The House Homeland Security Committee amended and approved two cybersecurity bills Tuesday (Oct. 29) aimed at 1) boosting government cybersecurity R&D in cooperation with industry and 2) insuring there is a skilled work force to implement protections of critical infrastructure.
The R&D bill would encourage the development of new infrastructure protection technologies and insure information is shared between government and the private sector.
Both the Critical Infrastructure Research and Development Advancement Act of 2013 (HR 2952) and the Homeland Security Cybersecurity Boots-on-the-Ground Act (HR 3107) passed on voice votes, but not without some amendments, and amendments withdrawn on the promise that there would be further discussion and possible tweaking before a House floor vote.
Some of those concerns stemmed from questions about security clearances in the wake of the Edward Snowden leaks and Navy Yard shooter, both of whom had access to critical facilities and information that in hindsight appeared clearly inappropriate.
In the executive session marking up the bills, the R&D bill was amended to require DHS to look beyond traditional terrorist cyber attacks to the broader question of the impact of natural disasters on the security of critical infrastructure. That amendment was from Rep. Sheila Jackson-Lee (D-Tex.) who offered, withdrew, or just talked about a number of amendments.
Jackson-Lee also proposed an amendment that would have required DHS to look at software vulnerabilities. She got pushback from Republican Jeff Duncan of South Carolina, who said he was concerned that that was beyond the scope of an R&D bill. She withdrew the amendment on the promise that the committee would work on possibly adding language to that effect before the bill hit the floor.
The "Boots on the Ground" bill was the venue for much discussion about outside contractors. Jackson-Lee introduced and withdrew an amendment that would have required DHS to determine how many cybersecurity jobs are filled by career federal employees and how many by contractors.
She said while there was a role for small business, minority-owned and other contractors, DHS should gauge the impact of contractors on the integrity of the work and the kind of background checks. She agreed to withdraw the amendment after assurances from bill sponsor Yvette Clarke (D-NY), who shared her concerns, to make sure the final bill contained the appropriate language.
Jackson-Lee did not introduce another amendment that would have required a report on DHS security clearances, but she said she thought such a report was appropriate as well.
Amendments were approved that would 1) encourage DHS to look to the unemployed, veterans and others to fill cybersecurity jobs, rather than simply recent graduates or college students and 2) one that would require DHS to have a comprehensive list of job classifications to insure hiring people with "the right skills and abilities." That drew some Republican pushback over the issue of quotas and whether that would result in the best candidates for the job. But committee Chairman Michael McCaul (R-Tex.) supported the amendment, and various Democrats said it was not a quota, and would simply broaden the pool of candidates beyond "the usual suspects" to those older members of the work force with IT skills but without a job.