House Rules Committee Sets Rule for HR 5743

Yesterday I noted that the House Rules Committee would meet today to set up the rule for the consideration of HR 5743, the Intelligence Authorization Act for Fiscal Year 2013. I promised to look at the bill and the associated Committee Report for mentions of cybersecurity issues; and as I expected there were none; after all, most of the bill is classified. Fortunately, the nine amendments that have been cleared to be considered during the floor debate under a ‘structured rule’ are not classified, and two of them deal with cybersecurity.

Cleared Floor Amendments

Rep. Farr (D,CA) introduced an amendment that would add a rather short §306 to the bill. It would have no real force of law because it is a ‘sense of Congress’ resolution telling intelligence community leaders to “take into consideration foreign languages and cultures during the development by such element of the intelligence community of training, tools, and methodologies to protect the networks of the United States against cyber attacks and intrusions from foreign entities”. I’m not sure what the crafter of this bill intended to mean by the phrase ‘to take into consideration’. I am just as sure that it isn’t important in any case, it is after all just a ‘sense of Congress’ statement.

Rep. Myrick (R,NC) and Wolf (R,VA) introduce the last amendment that will be considered on the Floor for this bill. It required the Director of National Intelligence (DNI) to prepare a report to Congress on supply chain security issues related to foreign suppliers of “of information technology (including equipment, software, and services) that are linked directly or indirectly to a foreign government” {§502(a)(1)}. The DNI is required to assess the “vulnerability to malicious activity, including cyber crime or espionage, of the telecommunications networks of the United States due to the presence of technology produced by suppliers identified” {§502(a)(2)}. If the ‘linked directly or indirectly to a foreign government’ didn’t make the scope of this report large enough, the definition of ‘telecommunications networks’ solved the problem; it includes:

• Telephone systems;

• Internet systems;

• Fiber optic lines, including cable landings;

• Computer networks; and

• Smart grid technology

Nothing about the kitchen sink though.

Passed Over Amendments

There were three more cybersecurity related amendments offered to the Rules Committee that did not make the cut for being allowed to reach the Floor during the debate later this week. Those amendments included requirements for:

• A threat assessment for cyber threats to critical infrastructure; Clarke (D,NY);

• Each agency that deals with classified documents to report back in 1 year potential security risks associated with the acquisition of computer hardware; Cuellar (D,TX); and

• The Civil Liberties Protection Officer to review on an ongoing basis, and prepare, as necessary, privacy impact assessments on, the cybersecurity policies, programs, and activities of the Intelligence Community; Hahn (D,CA).

It is interesting that two different amendments would address the supply chain security issue.

Oh, and special kudos to Ms. Clarke. She has tried to get this amendment made to every bill that looked like it might relate to cybersecurity, both in Committee and on the floor. Readers of this blog will know that I am not a big fan of reports to Congress, but this one sure seems legitimate to me. Keep plugging Congresswoman Clarke.

Moving Forward

According to the Majority Leader’s web site this bill will come to the floor tomorrow afternoon with work carrying on until it concludes sometime tomorrow night.