
anemic level of funding for research on computer and network security.
Such lack of funding has resulted in the lack of a critical mass of
researchers in the field and has severely limited the focus of
research. The witnesses at the hearings advocated increased and
sustained research funding from the Federal Government to support both
expanded training and research on a long-term basis.
The chairman's bill will provide the resources necessary to ensure
the security of business networks and the safety of America's computer
infrastructure. I would like to thank the staff of the Committee on
Science for their good work on this, as well as my own staff member,
Brooke Jamison. I would urge all Members to support this important
measure.
Mr. Chairman, I reserve the balance of my time.
Mr. BOEHLERT. Mr. Chairman, I am pleased to yield 3 minutes to the
distinguished gentleman from Michigan (Mr. Ehlers), a scientist in his
own right and a legislator of the first order. He is the chair of our
key Subcommittee on Environment, Technology and Standards; and I am
pleased to yield the time to him.
(Mr. EHLERS asked and was given permission to revise and extend his
remarks.)
Mr. EHLERS. Mr. Chairman, I appreciate this opportunity to rise in
support of H.R. 3394, a piece of legislation that is badly needed.
Most of the citizens of this land do not understand the broad
dimensions of the problems of cybersecurity. I was privileged a few
years ago to write a report for the cybersecurity of NATO parliamentary
assembly but which was under the chairmanship of the gentleman from New
York (Mr. Boehlert) at that time, and it was a real eye-opener to look
into all of the dimensions of cybersecurity, both hardware and
software.
On the hardware end, we are extremely vulnerable as a Nation in many
ways, particularly to a high-level nuclear explosion, which would
probably have no direct casualties but
[[Page H209]]
could wipe out most of the computers and microprocessors in this
Nation.
This bill addresses primarily the other dimension of security and
that is the software problem. We have been very fortunate as a Nation
that most of the breaches of security that have taken place so far have
been caused by hackers, pranksters and petty thieves; but we are
extremely vulnerable in many other ways due to the proliferation of
computers in our country, and I am not referring just to the
proliferation of microprocessors which have essentially invaded our
homes, our businesses in numerous quantities. They are vulnerable in
different ways; but any time one attaches a computer to a network, they
are vulnerable to activities that take place on that network.
We have gained tremendously as a Nation through the use of computers
and networks, but we have not taken account of the tremendous
opportunities for breaches of security. It is essential that we train
our people to deal with these; but above all, we must begin by doing
more research in how we can deal with breaches of security. We know so
little about it that we are at a disadvantage and we are at the mercy
of the hackers, the pranksters, the thieves and, indeed, of other
countries.
It is essential that this bill pass; that we begin the process of
developing a superstructure and an infrastructure to deal with
cybersecurity. We need more research. We need more scholars. We need
more researchers, and we need more people who are capable of dealing
directly with problems that occur.
We have heard mention of the electric grid and other such things as
this; but it can appear in much more minor ways, simply denial of
service which costs our economy billions of dollars each year.
Recently, I had a call from someone who had received an e-mail sent by
way of a government department's computer. A hacker had gotten into
that computer and used this government's agency computer to send out
millions of e-mails to prevent service from major entities in this
country.
So I urge that we join together and we pass this bill and also be
sure to alert the American public of the nature of cyberterrorism,
cyberinsecurity and that we deal with this problem.
Mr. BAIRD. Mr. Chairman, I reserve my time.
The CHAIRMAN. Without objection, the gentlewoman from Maryland (Mrs.
Morella) will control the majority's time.
There was no objection.
Mrs. MORELLA. Mr. Chairman, I am pleased to yield 2\1/2\ minutes to
the gentleman from Illinois (Mr. Weller).
Mr. WELLER. Mr. Chairman, I come to the floor and first want to
commend the gentleman from New York (Mr. Boehlert) and the gentleman
from Texas (Mr. Hall) for their bipartisan efforts to address an issue
that is so very important to our Nation's economy and Nation's
infrastructure.
We are at war today. We are at war against terrorism, and one of the
lessons of September 11 is no more complacency. Clearly our Nation's IT
infrastructure is one area where we historically have been very, very
complacent; and as we work to win this war on terrorism, we also must
work to strengthen our homeland security, and clearly this legislation,
the Cyber Security Research and Development Act, is part of our efforts
to strengthen our Nation's homeland security.
Our IT infrastructure is important. We use it in our everyday lives,
whether it is our banking, insurance, our schools, our businesses, how
we operate our utilities, and serve our Nation's infrastructure; and
all of it is in jeopardy of a cyberattack.
All of us have learned, I believe, over the last several years the
creativity of those who hack into our computer systems, those who
create computer viruses for malicious destruction, in many cases
causing billions of dollars of damage and costs to our Nation as well
as our global economy. Unfortunately, very little research and
development has been conducted in this important area of homeland
security, finding better ways to protect our Nation's information
technology systems.
The private sector historically has little incentive to invest
because the market emphasizes speed and convenience. Yet the Federal
Government historically has not filled the gap. This legislation is
important legislation and deserves bipartisan support and enlists our
Nation's universities as well as research institutions to find
solutions to protect and secure our Nation's IT infrastructure.
There is also more we need to do. I think we are all disappointed
after the House passed an economic stimulus package that the
accelerated depreciation component that this House passed was not
included in action in the other body. My hope is that the accelerated
depreciation which would help our businesses and private sector also
acquire the hardware and software to protect their IT systems will
eventually be included in a stimulus package that we send to the
President and get this economy moving again.
{time} 1115
Mr. BOEHLERT. Mr. Chairman, I yield 4 minutes to the distinguished
gentlewoman from Maryland (Mrs. Morella), who is one of the leaders of
the Committee on Science in so many areas, but particularly interested
in this important area.
Mrs. MORELLA. Mr. Chairman, it is with great pleasure that I rise as
a cosponsor of H.R. 3394, and I thank the gentleman from New York (Mr.
Boehlert) not only for his laudatory words but for his leadership as
chairman of the Science Committee in crafting this piece of legislation
and bringing it to the floor.
The ranking member, the gentleman from Texas (Mr. Hall), deserves to
be commended also for working together. As is often the case with
legislation from the Committee on Science, this bill is the outcome of
a tremendous bipartisan effort, and I urge my colleagues to support its
passage.
Computer networks and infrastructure have become one of America's
greatest assets. Our ingenuity in developing new and exciting
technologies to increase our productivity and quality of life have made
us the envy of the modern world. These devices have changed the way we
interact socially, conduct business, and have ingrained themselves in
every aspect of our lives. We have embraced them and will continue to
find exciting new ways to utilize these modern marvels.
Unfortunately, while these computer networks have given us great
freedom and access, they have also created a new vulnerability. Our
reliance on these networks creates a potential threat and the economic
and social consequences to an attack in cyberspace cannot be ignored.
In the past few months, we have been confronted with a number of
threats to our physical well-being and have taken numerous steps to
plug the many holes in our society's lax security practices. However,
along with securing our borders and providing for defense of the
homeland, we must also take steps to protect our virtual world.
As numerous hearings conducted in the House Committee on Science have
shown, it is clear that we have two major problems in cyberspace. The
first is that we have few, if any, standards as to what constitutes a
secured network, nor do we have generally accepted procedures to
evaluate our current systems and upgrade them with the most current
security protocols. The second is quite simply too little cybersecurity
research is being conducted by too few researchers and too few students
to lead to the breakthrough of advancements that we will need to secure
our networks in the 21st century.
To address our deficiencies in evaluation and implementation, last
session the House of Representatives passed H.R. 1259, a bill I
sponsored with the input of the gentleman from Washington (Mr. Baird)
and others, to upgrade the Computer Security Act of 1987 and give the
National Institute of Standards and Technology the authority to develop
and promote computer security standards within the Federal Government.
Located in my home district of Montgomery County, Maryland, NIST is our
Nation's premier developer of standards and guidelines and is ideally
suited to lead our efforts in the implementation of security practices
throughout our cyberworld.
Today, we take up the second issue. H.R. 3394 would provide critical
funds to investigators to conduct ground-breaking research, anticipate
future needs, and respond to new vulnerabilities. It supplies money to
develop multidisciplinary centers between academia, business interests,
[[Page H210]]
and government laboratories to further collaborative efforts. And it
creates fellowships and scholarships to assure that we are training a
sufficient number of new scientists to replace our current workforce
and meet our future needs.
H.R. 1259 and H.R. 3394 represent two sides of the same cybersecurity
coin. Implementation of current technology without inquiries into the
next generation of countermeasures and best practices is as useless as
research and development without evaluation and use. Last session, the
House overwhelmingly approved the first step toward protecting our
virtual presence with the passage of 1259, and today I urge my
colleagues to take the second. Research into cybersecurity is vital to
the health of our Nation. This bill provides the necessary tools.
I look forward to its passage and to working with Chairman Boehlert
and Ranking Member Hall in getting both H.R. 1259 and 3394 through the
Senate and into law.
Mr. BOEHLERT. Mr. Chairman, I yield 2 minutes to the gentleman from
Virginia (Mr. Goodlatte), the distinguished chair of the House
Republican High Technology Working Group, and the cochair of the
Congressional Internet Caucus, and a real leader in all aspects of
information technology.
Mr. GOODLATTE. Mr. Chairman, I thank the chairman for his kind words,
but I especially thank him for his leadership on this issue. I also
thank the gentleman from Texas (Mr. Hall), the ranking Democrat; the
gentleman from Texas (Mr. Smith), the chairman of the Subcommittee on
Crime, on which I serve; and the other cosponsors of this legislation
for their leadership in getting this done.
This is a serious problem in this country. We are vulnerable in many,
many ways to cybercrime and cyberterrorism, and this legislation will
help to cure that problem. We are not doing enough in the area of
research in this area. We are most certainly not doing enough in the
area of producing enough people to work in government and in the
private sector to make sure that the computer infrastructure of this
country is protected against hackers and criminals and terrorists. This
legislation is going to provide more resources for those colleges and
universities and other institutions that do this research and train the
people.
In this area, I have a university in my district, James Madison
University, which has been identified by the National Security Agency
as an institution of excellence in doing research and, more
importantly, education in this area. But when they sit down to write
the curriculum on how to prevent cybercrime, to teach people how to
work for companies or the government in protecting the computer
infrastructure, that curriculum does not even change on an annual
basis, does not even change on a monthly basis. It changes on a weekly
and daily basis as new information about viruses and other types of
computer activity used by criminals and terrorists take place.
So I am strongly supportive of this legislation. I look forward to
developing more curricula around the country to educate people and
provide the literally tens of thousands of new jobs we are going to
need in this country in this field, and this legislation lays the
groundwork. I commend the gentleman from New York and others for
bringing this legislation forward, and I strongly urge my colleagues to
support it.
Mrs. MORELLA. Mr. Chairman, I thank the gentleman from Virginia for
his comments, and I yield 4 minutes to the gentleman from Texas (Mr.
Smith), Chair of the Subcommittee on Crime, who helped to author this
bill.
Mr. SMITH of Texas. Mr. Chairman, I thank the gentlewoman from
Maryland and my colleague for yielding me this time.
Mr. Chairman, I support this legislation that increases the
cybersecurity networks at our universities, businesses, and national
laboratories. The facts speak for themselves. Last month, the CERT
Coordination Center operated by Carnegie Mellon University reported
that breaches in security of computer systems more than doubled from
the year 2000 to 2001: 52,000 incidents were reported in 2001, up from
22,000 the year before. By comparison, in 1995, the number of incidents
reported was only 2,400.
Last spring, the Subcommittee on Crime, of the Committee on the
Judiciary, that I chair, held a series of hearings on cybercrime. We
heard testimony from local, State, and Federal officials, as well as
individuals from the private sector. A common theme emerged: the demand
for highly-trained and skilled personnel to investigate computer crimes
is tremendous. This problem is compounded by the rapid advances in
technology which make continual training an absolute necessity.
In this new age we must have training both for a new generation of
cyberwarriors, whose most important weapon is not a gun but a laptop,
and for private sector companies who must continually protect their
Internet presence. This bill seeks to expand what many States and
cities are already doing: investing in cybersecurity training
initiatives.
Mr. Chairman, in my hometown, the University of Texas at San Antonio
has established the Center for Information Assurance and Security,
CIAS. The CIAS will be the hub of a city initiative to research,
develop, and address computer protection mechanisms to prevent and
detect intrusions of computer networks.
This collaborative effort of CIAS brings together the best and
brightest from the public sector, such as the Air Force Information
Warfare Center, Air Intelligence Agency, and the FBI. The private
sector, with such cybersecurity companies as Ball Aerospace, Digital
Defense, SecureLogix, SecureInfo, and Symantec, also are contributing
to this effort.
With funding provided in this bill, UTSA and dozens of other
universities will be able to train the next generation of
cyberwarriors, cyberdefenders, and what we call ``white hat netizens.''
This legislation supports the work at UTSA and other universities for
students who want to pursue computer security studies.
While the benefits of the digital age are obvious, the Internet also
has fostered an environment where hackers retrieve private data for
amusement, individuals distribute software illegally, and viruses
circulate with the sole purpose of debilitating computers. Mr.
Chairman, a well-trained and highly skilled force of cyberprotectors is
urgently needed, and I hope my colleagues will support this bill.
Mr. BOEHLERT. Mr. Chairman, I yield myself such time as I may
consume.
Mr. Chairman, as we wrap up this debate, I know a lot of people are
wondering what is the big deal about cybersecurity; and my own wife,
Marianne, who is frequently at the computer when I am home, says that
we have to do a better job of explaining the importance of this, and
she is absolutely right.
So much of what we do in this Nation is dependent upon the security
of our computer systems. Everything is dependent upon computer
technology today: our financial networks, our communication systems,
our electric power grid, our water supply. The list goes on and on. If
we have a clever 15-year-old hacker penetrate that system, that is
mischief. But when we have a terrorist with a potential to penetrate
that system and misuse it, that is serious business.
What we are about is very serious business: to train skilled people
and to place the emphasis that needs to be placed on protecting our
cybersystem in every way, shape, or manner. That is why I am so pleased
that the administration has worked so well with us; that this Committee
on Science has done what it does traditionally on a bipartisan basis,
with people like the gentleman from Washington (Mr. Baird), the
gentleman from Texas (Mr. Hall), and the gentlewoman from Texas (Ms.
Eddie Bernice Johnson) working with our side.
We are all in this together. We want to produce a product that is
best for this Congress and best for America; and we have done so, and I
am proud to be identified with it.
Mr. Chairman, I have no further requests for time, and I yield back
the balance of my time.
Mr. BAIRD. Mr. Chairman, I yield myself such time as I may consume.
Mr. Chairman, I would just like to close as well by reiterating my
thanks to Chairman Boehlert, Chairwoman Morella, Ranking Member Hall,
as well as the committee staff.
[[Page H211]]
Chairman Boehlert has stated it perfectly well: the American public
often takes for granted our information infrastructure; but a
coordinated attack on, for example, air traffic control, electrical
power systems, or other major vital links in our information
infrastructure, particularly if timed with a more conventional or even
a more unconventional attack, could wreak havoc on our society and
would clearly cost lives.
The importance of this bill cannot be overstated, and I commend the
Chair and the ranking member for their leadership and appreciate the
opportunity to work with them.
Mr. Chairman, I yield back the balance of my time.
The CHAIRMAN. All time for general debate has expired.
The bill shall be considered by sections as an original bill for the
purpose of amendment, and pursuant to the rule, each section is
considered read.
During consideration of the bill for amendment, the Chair may accord
priority in recognition to a Member offering an amendment that he has
printed in the designated place in the Congressional Record. Those
amendments will be considered read.
The Clerk will designate section 1.
The text of section 1 is as follows:
H.R. 3394
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cyber Security Research and
Development Act''.
SEC. 2. FINDINGS.
The Congress finds the following:
(1) Revolutionary advancements in computing and
communications technology have interconnected government,
commercial, scientific, and educational infrastructures--
including critical infrastructures for electric power,
natural gas and petroleum production and distribution,
telecommunications, transportation, water supply, banking and
finance, and emergency and government services--in a vast,
interdependent physical and electronic network.
(2) Exponential increases in interconnectivity have
facilitated enhanced communications, economic growth, and the
delivery of services critical to the public welfare, but have
also increased the consequences of temporary or prolonged
failure.
(3) A Department of Defense Joint Task Force concluded
after a 1997 United States information warfare exercise that
the results ``clearly demonstrated our lack of preparation
for a coordinated cyber and physical attack on our critical
military and civilian infrastructure''.
(4) Computer security technology and systems implementation
lack--
(A) sufficient long term research funding;
(B) adequate coordination across Federal and State
government agencies and among government, academia, and
industry;
(C) sufficient numbers of outstanding researchers in the
field; and
(D) market incentives for the design of commercial and
consumer security solutions.
(5) Accordingly, Federal investment in computer and network
security research and development must be significantly
increased to--
(A) improve vulnerability assessment and technological and
systems solutions;
(B) expand and improve the pool of information security
professionals, including researchers, in the United States
workforce; and
(C) better coordinate information sharing and collaboration
among industry, government, and academic research projects.
SEC. 3. DEFINITIONS.
For purposes of this Act--
(1) the term ``Director'' means the Director of the
National Science Foundation; and
(2) the term ``institution of higher education'' has the
meaning given that term in section 101 ofthe Higher Education
Act of 1965 (20 U.S.C. 1001).
SEC. 4. NATIONAL SCIENCE FOUNDATION RESEARCH.
(a) Computer and Network Security Research Grants.--
(1) In general.--The Director shall award grants for basic
research on innovative approaches to the structure of
computer and network hardware and software that are aimed at
enhancing computer security. Research areas may include--
(A) authentication and cryptography;
(B) computer forensics and intrusion detection;
(C) reliability of computer and network applications,
middleware, operating systems, and communications
infrastructure; and
(D) privacy and confidentiality.
(2) Merit review; competition.--Grants shall be awarded
under this section on a merit-reviewed competitive basis.
(3) Authorization of appropriations.--There are authorized
to be appropriated to the National Science Foundation to
carry out this subsection--
(A) $35,000,000 for fiscal year 2003;
(B) $40,000,000 for fiscal year 2004;
(C) $46,000,000 for fiscal year 2005;
(D) $52,000,000 for fiscal year 2006; and
(E) $60,000,000 for fiscal year 2007.
(b) Computer and Network Security Research Centers.--
(1) In general.--The Director shall award multiyear grants,
subject to the availability of appropriations, to
institutions of higher education (or consortia thereof) to
establish multidisciplinary Centers for Computer and Network
Security Research. Institutions of higher education (or
consortia thereof) receiving such grants may partner with one
or more government laboratories or for-profit institutions.
(2) Merit review; competition.--Grants shall be awarded
under this subsection on a merit-reviewed competitive basis.
(3) Purpose.--The purpose of the Centers shall be to
generate innovative approaches to computer and network
security by conducting cutting-edge, multidisciplinary
research in computer and network security, including the
research areas described in subsection (a)(1).
(4) Applications.--An institution of higher education (or a
consortium of such institutions) seeking funding under this
subsection shall submit an application to the Director at
such time, in such manner, and containing such information as
the Director may require. The application shall include, at a
minimum, a description of--
(A) the research projects that will be undertaken by the
Center and the contributions of each of the participating
entities;
(B) how the Center will promote active collaboration among
scientists and engineers from different disciplines, such as
computer scientists, engineers, mathematicians, and social
science researchers; and
(C) how the Center will contribute to increasing the number
of computer and network security researchers and other
professionals.
(5) Criteria.--In evaluating the applications submitted
under paragraph (4), the Director shall consider, at a
minimum--
(A) the ability of the applicant to generate innovative
approaches to computer and network security and effectively
carry out the research program;
(B) the experience of the applicant in conducting research
on computer and network security and the capacity of the
applicant to foster new multidisciplinary collaborations;
(C) the capacity of the applicant to attract and provide
adequate support for undergraduate and graduate students and
postdoctoral fellows to pursue computer and network security
research; and
(D) the extent to which the applicant will partner with
government laboratories or for-profit entities, and the role
the government laboratories or for-profit entities will play
in the research undertaken by the Center.
(6) Annual meeting.--The Director shall convene an annual
meeting of the Centers in order to foster collaboration and
communication between Center participants.
(7) Authorization of appropriations.--There are authorized
to be appropriated for the National Science Foundation to
carry out this subsection--
(A) $12,000,000 for fiscal year 2003;
(B) $24,000,000 for fiscal year 2004;
(C) $36,000,000 for fiscal year 2005;
(D) $36,000,000 for fiscal year 2006; and
(E) $36,000,000 for fiscal year 2007.
SEC. 5. NATIONAL SCIENCE FOUNDATION COMPUTER AND NETWORK
SECURITY PROGRAMS.
(a) Computer and Network Security Capacity Building
Grants.--
(1) In general.--The Director shall establish a program to
award grants to institutions of higher education (or
consortia thereof) to establish or improve undergraduate and
master's degree programs in computer and network security, to
increase the number of students who pursue undergraduate or
master's degrees in fields related to computer and network
security, and to provide students with experience in
government or industry related to their computer and network
security studies.
(2) Merit review.--Grants shall be awarded under this
subsection on a merit-reviewed competitive basis.
(3) Use of funds.--Grants awarded under this subsection
shall be used for activities that enhance the ability of an
institution of higher education (or consortium thereof) to
provide high-quality undergraduate and master's degree
programs in computer and network security and to recruit and
retain increased numbers of students to such programs.
Activities may include--
(A) revising curriculum to better prepare undergraduate and
master's degree students for careers in computer and network
security;
(B) establishing degree and certificate programs in
computer and network security;
(C) creating opportunities for undergraduate students to
participate in computer and network security research
projects;
(D) acquiring equipment necessary for student instruction
in computer and network security, including the installation
of testbed networks for student use;
(E) providing opportunities for faculty to work with local
or Federal Government agencies, private industry, or other
academic institutions to develop new expertise or to
formulate new research directions in computer and network
security;
(F) establishing collaborations with other academic
institutions or departments that seek to establish, expand,
or enhance programs in computer and network security;
[[Page H212]]
(G) establishing student internships in computer and
network security at government agencies or in private
industry;
(H) establishing or enhancing bridge programs in computer
and network security between community colleges and
universities; and
(I) any other activities the Director determines will
accomplish the goals of this subsection.
(4) Selection process.--
(A) Application.--An institution of higher education (or a
consortium thereof) seeking funding under this subsection
shall submit an application to the Director at such time, in
such manner, and containing such information as the Director
may require. The application shall include, at a minimum--
(i) a description of the applicant's computer and network
security research and instructional capacity, and in the case
of an application from a consortium of institutions of higher
education, a description of the role that each member will
play in implementing the proposal;
(ii) a comprehensive plan by which the institution or
consortium will build instructional capacity in computer and
information security;
(iii) a description of relevant collaborations with
government agencies or private industry that inform the
instructional program in computer and network security;
(iv) a survey of the applicant's historic student
enrollment and placement data in fields related to computer
and network security and a study of potential enrollment and
placement for students enrolled in the proposed computer and
network security program; and
(v) a plan to evaluate the success of the proposed computer
and network security program, including post-graduation
assessment of graduate school and job placement and retention
rates as well as the relevance of the instructional program
to graduate study and to the workplace.
(B) Awards.--(i) The Director shall ensure, to the extent
practicable, that grants are awarded under this subsection in
a wide range of geographic areas and categories of
institutions of higher education.
(ii) The Director shall award grants under this subsection
for a period not to exceed 5 years.
(5) Assessment required.--The Director shall evaluate the
program established under this subsection no later than 6
years after the establishment of the program. At a minimum,
the Director shall evaluate the extent to which the grants
achieved their objectives of increasing the quality and
quantity of students pursuing undergraduate or master's
degrees in computer and network security.
(6) Authorization of appropriations.--There are authorized
to be appropriated to the National Science Foundation to
carry out this subsection--
(A) $15,000,000 for fiscal year 2003;
(B) $20,000,000 for fiscal year 2004;
(C) $20,000,000 for fiscal year 2005;
(D) $20,000,000 for fiscal year 2006; and
(E) $20,000,000 for fiscal year 2007.
(b) Scientific and Advanced Technology Act of 1992.--
(1) Grants.--The Director shall provide grants under the
Scientific and Advanced Technology Act of 1992 for the
purposes of section 3(a) and (b) of that Act, except that the
activities supported pursuant to this subsection shall be
limited to improving education in fields related to computer
and network security.
(2) Authorization of appropriations.--There are authorized
to be appropriated to the National Science Foundation to
carry out this subsection--
(A) $1,000,000 for fiscal year 2003;
(B) $1,250,000 for fiscal year 2004;
(C) $1,250,000 for fiscal year 2005;
(D) $1,250,000 for fiscal year 2006; and
(E) $1,250,000 for fiscal year 2007.
(c) Graduate Traineeships in Computer and Network Security
Research.--
(1) In general.--The Director shall establish a program to
award grants to institutions of higher education to establish
traineeship programs for graduate students who pursue
computer and network security research leading to a doctorate
degree by providing funding and other assistance, and by
providing graduate students with research experience in
government or industry related to the students' computer and
network security studies.
(2) Merit review.--Grants shall be provided under this
subsection on a merit-reviewed competitive basis.
(3) Use of funds.--An institution of higher education shall
use grant funds for the purposes of--
(A) providing fellowships to students who are citizens,
nationals, or lawfully admitted permanent resident aliens of
the United States and are pursuing research in computer or
network security leading to a doctorate degree;
(B) paying tuition and fees for students receiving
fellowships under subparagraph (A);
(C) establishing scientific internship programs for
students receiving fellowships under subparagraph (A) in
computer and network security at for-profit institutions or
government laboratories; and
(D) other costs associated with the administration of the
program.
(4) Fellowship amount.--Fellowships provided under
paragraph (3)(A) shall be in the amount of $25,000 per year,
or the level of the National Science Foundation Graduate
Research Fellowships, whichever is greater, for up to 3
years.
(5) Selection process.--An institution of higher education
seeking funding under this subsection shall submit an
application to the Director at such time, in such manner, and
containing such information as the Director may require. The
application shall include, at a minimum, a description of--
(A) the instructional program and research opportunities in
computer and network security available to graduate students
at the applicant's institution; and
(B) the internship program to be established, including the
opportunities that will be made available to students for
internships at for-profit institutions and government
laboratories.
(6) Review of applications.--In evaluating the applications
submitted under paragraph (5), the Director shall consider--
(A) the ability of the applicant to effectively carry out
the proposed program;
(B) the quality of the applicant's existing research and
education programs;
(C) the likelihood that the program will recruit increased
numbers of students to pursue and earn doctorate degrees in
computer and network security;
(D) the nature and quality of the internship program
established through collaborations with government
laboratories and for-profit institutions;
(E) the integration of internship opportunities into
graduate students' research; and
(F) the relevance of the proposed program to current and
future computer and network security needs.
(7) Authorization of appropriations.--There are authorized
to be appropriated to the National Science Foundation to
carry our this subsection--
(A) $10,000,000 for fiscal year 2003;
(B) $20,000,000 for fiscal year 2004;
(C) $20,000,000 for fiscal year 2005;
(D) $20,000,000 for fiscal year 2006; and
(E) $20,000,000 for fiscal year 2007.
(d) Graduate Research Fellowships Program Support.--
Computer and network security shall be included among the
fields of specialization supported by the National Science
Foundation's Graduate Research Fellowships program under
section 10 of the National Science Foundation Act of 1950 (42
U.S.C. 1869).
SEC. 6. CONSULTATION.
In carrying out sections 4 and 5, the Director shall
consult with other Federal agencies.
SEC. 7. FOSTERING RESEARCH AND EDUCATION IN COMPUTER AND
NETWORK SECURITY.
Section 3(a) of the National Science Foundation Act of 1950
(42 U.S.C. 1862(a)) is amended--
(1) by striking ``and'' at the end of paragraph (6);
(2) by striking the period at the end of paragraph (7) and
inserting ``; and''; and
(3) by adding at the end the following new paragraph:
``(8) to take a leading role in fostering and supporting
research and education activities to improve the security of
networked information systems.''.
SEC. 8. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
RESEARCH PROGRAM.
The National Institute of Standards and Technology Act is
amended--
(1) by moving section 22 to the end of the Act and
redesignating it as section 32;
(2) by inserting after section 21 the following new
section:
``research program on security of computer systems
``Sec. 22. (a) Establishment.--The Director shall establish
a program of assistance to institutions of higher education
that enter into partnerships with for-profit entities to
support research to improve the security of computer systems.
The partnerships may also include government laboratories.
The program shall--
``(1) include multidisciplinary, long-term, high-risk
research;
``(2) include research directed toward addressing needs
identified through the activities of the Computer System
Security and Privacy Advisory Board under section 20(f); and
``(3) promote the development of a robust research
community working at the leading edge of knowledge in subject
areas relevant to the security of computer systems by
providing support for graduate students, post-doctoral
researchers, and senior researchers.
``(b) Fellowships.--(1) The Director is authorized to
establish a program to award post-doctoral research
fellowships to individuals who are citizens, nationals, or
lawfully admitted permanent resident aliens of the
United States and are seeking research positions at
institutions, including the Institute, engaged in research
activities related to the security of computer systems,
including the research areas described in section 4(a)(1)
of the Cyber Security Research and Development Act.
``(2) The Director is authorized to establish a program to
award senior research fellowships to individuals seeking
research positions at institutions, including the Institute,
engaged in research activities related to the security of
computer systems, including the research areas described in
section 4(a)(1) of the Cyber Security Research and
Development Act. Senior research fellowships shall be made
available for established researchers at institutions of
higher education who seek to change research fields and
pursue studies related to the security of computer systems.
``(3)(A) To be eligible for an award under this subsection,
an individual shall submit
[[Page H213]]
an application to the Director at such time, in such manner,
and containing such information as the Director may require.
``(B) Under this subsection, the Director is authorized to
provide stipends for post-doctoral research fellowships at
the level of the Institute's Post Doctoral Research
Fellowship Program and senior research fellowships at levels
consistent with support for a faculty member in a sabbatical
position.
``(c) Awards; Applications.--The Director is authorized to
award grants or cooperative agreements to institutions of
higher education to carry out the program established under
subsection (a). To be eligible for an award under this
section, an institution of higher education shall submit an
application to the Director at such time, in such manner, and
containing such information as the Director may require. The
application shall include, at a minimum, a description of--
``(1) the number of graduate students anticipated to
participate in the research project and the level of support
to be provided to each;
``(2) the number of post-doctoral research positions
included under the research project and the level of support
to be provided to each;
``(3) the number of individuals, if any, intending to
change research fields and pursue studies related to the
security of computer systems to be included under the
research project and the level of support to be provided to
each; and
``(4) how the for-profit entities and any other partners
will participate in developing and carrying out the research
and education agenda of the partnership.
``(d) Program Operation.--(1) The program established under
subsection (a) shall be managed by individuals who shall have
both expertise in research related to the security of
computer systems and knowledge of the vulnerabilities of
existing computer systems. The Director shall designate such
individuals as program managers.
``(2) Program managers designated under paragraph (1) may
be new or existing employees of the Institute or individuals
on assignment at the Institute under the Intergovernmental
Personnel Act of 1970.
``(3) Program managers designated under paragraph (1) shall
be responsible for--
``(A) establishing and publicizing the broad research goals
for the program;
``(B) soliciting applications for specific research
projects to address the goals developed under subparagraph
(A);
``(C) selecting research projects for support under the
program from among applications submitted to the Institute,
following consideration of--
``(i) the novelty and scientific and technical merit of the
proposed projects;
``(ii) the demonstrated capabilities of the individual or
individuals submitting the applications to successfully carry
out the proposed research;
``(iii) the impact the proposed projects will have on
increasing the number of computer security researchers;
``(iv) the nature of the participation by for-profit
entities and the extent to which the proposed projects
address the concerns of industry; and
``(v) other criteria determined by the Director, based on
information specified for inclusion in applications under
subsection (c); and
``(D) monitoring the progress of research projects
supported under the program.
``(e) Review of Program.--(1) The Director shall
periodically review the portfolio of research awards
monitored by each program manager designated in accordance
with subsection (d). In conducting those reviews, the
Director shall seek the advice of the Computer System
Security and Privacy Advisory Board, established under
section 21, on the appropriateness of the research goals and
on the quality and utility of research projects managed by
program managers in accordance with subsection (d).
``(2) The Director shall also contract with the National
Research Council for a comprehensive review of the program
established under subsection (a) during the 5th year of the
program. Such review shall include an assessment of the
scientific quality of the research conducted, the relevance
of the research results obtained to the goals of the program
established under subsection (d)(3)(A), and the progress of
the program in promoting the development of a substantial
academic research community working at the leading edge of
knowledge in the field. The Director shall submit to Congress
a report on the results of the review under this paragraph no
later than six years after the initiation of the program.
``(f) Definitions.--For purposes of this section--
``(1) the term `computer system' has the meaning given that
term in section 20(d)(1); and
``(2) the term `institution of higher education' has the
meaning given that term in section 101 of the Higher
Education Act of 1965 (20 U.S.C. 1001).''; and
(3) in section 20(d)(1)(B)(i) (15 U.S.C. 278g-
3(d)(1)(B)(i)), by inserting ``and computer networks'' after
``computers''.
SEC. 9. COMPUTER SECURITY REVIEW, PUBLIC MEETINGS, AND
INFORMATION.
Section 20 of the National Institute of Standards and
Technology Act (15 U.S.C. 278g-3) is amended by adding at the
end the following new subsection:
``(f) There are authorized to be appropriated to the
Secretary $1,060,000 for fiscal year 2003 and $1,090,000 for
fiscal year 2004 to enable the Computer System Security and
Privacy Advisory Board, established by section 21, to
identify emerging issues, including research needs, related
to computer security, privacy, and cryptography and, as
appropriate, to convene public meetings on those subjects,
receive presentations, and publish reports, digests, and
summaries for public distribution on those subjects.''.
SEC. 10. INTRAMUTAL SECURITY RESEARCH.
Section 20 of the National Institute of Standards and
Technology Act (15 U.S.C. 278g-3) is further amended--
(1) by redesignating subsection (d) as subsection (e); and
(2) by inserting after subsection (c) the following new
subsection:
``(d) As part of the research activities conducted in
accordance with subsection (b)(4), the Institute shall--
``(1) conduct a research program to address emerging
technologies associated with assembling a networked computer
system from components while ensuring it maintains desired
security properties;
``(2) carry out research and support standards development
activities associated with improving the security of real-
time computing and communications systems for use in process
control; and
``(3) carry out multidisciplinary, long-term, high-risk
research on ways to improve the security of computer
systems.''.
SEC. 11. AUTHORIZATION OF APPROPRIATIONS.
There are authorized to be appropriated to the Secretary of
Commerce for the National Institute of Standards and
Technology--
(1) for activities under section 22 of the National
Institute of Standards and Technology Act, as added by
section 8 of this Act--
(A) $25,000,000 for fiscal year 2003;
(B) $40,000,000 for fiscal year 2004;
(C) $55,000,000 for fiscal year 2005;
(D) $70,000,000 for fiscal year 2006;
(E) $85,000,000 for fiscal year 2007; and
(F) such sums as may be necessary for fiscal years 2008
through 2012; and
(2) for activities under section 20(d) of the National
Institute of Standards and Technology Act, as added by
section 10 of this Act--
(A) $6,000,000 for fiscal year 2003;
(B) $6,200,000 for fiscal year 2004;
(C) $6,400,000 for fiscal year 2005;
(D) $6,600,000 for fiscal year 2006; and
(E) $6,800,000 for fiscal year 2007.
SEC. 12. NATIONAL ACADEMY OF SCIENCES STUDY ON COMPUTER AND
NETWORK SECURITY IN CRITICAL INFRASTRUCTURES.
(a) Study.--Not later than 3 months after the date of the
enactment of this Act, the Director of the National Institute
of Standards and Technology shall enter into an arrangement
with the National Research Council of the National Academy of
Sciences to conduct a study of the vulnerabilities of the
Nation's network infrastructure and make recommendations for
appropriate improvements. The National Research Council
shall--
(1) review existing studies and associated data on the
architectural, hardware, and software vulnerabilities and
interdependencies in United States critical infrastructure
networks;
(2) identify and assess gaps in technical capability for
robust critical infrastructure network security, and make
recommendations for research priorities and resource
requirements; and
(3) review any and all other essential elements of computer
and network security, including security of industrial
process controls, to be determined in the conduct of the
study.
(b) Report.--The Director of the National Institute of
Standards and Technology shall transmit a report containing
the results of the study and recommendations required by
subsection (a) to the Congress not later than 21 months after
the date of enactment of this Act.
(c) Security.--The Director of the National Institute of
Standards and Technology shall ensure that no information
that is classified is included in any publicly released
version of the report required by this section.
(d) Authorization of Appropriations.--There are authorized
to be appropriated to the Secretary of Commerce for the
National Institute of Standards and Technology for the
purposes of carrying out this section, $700,000.
Mr. BOEHLERT (during the reading). Mr. Chairman, I ask unanimous
consent that the remainder of the bill be printed in the Record and
open to amendment at any point.
The CHAIRMAN. Is there objection to the request of the gentleman from
New York?
There was no objection.
The CHAIRMAN. Are there any amendments to the bill?
If not, under the rule, the Committee rises.
Mr. FORBES. Mr. Chairman, I rise today in strong support of the Cyber
Security Research and Development Act, which will help the United
States reduce its vulnerability to cyberattacks by terrorists and
common criminals alike.
Cyber attacks may not bring the large scale death and destruction of
attacks by biological or chemical agents or other weapons of mass
destruction, but they are just as real a threat
[[Page H214]]
to the American people. They hold the power to disrupt our way of life,
harm people's personal interests, and cause tremendous losses for
businesses.
Computers have become increasingly ubiquitous. More than half of all
American use the Internet, with more than 2 million people going online
for the first time each month. Computer-based technology powers the way
we bank, the way we shop, and the way we exchange information. And,
this makes nearly every American vulnerable to cyber threats.
The Cyber Security Research and Development Act will reduce that
vulnerability in two ways. First, it will improve our research efforts
so that we can stop cyber terrorists before they strike. Too few of our
most gifted minds are working on this area of research. The funding
available in this bill will power partnerships between the government
and academia to remedy this Second, H.R. 3394 will improve our
education programs so that average Americans can spot threats and react
quickly.
As a member of the Science Committee, I heard the testimony of
research experts who indicated how great the threat is and how much
could be achieved to defeat it if we dedicated ourselves to this goal.
That is why I am pleased to be a cosponsor of this legislation, and I
urge my colleagues to support it today.
Mr. RODRIGUEZ. Mr. Chairman, I rise today in support of H.R. 3394,
the Cyber Security Research and Development Act. This bill would
strengthen our nation's ability to protect the critical infrastructure
that supplies our water, keeps the electricity on in our homes, and
ensures that our law enforcement officials have communication
capabilities at all times.
San Antonio has been a leader in developing the type of technology
and educational programs made possible under this bill. A growing
partnership of educational, private enterprise and military expertise
make San Antonio ``Cyber City'' USA.
The University of Texas at San Antonio has developed the Center for
Infrastructure Assurance and Security to educate and train world-class
information technology professionals. With a faculty drawn from both
the private sector and the Air Force, this outstanding program will
produce skilled graduates ready to meet the growing shortage of
information technology professionals in the federal government and
private sector. It will also serve as a educational program for mid-
level professionals to improve their information technology job skills
needed for their current job, or help them retrain in the information
technology field.
San Antonio is also the home of the Information Technology and
Assurance Academy, an innovative educational center devoted to talented
11th and 12th graders interested in information technology. The Academy
will give these young minds an introduction to future career
opportunities in the information and technology field. In addition to
developing their interest in information technology, this program seeks
to instill a sense of civic responsibility that will serve them and the
community in which they live.
San Antonio has 45 private companies that have developed state-of-
the-art information assurance technology. These companies lead the
field in developing intrusion detection technology and providing
vulnerability assessments for both the private sector and the
government.
The military also has a world-class computer monitoring facility in
San Antonio. The Air Force's computer emergency response team, located
at Lackland Air Force Base, leads the DoD in intrusion technology, and
helps protect Air Force computer systems, 24 hours a day, 7 days a
week, around the globe. This system helps ensure that the computer
systems used by our Armed Forces to protect our nation are free from
hackers, viruses and other forms of cyber terrorism.
This bill would provide the nation with needed resources to fight the
war on cyber terrorism. Homeland security starts at the local level and
this bill would allow communities throughout the United States to
educate and train qualified information professionals in their
community and encourage research that would give the government and
private industry the tools to protect our nation's critical
infrastructure.
Ms. HART. Mr. Chairman, I rise today in support of H.R. 3394, the
Cyber Security Research and Development Act.
H.R. 3394, seeks to address the vulnerability of the computer systems
and networks that have become part of all our daily lives. It is all to
clear to us, that we must be proactive and defend these systems from
simple hackers to coordinated terrorist attacks.
At hearings on cyber security last year in the Science Committee, we
heard updates on research and development in that field. The news was
sobering. The information we were provided was that too little research
being conducted in this area, too few researchers were prepared to meet
the needs of securing our systems, too few students going into fields
relating to cyber security, and there was inadequate coordination
between government, academia and industry. This must change and we have
great resources in western Pennsylvania to help deliver these changes.
Carnegie Mellon University (CMU), just outside of my district, has
been a leader in the field of cyber security. In 2001, the National
Security Council named them as a ``Center of Excellence in Security
Education.'' Also, the CERT Coordination Center, a government-funded
computer emergency-response team at CMU, helps to track the risks and
frequencies of cyber crimes. According to the Center, there were 52,658
security breaches and attacks last year, up 50 percent from the
previous year. The Center also got reports of 2,437 computer
vulnerabilities, more than double the figures from the previous year.
While having success with students in the field of cyber security,
they, too, have expressed that deficiencies exist for cyber security.
This includes the lack of undergraduates and graduates who can provide
the necessary research.
The ``Cyber Security Research and Development Act'' provides help for
these areas by making grants available under National Science
Foundation (NSF) for: research in innovative computer and network
security; establishment of Centers for Computer and Network Security
research in partnership with other universities; enabling universities
to offer fellowships; and research in industry and other opportunities
for doctoral degrees. H.R. 3394 also provides grants to the National
Institute of Standards and Technology (NIST) for: support for high-
risk, cutting edge research by academics working with industry; and for
the establishment of a fellowship to increase its number of researchers
in computer and network security.
This important legislation will provide us with the necessary
investment in cyber security and needed support of existing resources,
so that we are not with out the necessary experts to protect our
critical computer infrastructure from terrorist attacks.
{time} 1130
Accordingly, the Committee rose; and the Speaker pro tempore (Mr.
Pickering) having assumed the chair, Mr. Sununu, Chairman of the
Committee of the Whole House on the State of the Union, reported that
that Committee, having had under consideration the bill (H.R. 3394) to
authorize funding for computer and network security research and
development and research fellowship programs, and for other purposes,
pursuant to House Resolution 343, he reported the bill back to the
House.
The SPEAKER pro tempore. Under the rule, the previous question is
ordered.
The question is on the engrossment and third reading of the bill.
The bill was ordered to be engrossed and read a third time, and was
read the third time.
The SPEAKER pro tempore. The question is on the passage of the bill.
The question was taken; and the Speaker pro tempore announced that
the ayes appeared to have it.
Mr. BOEHLERT. Mr. Speaker, I object to the vote on the ground that a
quorum is not present and make the point of order that a quorum is not
present.
The SPEAKER pro tempore. Evidently a quorum is not present.
The Sergeant at Arms will notify absent Members.
Pursuant to clause 8 of rule XX, this 15-minute vote on passage of
H.R. 3394 will be followed by a 5-minute vote, if ordered, on agreeing
to the Speaker's approval of the Journal.
The vote was taken by electronic device, and there were--yeas 400,
nays 12, not voting 23, as follows:
[Roll No. 13]
YEAS--400
Abercrombie
Ackerman
Aderholt
Allen
Andrews
Armey
Baca
Bachus
Baird
Baker
Baldacci
Baldwin
Ballenger
Barcia
Barr
Barrett
Bartlett
Barton
Bass
Becerra
Bentsen
Bereuter
Berkley
Berman
Berry
Biggert
Bilirakis
Bishop
Blumenauer
Blunt
Boehlert
Boehner
Bonilla
Bonior
Boozman
Borski
Boswell
Boucher
Boyd
Brady (PA)
Brady (TX)
Brown (FL)
Brown (OH)
Brown (SC)
Bryant
Burr
Buyer
Callahan
Calvert
Camp
Cannon
Cantor
Capito
Capps
Cardin
Carson (IN)
Carson (OK)
Castle
Chabot
Chambliss
Clay
Clayton
Clement
Clyburn
Coble
Combest
Condit
Conyers
Cooksey
Costello
Cox
Coyne
Cramer
Crane
Crenshaw
Crowley
Culberson
Cummings
Cunningham
Davis (CA)
Davis (FL)
[[Page H215]]
Davis (IL)
Davis, Jo Ann
Davis, Tom
Deal
DeFazio
DeGette
Delahunt
DeLauro
DeLay
DeMint
Deutsch
Diaz-Balart
Dicks
Dingell
Doggett
Dooley
Doolittle
Doyle
Dreier
Dunn
Edwards
Ehlers
Ehrlich
Emerson
Engel
English
Eshoo
Etheridge
Evans
Everett
Farr
Fattah
Ferguson
Filner
Fletcher
Foley
Forbes
Ford
Fossella
Frank
Frost
Gallegly
Ganske
Gekas
Gephardt
Gibbons
Gilchrest
Gillmor
Gilman
Gonzalez
Goode
Goodlatte
Gordon
Goss
Graham
Granger
Graves
Green (TX)
Green (WI)
Greenwood
Grucci
Gutierrez
Gutknecht
Hall (TX)
Hansen
Harman
Hart
Hastings (FL)
Hastings (WA)
Hayes
Hayworth
Herger
Hill
Hilliard
Hinchey
Hinojosa
Hobson
Hoeffel
Hoekstra
Holden
Holt
Honda
Hooley
Horn
Hostettler
Houghton
Hoyer
Hulshof
Hunter
Hyde
Inslee
Isakson
Israel
Issa
Istook
Jackson (IL)
Jackson-Lee (TX)
Jenkins
John
Johnson (CT)
Johnson (IL)
Johnson, E. B.
Johnson, Sam
Jones (OH)
Kanjorski
Kaptur
Keller
Kelly
Kennedy (MN)
Kennedy (RI)
Kerns
Kildee
Kilpatrick
Kind (WI)
King (NY)
Kirk
Kleczka
Knollenberg
Kolbe
Kucinich
LaFalce
LaHood
Lampson
Langevin
Lantos
Largent
Larsen (WA)
Larson (CT)
Latham
LaTourette
Leach
Lee
Levin
Lewis (CA)
Lewis (GA)
Lewis (KY)
Linder
Lipinski
LoBiondo
Lofgren
Lowey
Lucas (KY)
Lucas (OK)
Lynch
Maloney (CT)
Maloney (NY)
Manzullo
Markey
Mascara
Matheson
Matsui
McCarthy (MO)
McCarthy (NY)
McCollum
McCrery
McGovern
McHugh
McInnis
McIntyre
McKeon
McKinney
McNulty
Meehan
Meek (FL)
Meeks (NY)
Menendez
Mica
Millender-McDonald
Miller, Dan
Miller, Gary
Miller, George
Miller, Jeff
Mink
Mollohan
Moore
Moran (KS)
Moran (VA)
Morella
Murtha
Myrick
Nadler
Napolitano
Neal
Nethercutt
Ney
Northup
Nussle
Oberstar
Olver
Ortiz
Osborne
Ose
Otter
Owens
Oxley
Pallone
Pascrell
Pastor
Payne
Pelosi
Pence
Peterson (MN)
Peterson (PA)
Petri
Phelps
Pickering
Platts
Pombo
Pomeroy
Portman
Price (NC)
Pryce (OH)
Putnam
Quinn
Radanovich
Rahall
Ramstad
Rangel
Regula
Rehberg
Reyes
Reynolds
Rivers
Rodriguez
Roemer
Rogers (KY)
Rogers (MI)
Rohrabacher
Ros-Lehtinen
Ross
Rothman
Roybal-Allard
Rush
Ryun (KS)
Sabo
Sanchez
Sanders
Sandlin
Sawyer
Saxton
Schakowsky
Schiff
Schrock
Scott
Sensenbrenner
Serrano
Sessions
Shadegg
Shays
Sherman
Sherwood
Shimkus
Shows
Shuster
Simmons
Simpson
Skeen
Skelton
Smith (MI)
Smith (NJ)
Smith (TX)
Smith (WA)
Snyder
Souder
Spratt
Stark
Stearns
Stenholm
Strickland
Stump
Stupak
Sununu
Sweeney
Tanner
Tauscher
Tauzin
Taylor (MS)
Taylor (NC)
Terry
Thomas
Thompson (CA)
Thompson (MS)
Thornberry
Thune
Thurman
Tiahrt
Tiberi
Tierney
Toomey
Towns
Turner
Udall (CO)
Udall (NM)
Upton
Velazquez
Visclosky
Vitter
Walden
Walsh
Wamp
Watkins (OK)
Watson (CA)
Watt (NC)
Watts (OK)
Waxman
Weiner
Weldon (FL)
Weldon (PA)
Weller
Wexler
Wicker
Wilson (NM)
Wilson (SC)
Wolf
Woolsey
Wu
Wynn
Young (AK)
Young (FL)
NAYS--12
Akin
Collins
Duncan
Flake
Hefley
Jones (NC)
Kingston
Norwood
Paul
Royce
Schaffer
Tancredo
NOT VOTING--23
Blagojevich
Bono
Burton
Capuano
Cubin
Frelinghuysen
Hall (OH)
Hastert
Hilleary
Jefferson
Luther
McDermott
Obey
Pitts
Riley
Roukema
Ryan (WI)
Shaw
Slaughter
Solis
Traficant
Waters
Whitfield
{time} 1152
Messrs. AKIN, HEFLEY and NORWOOD changed their vote from ``yea'' to
``nay.''
So the bill was passed.
The result of the vote was announced as above recorded.
A motion to reconsider was laid on the table.
Stated for:
Ms. SOLIS. Mr. Speaker, during rollcall vote No. 13 on February 7,
2002, the voting machine malfunctioned and did not record my vote. Had
it registered my vote, I would have voted ``yea.''
____________________
[Congressional Record: February 7, 2002 (House)]
[Page H204-H206]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr07fe02-60]
PROVIDING FOR CONSIDERATION OF H.R. 3394, CYBER SECURITY RESEARCH AND
DEVELOPMENT ACT
Mr. DIAZ-BALART. Mr. Speaker, by direction of the Committee on Rules,
I call up House Resolution 343 and ask for its immediate consideration.
The Clerk read the resolution, as follows:
H. Res. 343
Resolved, That at any time after the adoption of this
resolution the Speaker may, pursuant to clause 2(b) of rule
XVIII, declare the House resolved into the Committee of the
Whole House on the state of the Union for consideration of
the bill (H.R. 3394) to authorize funding for computer and
network security research and development and research
fellowship programs, and for other purposes. The first
reading of the bill shall be dispensed with. Points of order
against consideration of the bill for failure to comply with
clause 4(a) of rule XIII are waived. General debate shall be
confined to the bill and shall not exceed one hour equally
divided and controlled by the chairman and ranking minority
member of the Committee on Science. After general debate the
bill shall be considered for amendment under the five-minute
rule. Each section of the bill shall be considered as read.
During consideration of the bill for amendment, the Chairman
of the Committee of the Whole may accord priority in
recognition on the basis of whether the Member offering an
amendment has caused it to be printed in the portion of the
Congressional Record designated for that purpose in clause 8
of rule XVIII. Amendments so printed shall be considered as
read. At the conclusion of consideration of the bill for
amendment the Committee shall rise and report the bill to the
House with such amendments as may have been adopted. The
previous question shall be considered as ordered on the bill
and amendments thereto to final passage without intervening
motion except one motion to recommit with or without
instructions.
The SPEAKER pro tempore. The gentleman from Florida (Mr. Diaz-Balart)
is recognized for 1 hour.
Mr. DIAZ-BALART. Mr. Speaker, for the purpose of debate only, I yield
the customary 30 minutes to the gentleman from Florida (Mr. Hastings),
pending which I yield myself such time as I may consume. During
consideration of this resolution, all time yielded is for the purpose
of debate only.
(Mr. DIAZ-BALART asked and was given permission to revise and extend
his remarks.)
Mr. DIAZ-BALART. Mr. Speaker, House Resolution 343 is an open rule
providing for the consideration of H.R. 3394, the Cyber Security
Research and Development Act. The rule provides 1 hour of general
debate evenly divided and controlled by the chairman and ranking
minority member of the Committee on Science. This is a fair and open
rule that will provide every Member with the opportunity to offer
amendments, allowing Members ample time to debate the important issues
related to this legislation.
{time} 1015
Mr. Speaker, the attacks of September 11 have forced the American
people and this Congress to recognize that the threat of terror is
present on many fronts. To adequately protect the United States, we
must address all of our security vulnerabilities. This enormous task
includes securing our Nation's computer and communications
infrastructure.
The urgency with which we must proceed with regard to this
infrastructure has already been demonstrated. In 1997, the Pentagon
conducted an information warfare exercise to test the vulnerability of
the U.S. information infrastructure. The exercise consisted of 35
National Security Agency computer
[[Page H205]]
specialists using off-the-shelf technology to attack U.S. information
systems. The group of NSA specialists were able to attack and penetrate
government and commercial sites.
The next year, failure of the Galaxy 4 communications satellite
further demonstrated the effects that a cyberattack could have on our
information systems. The failure of Galaxy 4 disrupted credit card
purchases, ATM transactions, 90 percent of the Nation's pagers and
emergency communications. While studies have concluded that the United
States is vulnerable to cyberattacks, not enough has been done to
safeguard this sensitive information system.
This is of grave concern for the safety of the Nation. Just this past
Tuesday it was reported that since September 11 there has been a series
of cyberattacks that have targeted the Pentagon, the Department of
Energy, NASA and other agencies, resulting in the theft of vast
quantities of national defense research. One of the groups went as far
as declaring a ``cyber jihad'' against the United States.
We need only look 90 miles off the coast of Florida to see the
possibility of future attacks, Mr. Speaker. This past year the Director
of the Defense Intelligence Agency testified before the Senate
Permanent Select Committee on Intelligence that the Cuban regime could
initiate information warfare or computer network attacks that could
seriously disrupt the United States military.
That regime, which is the only one of the seven states on the State
Department's list of terrorist nations in our hemisphere, is believed
to share information with other terrorist states such as Iran, Libya
and Iraq. With its significant ties to fellow terrorist nations in the
Middle East, the Cuban regime has the ability to serve as a type of
forward-operating location for terror in our hemisphere.
The potential for cyberwarfare is real, and the underlying
legislation that we are going to address to date helps to address that
threat. H.R. 3394 is a bipartisan piece of legislation designed to
increase research efforts which are needed to fill the void in this
critical area. The legislation will task the National Science
Foundation and the National Institute of Standards and Technology to
coordinate a partnership with academic institutions to ensure that
information systems are secure in the United States.
This partnership will face the emerging threat by increasing the
amount of cybersecurity research being supported by the Federal
Government and by increasing the number of cybersecurity researchers in
the Nation. The bill will provide $878 million over 5 years to
implement new academic programs, provide grants and fellowships,
providing for the common defense of our Nation's technological
infrastructure.
The underlying legislation, as I stated before, is a product of
bipartisanship. It was reported out of the Committee on Science by
voice vote. It is a very important bill that focuses on obviously a
very important subject matter. As I stated before, Mr. Speaker, it is
an open rule. It is a fair rule. I urge my colleagues to support both
the rule and the underlying legislation.
Mr. Speaker, I reserve the balance of my time.
Mr. HASTINGS of Florida. Mr. Speaker, I yield myself such time as I
may consume, and I thank the gentleman from Florida for yielding me the
customary 30 minutes.
Mr. Speaker, I rise in support of the Cyber Security Research and
Development Act and in support of the rule. I want to especially
congratulate the Committee on Science chairman, the gentleman from New
York (Mr. Boehlert), and the ranking member, the gentleman from Texas
(Mr. Hall), for their very hard work on this bill and for their
recognition of the importance to the entire country of the necessary
investments in research that this bill funds.
Mr. Speaker, we all know that in 21st century America there is barely
a thing that we do that does not involve the computer. From simple e-
mail from a parent to a child in college, to computer-guided missiles
that fall precisely on their targets, computers are the very backbone
of our society today.
Currently, the vulnerability of our Nation's computer system to cyber
terrorism is great, as my friend from Florida has pointed out. This
bill is the first step in a long process to secure our Nation's
technological lifeblood.
In college I was a science major, and I well know the importance of
research and development in helping to solve this country's most
difficult problems. I also had the distinct honor to serve in Congress
on the Committee on Science, and I can tell you, Mr. Speaker, we have a
serious problem on our hands, and it is up to the emerging scientists
and engineers to fix it.
Why are they not doing it now? Because the Federal Government is not
providing enough resources nor offering the proper incentives. This
bill is a step forward to change this pattern for years to come.
For just a moment I want to discuss a portion of the bill relating to
minority participation in the programs created in this bill. I was
going to offer an amendment, and I shall not in light of discussions
that I had with the Chair of the Black Caucus, and report language that
seemingly covers some of what I had in mind.
In particular, I want to commend the Chair of the Congressional Black
Caucus, the gentlewoman from Texas (Ms. Eddie Bernice Johnson), for her
very hard work on this issue.
A report of the National Science Foundation reveals that blacks,
Hispanics and Native Americans comprise 23 percent of the population,
but earn on a whole only 14.2 percent of the bachelor's degrees, 8.1
percent of the master's degrees and 5 percent of the doctorate degrees
in science and engineering. This bill gives the NSF and the National
Institute of Standards and Technology the tools to correct the
imbalances uncovered in their own studies showing, as throughout
government, that minorities are not being hired at a pace that they
should, and that the process itself is so extraordinary that it makes
it difficult for people to even accomplish the standards that are set
forth.
If, Mr. Speaker, we are to ensure American security from terrorist
threats, we will need to mobilize all of the human resources available.
That includes minority Americans.
Again, I congratulate the gentlewoman from Texas (Ms. Eddie Bernice
Johnson), the gentleman from New York (Chairman Boehlert), the ranking
member, the gentleman from Texas (Mr. Hall), and the rest of the
Committee on Science for their recognition of that need and their
attempts to address it.
Mr. Speaker, this is a necessary bill. It has earned the bipartisan
support of the Committee on Science, and I would suggest that it
deserves the same bipartisan support here on the floor of the House of
Representatives.
Mr. Speaker, I yield back the balance of my time.
Mr. DIAZ-BALART. Mr. Speaker, I yield myself such time as I may
consume.
Mr. Speaker, I again reiterate my strong support for the underlying
legislation, as well the rule before us.
Mr. Speaker, I have no further requests for time, I yield back the
balance of my time, and I move the previous question on the resolution.
The previous question was ordered.
The SPEAKER pro tempore (Mr. Sununu). The question is on the
resolution.
The question was taken; and the Speaker pro tempore announced that
the ayes appeared to have it.
Mr. HASTINGS of Florida. Mr. Speaker, I object to the vote on the
ground that a quorum is not present and make the point of order that a
quorum is not present.
The SPEAKER pro tempore. Evidently a quorum is not present.
The Sergeant at Arms will notify absent Members.
The vote was taken by electronic device, and there were--yeas 392,
nays 0, not voting 43, as follows:
[Roll No. 12]
YEAS--392
Abercrombie
Ackerman
Aderholt
Akin
Allen
Andrews
Armey
Baca
Bachus
Baird
Baker
Baldacci
Baldwin
Ballenger
Barcia
Barr
Barrett
Bartlett
Bass
Becerra
Bentsen
Bereuter
Berkley
Berman
Berry
Biggert
Bilirakis
Bishop
Blumenauer
Blunt
Boehlert
Boehner
Bonilla
Bonior
Boozman
Borski
Boswell
Boucher
Boyd
Brady (PA)
Brady (TX)
Brown (FL)
[[Page H206]]
Brown (OH)
Brown (SC)
Bryant
Buyer
Callahan
Calvert
Camp
Cannon
Cantor
Capito
Capps
Cardin
Carson (IN)
Carson (OK)
Castle
Chabot
Chambliss
Clayton
Clement
Clyburn
Coble
Collins
Combest
Condit
Conyers
Cooksey
Costello
Cox
Coyne
Cramer
Crane
Crenshaw
Crowley
Culberson
Cummings
Cunningham
Davis (CA)
Davis (FL)
Davis (IL)
Davis, Jo Ann
Davis, Tom
Deal
DeFazio
DeGette
Delahunt
DeLauro
DeLay
DeMint
Deutsch
Diaz-Balart
Dicks
Dingell
Doggett
Dooley
Doolittle
Doyle
Dreier
Duncan
Dunn
Edwards
Ehlers
Ehrlich
Emerson
Engel
English
Eshoo
Etheridge
Everett
Farr
Ferguson
Filner
Flake
Fletcher
Foley
Forbes
Ford
Fossella
Frank
Frost
Gallegly
Ganske
Gekas
Gephardt
Gibbons
Gilchrest
Gillmor
Gilman
Gonzalez
Goodlatte
Gordon
Goss
Graham
Granger
Graves
Green (TX)
Green (WI)
Greenwood
Grucci
Gutierrez
Gutknecht
Hall (TX)
Hansen
Harman
Hart
Hastings (FL)
Hastings (WA)
Hayes
Hayworth
Hefley
Herger
Hill
Hilliard
Hinchey
Hinojosa
Hobson
Hoeffel
Hoekstra
Holden
Holt
Honda
Hooley
Horn
Hostettler
Houghton
Hoyer
Hulshof
Hunter
Inslee
Isakson
Israel
Issa
Istook
Jackson (IL)
Jackson-Lee (TX)
Jenkins
John
Johnson (CT)
Johnson (IL)
Johnson, E. B.
Johnson, Sam
Jones (NC)
Jones (OH)
Kanjorski
Keller
Kelly
Kennedy (MN)
Kennedy (RI)
Kerns
Kildee
Kilpatrick
Kind (WI)
King (NY)
Kingston
Kirk
Knollenberg
Kolbe
Kucinich
LaFalce
LaHood
Lampson
Langevin
Lantos
Larsen (WA)
Larson (CT)
Latham
LaTourette
Leach
Lee
Levin
Lewis (CA)
Lewis (GA)
Lewis (KY)
Lipinski
LoBiondo
Lofgren
Lowey
Lucas (KY)
Lynch
Maloney (CT)
Manzullo
Markey
Mascara
Matheson
Matsui
McCarthy (MO)
McCarthy (NY)
McCollum
McCrery
McGovern
McHugh
McInnis
McIntyre
McKeon
McNulty
Meehan
Meek (FL)
Meeks (NY)
Menendez
Mica
Millender-McDonald
Miller, Dan
Miller, Gary
Miller, George
Miller, Jeff
Mink
Mollohan
Moran (KS)
Moran (VA)
Morella
Murtha
Myrick
Nadler
Napolitano
Neal
Nethercutt
Ney
Norwood
Nussle
Oberstar
Olver
Ortiz
Osborne
Ose
Otter
Owens
Oxley
Pallone
Pascrell
Pastor
Paul
Payne
Pelosi
Pence
Peterson (MN)
Peterson (PA)
Petri
Phelps
Pickering
Platts
Pombo
Pomeroy
Portman
Price (NC)
Pryce (OH)
Putnam
Quinn
Radanovich
Rahall
Ramstad
Rangel
Regula
Rehberg
Reyes
Reynolds
Rivers
Rodriguez
Roemer
Rogers (KY)
Rogers (MI)
Rohrabacher
Ros-Lehtinen
Ross
Rothman
Roybal-Allard
Royce
Rush
Ryun (KS)
Sabo
Sanchez
Sanders
Sandlin
Sawyer
Saxton
Schaffer
Schakowsky
Schiff
Schrock
Scott
Sensenbrenner
Serrano
Sessions
Shadegg
Shays
Sherman
Sherwood
Shimkus
Shows
Shuster
Simmons
Simpson
Skeen
Skelton
Smith (MI)
Smith (NJ)
Smith (TX)
Smith (WA)
Snyder
Solis
Souder
Spratt
Stark
Stearns
Stenholm
Strickland
Stump
Stupak
Sununu
Sweeney
Tancredo
Tanner
Tauscher
Taylor (MS)
Taylor (NC)
Terry
Thomas
Thompson (CA)
Thompson (MS)
Thornberry
Thune
Thurman
Tiahrt
Tiberi
Tierney
Toomey
Towns
Turner
Udall (CO)
Udall (NM)
Upton
Velazquez
Visclosky
Vitter
Walden
Walsh
Wamp
Watkins (OK)
Watson (CA)
Watt (NC)
Watts (OK)
Waxman
Weiner
Weller
Wexler
Wicker
Wilson (SC)
Wolf
Woolsey
Wu
Wynn
Young (FL)
NOT VOTING--43
Barton
Blagojevich
Bono
Burr
Burton
Capuano
Clay
Cubin
Evans
Fattah
Frelinghuysen
Goode
Hall (OH)
Hastert
Hilleary
Hyde
Jefferson
Kaptur
Kleczka
Largent
Linder
Lucas (OK)
Luther
Maloney (NY)
McDermott
McKinney
Moore
Northup
Obey
Pitts
Riley
Roukema
Ryan (WI)
Shaw
Slaughter
Tauzin
Traficant
Waters
Weldon (FL)
Weldon (PA)
Whitfield
Wilson (NM)
Young (AK)
{time} 1047
So the resolution was agreed to.
The result of the vote was announced as above recorded.
A motion to reconsider was laid on the table.
Stated for:
Mr. BARTON of Texas. Mr. Speaker, on rollcall No. 12 I was
inadvertently detained. Had I been present, I would have voted ``yea.''
____________________
[Congressional Record: February 7, 2002 (House)]
[Page H216]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr07fe02-64]
PERSONAL EXPLANATION
Mr. RILEY. Mr. Speaker, I was unavoidably detained for rollcall No.
12, H. Res. 343, on Agreeing to the Resolution, Providing for
consideration of H.R. 3394, the Cyber Security Research and Development
Act. Had I been present, I would have voted ``yea.''
I was also unavoidably detained for rollcall No. 13, H.R. 3394, the
Cyber Security Research and Development Act. Had I been present, I
would have voted ``yea.''
I was also unavoidably detained for rollcall No. 14, Approving the
Journal of the House. Had I been present, I would have voted ``aye.''
____________________