House approves two federal cybersecurity bills
The House unanimously approved April 16 legislation that would modify statutory federal cybersecurity program requirements.
That bill, the Federal Information Security Amendments Act of 2013 (H.R. 1163), secured a 416-0 vote with 16 representatives not present; it would amend the Federal Information Security Management Act in ways similar to legislation the House approved in 2012 but which the Senate did not take up.
The bill, primarily sponsored by House Oversight and Government Reform Chairman Darrell Issa (R-Calif.), would make agency heads responsible for cybersecurity within their agencies and require each one to have a chief information security officer, although the CISO could also be the chief information officer. CISOs would be responsible for developing and implementing agencywide information security programs that would be "consistent with components across and within agencies" and would require approval by OMB--except in cases of national security systems.
The bill would also require the director of the Office of Management and Budget to oversee agency cybersecurity practices; OMB shifted much of its previously held oversight authority to the Homeland Security Department in 2010.
"OMB is the appropriate entity to be responsible" for cybersecurity oversight, said Rep. Elijah Cummings (D-Md.), a bill co-sponsor, during House debate on the measure. The bill would not prevent DHS "from continuing the great work it is doing to protect our nation against potential cyber attacks," Cummings said.
The House also approved on a 402-16 vote the Cybersecurity Enhancement Act of 2013, a bill (H.R. 756) that would authorize the National Science Foundation to make cybersecurity grants in the amount of $185 million annually for 3 years starting in fiscal 2014. Included in the grant authorization are $119 million annually for Cyber Security Research and Development Act grants and $32 million annually for graduate traineeships in cybersecurity.