HR 2787 Introduced – FY 2014 DOC Spending

As I noted last week Rep. Wolf (R,VA) introduced HR 2787, the Commerce, Justice, Science, and Related Agencies Appropriations Act, 2014. The House Appropriations Committee has favorably reported the bill so it may now be acted upon by the House.

The bill provides funding for a number of agencies that have significant cybersecurity missions, including the National Institute of Standards and Technology (NIST) and the National Science Foundation (NSF). There is no specific mention of cybersecurity in the bill itself. The closest mention is found in §515 that requires agency heads to consult with the FBI to ensure that information systems being acquired have been investigated for potential cyber espionage risks, particularly if the equipment comes from China. A distant second is §533 that prohibits funds from being used to establish or maintain a computer network that doesn’t proactively block porn sites.

There are some brief mentions of cybersecurity issues in the Committee Report.  A variety of reports to Congress are required, including an annual report on cyber-attacks executed against the Department of Commerce (pg 6). The Committee Report does note that the bill provides “funding to strengthen NIST’s core cybersecurity research and development programs” (pg 61).

All of the other cybersecurity mentions in the Report deal with Dept. of Commerce internal cybersecurity measures. This includes funding for an Enterprise Security Operations Center that would provide “Department-wide, 24×7 security status information on cyber security threats” (pg 31). Additional reporting is also required on responses to an IG FISMA report on “significant weaknesses exist in basic security practices” (pg 31) in the Dept. of Commerce.