Cybersecurity: Legislation, Hearings, and Executive Branch Documents

Transcription

1 CRS Reports & Analysis Print Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist ) View Key CRS Policy Staff May 14, (R43317) Jump to Main Text of Report Related Author Rita Tehan Related Policy Issue Cybersecurity Contents Legislation CRS Reports and Other CRS Products: Legislation Hearings in the 114 th Congress Hearings in the 113 th Congress Hearings in the 112 th Congress Executive Orders and Presidential Directives CRS Reports on Executive Orders and Presidential Directives Tables Table th Congress Legislation: House Table th Congress Legislation: Senate Table th Congress, Major Legislation: Senate Table th Congress, Major Legislation: House Table th Congress, Major Legislation: Senate Table th Congress, Senate Floor Debate: S Table th Congress, Major Legislation: House Table th Congress, House Floor Debate: H.R Table th Congress, Senate Hearings, by Date Table th Congress, Senate Hearings, by Committee Table th Congress, House Hearings, by Date

2 Table th Congress, House Hearings, by Committee Table th Congress, House Hearings, by Date Table th Congress, House Hearings, by Committee Table th Congress, House Committee Markups, by Date Table th Congress, Senate Hearings, by Date Table th Congress, Other Hearings, by Date Table th Congress, Senate Hearings, by Committee Table th Congress, Other Hearings, by Committee Table th Congress, House Hearings, by Date Table th Congress, House Hearings, by Committee Table th Congress, House Markups, by Date Table th Congress, Senate Hearings, by Date Table th Congress, Senate Hearings, by Committee Table th Congress, Congressional Committee Investigative Reports Table 26. Executive Orders and Presidential Directives Summary Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, engaging in cybercrime, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which may make responding problematic. Despite many recommendations made over the past decade, no major legislative provisions relating to cybersecurity had been enacted since However, on December 18,, in the last days of the 113 th Congress, five cybersecurity bills were signed by the President. These bills change federal cybersecurity programs in a number of ways: codifying the role of the National Institute of Standards and (NIST) in developing a "voluntary, industry-led set of standards" to reduce cyber risk; codifying the Department of 's (DHS's) National Cybersecurity and Communications Integration Center as a hub for interactions with the private sector; updating the Federal Information Security Management Act (FISMA) by requiring the Office of Management and Budget (OMB) to "eliminate... inefficient and wasteful reports"; and requiring DHS to develop a "comprehensive workforce strategy" within a year and giving DHS new authorities for cybersecurity hiring. In April, the Obama Administration sent Congress legislative proposals that would have given the federal government new authority to ensure that corporations owning assets most critical to the nation's security and economic prosperity adequately addressed risks posed by cybersecurity threats. This report provides links to cybersecurity legislation in the 112 th and 113 th Congresses. 114 th Congress Legislation, House, Table th Congress Legislation, Senate, Table 2

3 113 th Congress, Major Legislation, Table 3 and Table th Congress, Major Legislation, Table 5 and Table th Congress, Senate Floor Debate: S. 3414, Table th Congress, House Floor Debate: H.R. 3523, Table 8 Congress has held cybersecurity hearings every year since This report also provides links to cybersecurity-related committee hearings in the 112 th and 113 th Congresses. 114 th Congress, Senate Hearings, Table 9 and Table th Congress, House Hearings, Table 11 and Table th Congress, House Hearings, Table 13 and Table th Congress, House Committee Markups, Table th Congress, Senate Hearings, Table 16 and Table th Congress, Other Hearings, Table 17 and Table th Congress, House Hearings, Table 20 and Table th Congress, House Markups, Table th Congress, Senate Hearings, Table 23 and Table th Congress, Congressional Committee Investigative Reports, Table 25 For a discussion of selected legislative proposals in the 112 th and 113 th Congresses, see CRS Report R42114, Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation, by Eric A. Fischer. Executive orders authorize the President to manage federal government operations. Presidential directives pertain to all aspects of U.S. national security policy as authorized by the President. This report provides a list of executive orders and presidential directives pertaining to information and computer security. Executive Orders and Presidential Directives, Table 26 For a selected list of authoritative reports and resources on cybersecurity, see CRS Report R42507, Cybersecurity: Authoritative Reports and Resources, by Topic, by Rita Tehan. For selected cybersecurity data, statistics, and glossaries, see CRS Report R43310, Cybersecurity: Data, Statistics, and Glossaries, by Rita Tehan. Cybersecurity: Legislation, Hearings, and Executive Branch Documents Legislation No major legislative provisions relating to cybersecurity had been enacted since 2002, despite many recommendations made over the past decade.

4 In the 112 th Congress, the White House sent a comprehensive, seven-part legislative proposal (White House Proposal) to Congress on May 12,. 1 Some elements of that proposal were included in both House and Senate bills. The House passed a series of bills that addressed a variety of issues from toughening law enforcement of cybercrimes to giving the Department of (DHS) oversight of federal information technology and critical infrastructure security to lessening liability for private companies that adopt cybersecurity best practices. The Senate pursued a comprehensive cybersecurity bill (S. 3414) with several committees working to create a single vehicle for passage, backed by the White House, but the bill failed to overcome two cloture votes and did not pass. Despite the lack of enactment of cybersecurity legislation in the 113 th Congress, there still appears to be considerable support in principle for significant legislation to address most of the issues. In the 113 th Congress, five cybersecurity bills were signed by the President on December 18, : H.R. 2952, the Cybersecurity Workforce Assessment Act, which requires the DHS to develop a cyber-workforce strategy; S. 1353, the Cybersecurity Enhancement Act of, which codifies the National Institute of Standards and 's (NIST's) role in cybersecurity; S. 1691, the Border Patrol Agent Pay Reform Act of, which gives DHS new authorities for cybersecurity hiring; S. 2519, the National Cybersecurity Protection Act of, which codifies DHS's cybersecurity center; and S. 2521, the Federal Information Security Modernization Act of, which reforms federal IT security management. The National Defense Authorization Act for Fiscal Year became P.L on December 26,. In February, the White House issued an executive order designed to improve the cybersecurity of U.S. critical infrastructure. 2 Executive Order attempts to enhance the security and resiliency of critical infrastructure through voluntary, collaborative efforts involving federal agencies and owners and operators of privately owned critical infrastructure, as well as the use of existing federal regulatory authorities. Given the absence of comprehensive cybersecurity legislation, some security observers contend that E.O is a necessary step in securing vital assets against cyberthreats. Others have expressed the view that the executive order could make enactment of a bill less likely or could lead to government intrusiveness into private-sector activities through increased regulation under existing statutory authority. For further discussion of the executive order, see CRS Report R42984, The Cybersecurity Executive Order: Overview and Considerations for Congress, by Eric A. Fischer et al. More than 30 bills have been introduced in the 114 th Congress that would address several issues, including data-breach notification, incidents involving other nation-states, information sharing, law enforcement and cybercrime, protection of critical infrastructure (CI), workforce development, and education. The Obama Administration has released proposals for three bills on information sharing, data-breach notification, and revision of cybercrime laws. Several bills have received or are expected to receive committee or floor action.

5 On April 22,, the House passed H.R which will provide liability protection to companies that share cyber threat information with the government and other companies so long as personal information is removed before the sharing of such information. On April 23,, the House passed H.R. 1731, which will encourage the sharing of information with the Department of by protecting entities from civil liabilities. CRS Reports and Other CRS Products: Legislation CRS Report R43831, Cybersecurity Issues and Challenges: In Brief, by Eric A. Fischer o o CRS Report R43996, Cybersecurity and Information Sharing: Comparison of H.R and H.R. 1731, by Eric A. Fischer CRS Report R43996, Cybersecurity and Information Sharing: Comparison of H.R and H.R. 1731, by Eric A. Fischer CRS Report R42114, Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation, by Eric A. Fischer CRS Report R43821, Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis, by N. Eric Weiss CRS Report IN10186, Cybersecurity: FISMA Reform, by Eric A. Fischer o o CRS Report R42474, Selected Federal Data Security Breach Legislation, by Kathleen Ann Ruane CRS Report R42475, Data Security Breach Notification Laws, by Gina Stevens CRS Legal Sidebar WSLG480, Privacy and Civil Liberties Issues Raised by CISPA, by Andrew Nolan CRS Legal Sidebar WSLG478, House Committee Marks Up Cybersecurity Bill CISPA, by Richard M. Thompson CRS Legal Sidebar WSLG481, CISPA, Private Actors, and the Fourth Amendment, by Richard M. Thompson CRS Legal Sidebar WSLG483, Obstacles to Private Sector Cyber Threat Information Sharing, by Edward C. Liu Table th Congress Legislation: House Bill No. Title Committee(s) Date Introduced Latest Major Action Date H.R. 53 Cyber Security Education and Federal Workforce Enhancement Act Education and the Workforce; Homeland Security; Science, Space, and January 6, Referred to Subcommittee of Higher Education and Workforce Training April 29,

6 H.R. 60 Cyber Defense National Guard Act Committee on (Permanent Select) January 6, Referred to committee January 6, H.R. 104 Cyber Privacy Fortification Act of Judiciary January 6, Referred to Subcommittee on Crime, Terrorism, Homeland Security, and Investigations January 22, H.R. 234 Cyber Sharing and Protection Act Armed Services, Homeland Security, (Permanent), Judiciary January 8, Referred to the Subcommittee on the Constitution and Civil Justice February 2, H.R. 451 Safe and Secure Federal Websites Act of Government Reform January 21, Referred to committee January 21, H.R. 580 Data Accountability and Trust Act Energy and Commerce January 28, Referred to subcommittee January 30, H.R Critical Infrastructure Protection Act (CIPA) Homeland Security February 25, Referred to subcommittee March 12, H.R Protecting Cyber Networks Act March 24, Passed by House, Roll Cal Vote 170 April 22, H.R Cybercrime Anti- Resale Deterrent Extraterritoriality Revision (CARDER) Act Judiciary March 24, Referred to Subcommittee on Crime, Terrorism, Homeland Security, and Investigations April 21, H.R Personal Data Notification and Protection Act Judiciary, Energy and Commerce March 26, Referred to Subcommittee on the April 29,

7 Constitution and Civil Justice H.R National Cybersecurity Protection Advancement Act Homeland Security April 14, Passed House, Roll Call Vote 173 April 23, H.R Executive Cyberspace Coordination Act Government Reform April 13, Referred to committee April 13, H.R Data Security and Breach Notification Act of Energy & Commerce April 14, Referred to the Subcommittee on Commerce, Manufacturing, and Trade April 17, Source: Compiled by the Congressional Research Service (CRS) from Congress.gov. Table th Congress Legislation: Senate Bill No. Title Committee(s) S. 135 Secure Data Act of S. 177 Data Security and Breach Notification Act of S. 456 Cyber Threat Sharing Act of S. 754 Cybersecurity Information Sharing Act of S Cybersecurity Information Sharing Credit Act Commerce, Science, and Commerce, Science, and Homeland Security and Governmental Affairs Date Introduced January 8, January 13, February 11, March 17, Commerce, Science and April 21, Latest Major Action Referred to committee Referred to committee Referred to committee Committee filed written Report Referred to committee Date January 8, January 13, February 11, April 15, April 21,

8 S A bill to provide for the modernization, security, and resiliency of the electric grid, to require the Secretary of Energy to carry out programs for research, development, demonstration, and informationsharing for cybersecurity for the energy sector Energy and Natural Resources May 7, Referred to committee May 7, Source: Compiled by CRS from Congress.gov. Table 3 and Table 4 provide lists of Senate and House legislation under consideration in the 113 th Congress. Table th Congress, Major Legislation: Senate Bill No. Title Committee(s) Date Introduced Latest Major Action Date S Cybersecurity Information Sharing Act of July 10, Reported to Senate without written report July 10, S Federal Information Security Modernization Act and Government of Affairs S National Cybersecurity and Communications Integration Center Act of and Governmental Affairs June 24, P.L June 24, P.L December 18, December 18, S Carl Levin National Defense Authorization Act for Fiscal Year June 2, With written report no June 2,

9 S DHS Cybersecurity Workforce Recruitment and Retention Act of and Government Affairs May 20, With written report no July 14, S Data Security Act of Banking, Housing, and Urban Affairs January 15, Subcommittee on National Security and International Trade and Finance hearings held February 3, S Border Patrol Agent Pay Reform Act of Senate Homeland November Security and 13, Governmental Affairs; House Government Reform; House Homeland Security P.L December 18, S Cybersecurity Act of Commerce, Science, and July 24, P.L December 18, S National Defense Authorization for Fiscal Year June 20, P.L December 26, Source: Legislative Information System (LIS). Table th Congress, Major Legislation: House Bill No. Title Committee(s) Date Introduced Latest Major Action Date H.R National Defense Authorization Act for Fiscal Year April 9, Passed/agreed to May 22, in House, Roll no. 240 H.R National Cybersecurity and Critical and House Science, Infrastructure Protection Space, and Act December 11, Passed/agreed to in House, by voice vote July 28, H.R Safe and Secure Federal Websites Act of House Government Reform; Senate Homeland December 3, Passed House by voice vote July 28,

10 H.R National Defense Authorization Act for Fiscal Year H.R Cybersecurity Boots-onthe-Ground Act H.R Critical Infrastructure Research and Development Advancement Act of H.R Federal Information Security Amendments Act of H.R. 967 Advancing America's Networking and Information Research and Development Act of H.R. 756 Cybersecurity R&D [Research and Development] H.R. 624 Cyber Sharing and Protection Act (CISPA) Security and Governmental Affairs House Armed Services; Senate October 22, September 17, August 1, Government Reform Science, Space, and Science, Space, and Permanent Select Committee on March 14, March 14, February 15, February 13, P.L December 26, Passed/agreed to July 28, in House, Roll No. 457 P.L Passed House. Referred to Senate Committee on Homeland Security and Governmental Affairs Passed House, Roll No Referred to the Senate Commerce, Science, and Committee Passed House, Roll no Congressional Record text Passed House. Roll no Referred to Senate Select Committee on December 18, April 17, April 17, April 16, April 18,

11 Source: LIS. Table 5 and Table 7 list major Senate and House legislation considered by the 112 th Congress. The tables include bills with committee action, floor action, or significant legislative interest. Table 6 provides Congressional Record links to Senate floor debate of S. 3414, the Cybersecurity Act of. Table 8 provides Congressional Record links to House floor debate of H.R. 3523, the Cyber Sharing and Protection Act. Table th Congress, Major Legislation: Senate Bill No. Title Committee(s) Date Introduced S Cybersecurity Act of N/A (Placed on Senate Legislative Calendar under Read the First Time) S SECURE IT N/A (Placed on Senate Legislative Calendar under General Orders. Calendar No. 438) S Data Security and Breach Notification Act of Commerce, Science, and S SECURE IT Commerce, Science, and S Cybersecurity Act of and Governmental Affairs S Cybersecurity Information Sharing Act of S Personal Data Protection and Breach Accountability Act of and Governmental Affairs July 19, June 27, June 21, March 1, February 14, February 13, Judiciary September 8, S Grid Cyber Security Act Energy and Natural Resources July 11, S Personal Data Privacy and Security Act of S. 413 Cybersecurity and Internet Freedom Act of Judiciary June 7, and Governmental Affairs February 17, Source: LIS. Table th Congress, Senate Floor Debate: S Title Date Congressional Record Pages Cybersecurity Act of : Motion to Proceed July 26, S5419-S5449

12 Cybersecurity Act of : Motion to Proceed Continued and Cloture Vote July 26, S5450-S5467 Cybersecurity Act of July 31, S5694-S5705 Cybersecurity Act of : Continued July 31, S5705-S5724 Cybersecurity Act of : Debate and Cloture Vote August 2, S5907-S5919 Cybersecurity Act of : Motion to Proceed November 14, S6774-S6784 Source: Congressional Record, Government Printing Office (GPO). Table th Congress, Major Legislation: House Bill No. Title Committee(s) Date Introduced H.R H.R Federal Information Security Amendments Act of Advancing America's Networking and Information Research and Development Act of H.R SECURE IT Act of Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Government Reform March 26, Science, Space, and January 27, Government Reform; Judiciary; Armed Services; (Permanent Select) H.R PRECISE Act of ; Oversight and Government Reform; Science, Space, and ; Judiciary; (Permanent Select) H.R H.R H.R. 174 H.R. 76 Cyber Sharing and Protection Act Cybersecurity Enhancement Act of Cyber and Physical Infrastructure Protection Act of Cybersecurity Education Enhancement Act of Committee on (Permanent Select) March 27, December 15, November 30, Science, Space, and June 2, ; Education and the Workforce; ; House Government Reform January 5, January 5,

13 Source: LIS. Table th Congress, House Floor Debate: H.R Title Date Congressional Record Pages Cyber Sharing and Protection Act: Providing for Consideration of Motion to Suspend the Rules Cyber Sharing and Protection Act: Consideration of the Bill April 26, H April 26, H Source: Congressional Record (GPO). Hearings in the 114 th Congress The following tables list cybersecurity hearings in the 114 th Congress. Table 9 and Table 10 contain identical content but are organized differently. Table 11 lists House hearings arranged by date (most recent first), and Table 12 lists House hearings arranged by committee. When viewed in HTML, the document titles are active links to the committee's website for that particular hearing. Table th Congress, Senate Hearings, by Date Title Date Committee Subcommittee Cybersecurity: Setting the Rules for Responsible Global Cyber Behavior Military Cyber Programs and Posture From Protection to Partnership: Funding the DHS role in Cybersecurity Examining the Evolving Cyber Insurance Marketplace U.S. Strategic Command, U.S. Command, and U.S. May 14, Foreign Relations East Asia, The Pacific, And International Cybersecurity Policy April 15, Emerging Threats and April 15, Appropriations March 19, March 19, Commerce, Science and Consumer Protection, Product Safety, Insurance and Data Security

14 Cyber Command in review of the Defense Authorization Request for Fiscal Year 2016 and the Future Years Defense Program [CLOSED] Markup of the "Cybersecurity Information Sharing Act of " March 12, The Connected World: Examining the Internet of Things February 11, Commerce, Science & Getting it Right on Data Breach and Notification Legislation in the 114 th Congress February 5, Commerce, Science & Consumer Protection, Product Safety, Insurance, and Data Security Building a More Secure Cyber Future: Examining Private Sector Experience with the NIST Framework February 4, Commerce, Science & Protecting America from Cyber Attacks: The Importance of Information Sharing January 28, and Governmental Affairs Source: Compiled by CRS from Congress.gov. Table th Congress, Senate Hearings, by Committee Committee Subcommittee Title Date Appropriations From Protection to Partnership: Funding the DHS role in Cybersecurity Emerging Threats and Military Cyber Programs and Posture U.S. Strategic Command, U.S. April 15, April 15, March 19,

15 Command, and U.S. Cyber Command in review of the Defense Authorization Request for Fiscal Year 2016 and the Future Years Defense Program Commerce, Science and Consumer Protection, Product Safety, Insurance and Data Security Examining the Evolving Cyber Insurance Marketplace March 19, Commerce, Science & The Connected World: Examining the Internet of Things February 11, Commerce, Science & Getting it Right on Data Breach and Notification Legislation in the 114 th Congress February 5, Commerce, Science & Building a More Secure Cyber Future: Examining Private Sector Experience with the NIST Framework February 4, Foreign Relations East Asia, The Pacific, And International Cybersecurity Policy Cybersecurity: Setting the Rules for Responsible Global Cyber Behavior May 14, and Governmental Affairs Protecting America from Cyber Attacks: The Importance of Information Sharing January 28, [CLOSED] Markup of the "Cybersecurity Information Sharing Act of " March 12, Source: Compiled by CRS from Congress.gov. Table th Congress, House Hearings, by Date

16 Title Date Committee Subcommittee Protecting Consumers: Financial Data Security in the Age of Computer Hackers Enhancing Cybersecurity of Third-Party Contractors and Vendors Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks May 14, April 22, April 22, Full committee meets to April 21, formulate a rule on H.R.1560, the "Protecting Cyber Networks Act"; and H.R.1731, the "National Cybersecurity Protection Advancement Act of [CLOSED] Special Activities Markup: H.R. 1731, the National Cybersecurity Protection Advancement Act of Markup of H.R. 1770, The Data Security and Breach Notification Act of [CLOSED] Markup of "Protecting Cyber Networks Act" The Internet of Things: Exploring the Next Frontier [MARKUP] H.R. 1704, Data Security and Breach Notification Act of The Growing Cyber Threat and its Impact on American Business Financial Services Government Reform Small Business Rules April 15, National Security Agency and Cybersecurity April 14, April 14, March 26, Energy and Commerce March 24, Energy and Commerce Commerce, Manufacturing and Trade March 24, March 19, Energy and Commerce

17 Discussion Draft of H.R. 1704, Data Security and Breach Notification Act of Cybersecurity: The Evolving Nature of Cyber Threats Facing the Private Sector Industry Perspectives on the President's Cybersecurity Information Sharing Proposal Cyber Operations: Improving the Military Cyber Security Posture in an Uncertain Threat Environment. Understanding the Cyber Threat and Implications for the 21 st Century Economy March 18, Energy and Commerce Commerce, Manufacturing, and Trade March 18, Examining the President's February 25, 2 Cybersecurity Information Sharing Proposal Emerging Threats and to Protect the Homeland The Expanding Cyber Threat What are the Elements of Sound Data Breach Legislation? Briefing: The North Korean Threat: Nuclear, Missiles and Cyber Government Reform Information March 4, Infrastructure Protection and Security March 4, Emerging Threats and March 3, Energy and Commerce Investigations February 12, Infrastructure Protection, and Security January 27, January 27, January 13, Science, Space & Energy and Commerce Foreign Affairs Research and Source: Compiled by CRS from Congress.gov.

18 Table th Congress, House Hearings, by Committee Committee Subcommittee Title Date Emerging Threats and Cyber Operations: Improving the Military Cyber Security Posture in an Uncertain Threat Environment Energy and Commerce Markup of H.R. 1770, The Data Security and Breach Notification Act of Energy and Commerce Commerce, Manufacturing, and Trade The Internet of Things: Exploring the Next Frontier Energy and Commerce [MARKUP] H.R. 1704, Data Security and Breach Notification Act of Energy and Commerce Energy and Commerce Energy and Commerce Financial Services Foreign Affairs Commerce, Manufacturing, and Trade Investigations Discussion Draft of H.R. 1704, Data Security and Breach Notification Act Understanding the Cyber Threat and Implications for the 21 st Century Economy What are the Elements of Sound Data Breach Legislation? Protecting Consumers: Financial Data Security in the Age of Computer Hackers Briefing: The North Korean Threat: Nuclear, Missiles and Cyber Markup: H.R. 1731, the National Cybersecurity Protection Advancement Act of March 4, April 14, March 24, March 24, March 18, March 3, January 27, May 14, January 13, April 14,

19 Infrastructure Protection and Security Industry Perspectives on the President's Cybersecurity Information Sharing Proposal March 4, Examining the President's Cybersecurity Information Sharing Proposal February 25, Infrastructure Emerging Threats and to Protect the Homeland February 12, National Security Agency and Cybersecurity [CLOSED] Special Activities April 15, [CLOSED] Markup of "Protecting Cyber Networks Act" March 26, The Growing Cyber Threat and its Impact on American Business March 19, Government Reform Enhancing Cybersecurity of Third- Party Contractors and Vendors April 22, Government Reform Information Cybersecurity: The Evolving Nature of Cyber Threats Facing the Private Sector March 18, Rules Full committee meets to formulate a rule on H.R.1560, the "Protecting Cyber Networks Act"; and H.R.1731, the "National Cybersecurity Protection April 21,

20 Advancement Act of Science, Space & Research and The Expanding Cyber Threat January 27, Small Business Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks April 22, Source: Compiled by CRS from Congress.gov. Hearings in the 113 th Congress The following tables list cybersecurity hearings in the 113 th Congress. Table 13 and Table 14 contain identical content but are organized differently. Table 13 lists House hearings arranged by date (most recent first), and Table 14 lists House hearings arranged by committee. When viewed in HTML, the document titles are active links to the committee's website for that particular hearing. Table th Congress, House Hearings, by Date Title Date Committee Subcommittee How Data Mining Threatens Student Privacy Assessing Persistent and Emerging Cyber Threats to the U.S. Homeland Electromagnetic Pulse (EMP): Threat to Critical Infrastructure Protecting Your Personal Data: How Law Enforcement Works With the Private Sector to Prevent Cybercrime Information and Cyber Operations: Modernization and Policy Issues in a Changing National Security Environment International Cybercrime Protection June 25, May 21, Infrastructure Protection, and Security Counterterrorism and May 8, Infrastructure Protection, and Security April 16, March 12, March 6, Science, Space, and Infrastructure Protection, and Security (Field Hearing), Emerging Threats, and Financial Institutions and Consumer Credit

21 Data Security: Examining Efforts to Protect Americans' Financial Information Protecting Consumer Information: Can Data Breaches Be Prevented? A Roadmap for Hackers? - Documents Detailing HealthCare.gov Security Vulnerabilities HealthCare.gov: Consequences of Stolen Identity HHS' Own Security Concerns About HealthCare.gov Is My Data on Healthcare.gov Secure? Security of Healthcare.gov Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management Cybersecurity: 21 st Century Threats, Challenges, and Opportunities A Look into the Security and Reliability of the Health Exchange Data Hub Asia: The Cyber Security Battleground Oversight of Executive Order and Development of the Cybersecurity Framework Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers? March 5, February 5, January 28, January 19, January 16, November 19, November 19, November 13, October 30, October 23, September 11, Financial Services Energy and Commerce Government Reform Science, Space, and Government Reform Science, Space, and Energy and Commerce Permanent Select Committee on Commerce, Manufacturing, and Trade Infrastructure Protection, and Security Infrastructure Protection, and Security July 23, Foreign Affairs Asia and the Pacific July 18, Infrastructure Protection, and Security July 18, Energy and Commerce Commerce, Manufacturing, and Trade

22 Evaluating Privacy, Security, and Fraud Concerns with ObamaCare's Information Sharing Apparatus July 17, (Joint Hearing) and Government Reform Cyber Espionage and the Theft of U.S. Intellectual Property and July 9, Energy and Commerce Investigation Cyber Threats and Security Solutions May 21, Energy and Commerce Cybersecurity: An Examination of the Communications Supply Chain May 21, Energy and Commerce Communications and Facilitating Cyber Threat Information Sharing and Partnering with the Private Sector to Protect Critical Infrastructure: An Assessment of DHS May 16, Infrastructure Protection, and Security Striking the Right Balance: Protecting Our Nation's Critical Infrastructure from Cyber Attack and Ensuring Privacy and Civil Liberties April 25, Infrastructure Protection, and Security Cyber Attacks: An Unprecedented Threat to U.S. National Security March 21, Foreign Affairs Europe, Eurasia, and Emerging Threats Protecting Small Business from Cyber-Attacks March 21, Small Business Healthcare and Cybersecurity and Critical Infrastructure [CLOSED hearing] March 20, Appropriations Cyber Threats from China, Russia and Iran: Protecting American Critical Infrastructure March 20, Infrastructure Protection, and Security DHS Cybersecurity: Roles and Responsibilities to Protect the Nation's Critical Infrastructure March 13, Investigating and Prosecuting 21 st Century Cyber Threats March 13, Judiciary Crime, Terrorism, and Investigations

23 Information and Cyber Operations: Modernization and Policy Issues to Support the Future Force March 13,, Emerging Threats, and Cyber R&D Challenges and Solutions February 26, Science, Space, and Advanced Cyber Threats Facing Our Nation February 14, Select Committee on Source: Compiled by CRS. Table th Congress, House Hearings, by Committee Committee Subcommittee Title Date Appropriations Energy and Commerce, Emerging Threats, and, Emerging Threats, and Commerce, Manufacturing, and Trade Cybersecurity and Critical Infrastructure [CLOSED hearing] Information and Cyber Operations: Modernization and Policy Issues in a Changing National Security Environment Information and Cyber Operations: Modernization and Policy Issues to Support the Future Force Protecting Consumer Information: Can Data Breaches Be Prevented? March 20, March 12, March 13, February 5, Energy and Commerce Security of Healthcare.gov November 19, Energy and Commerce Commerce, Manufacturing, and Trade Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers? Energy and Commerce Investigation Cyber Espionage and the Theft of U.S. Intellectual Property and Energy and Commerce Cyber Threats and Security Solutions July 18, July 9, May 21,

24 Energy and Commerce Financial Services Communications and Financial Institutions and Consumer Credit Cybersecurity: An Examination of the Communications Supply Chain Data Security: Examining Efforts to Protect Americans' Financial Information Foreign Affairs Asia and the Pacific Asia: The Cyber Security Battleground Foreign Affairs Europe, Eurasia, and Emerging Threats Infrastructure Counterterrorism and Infrastructure Infrastructure (Field Hearing) Infrastructure Infrastructure Infrastructure Cyber Attacks: An Unprecedented Threat to U.S. National Security How Data Mining Threatens Student Privacy Assessing Persistent and Emerging Cyber Threats to the U.S. Homeland Electromagnetic Pulse (EMP): Threat to Critical Infrastructure Protecting Your Personal Data: How Law Enforcement Works With the Private Sector to Prevent Cybercrime Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management A Look into the Security and Reliability of the Health Exchange Data Hub Oversight of Executive Order and Development of the Cybersecurity Framework May 21, March 5, July 23, March 21, June 25, May 21, May 8, April 16, November 13, October 30, September 11, July 18, Infrastructure Facilitating Cyber Threat May 16,

25 (Joint Hearing with Government Reform), and Energy Policy, Health Care, and Entitlements (Joint Hearing) Information Sharing and Partnering with the Private Sector to Protect Critical Infrastructure: An Assessment of DHS Infrastructure Striking the Right Balance: Protecting Our Nation's Critical Infrastructure from Cyber Attack and Ensuring Privacy and Civil Liberties April 25, Infrastructure Cyber Threats from China, Russia and Iran: Protecting American Critical Infrastructure March 20, Infrastructure DHS Cybersecurity: Roles and Responsibilities to Protect the Nation's Critical Infrastructure March 13, Judiciary Crime, Terrorism, Homeland Security, and Investigations Investigating and Prosecuting 21 st Century Cyber Threats March 13, Government Reform A Roadmap for Hackers? - Documents Detailing HealthCare.gov Security Vulnerabilities January 28, Government Reform HHS' Own Security Concerns About HealthCare.gov January 16, Government Reform (Joint Hearing with ) Energy Policy, Health Care, and Entitlements (Joint Hearing with Infrastructure Protection, and Security ) Evaluating Privacy, Security, and Fraud Concerns with ObamaCare's Information Sharing Apparatus July 18, Science, Space, and International Cybercrime Protection March 6, Science, Space, and HealthCare.gov: Consequences of Stolen Identity January 19, Science, Space, and Is My Data on Healthcare.gov Secure? November 19, Science, Space, and Cyber R&D [Research and Development] Challenges and Solutions February 26,

26 Select Committee on Advanced Cyber Threats Facing Our Nation Small Business Healthcare and Protecting Small Business from Cyber-Attacks February 14, March 21, Source: Compiled by CRS. Table th Congress, House Committee Markups, by Date Committee Subcommittee Title Date Infrastructure Infrastructure H.R. 3696, National Cybersecurity and Critical Infrastructure Protection Act H.R. 3696, National Cybersecurity and Critical Infrastructure Protection Act H.R. 2952, CIRDA Act of, and H.R. 3107, the Homeland Security Cybersecurity Bootson-the-Ground Act February 5, January 15, September 18, Source: Compiled by CRS. Table th Congress, Senate Hearings, by Date Title Date Committee Subcommittee Cybersecurity: Enhancing Coordination to Protect the Financial Sector Taking Down Botnets: Public and Private Efforts to Disrupt and Dismantle Cybercriminal Networks Investing in Cybersecurity: Understanding Risks and Building for the Future Data Breach on the Rise: Protecting Personal Information from Harm Protecting Personal Consumer Information from Cyber Attacks and Data Breaches December 10, Banking, Housing, and Urban Affairs July 15, Judiciary Crime and Terrorism May 7, Appropriations April 2, March 26, and Governmental Affairs Commerce, Science, and

27 Strengthening Public-Private Partnerships to Reduce Cyber Risks to Our Nation's Critical Infrastructure Nomination of Vice Admiral Michael S. Rogers, USN to be admiral and Director, National Security Agency/ Chief, Central Security Services/ Commander, U.S. Cyber Command U.S. Strategic Command and U.S. Cyber Command in review of the fiscal Defense Authorization Request and the Future Years Defense Program Oversight of Financial Stability and Data Security Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime Safeguarding Consumers' Financial Data, Panel 2, The Partnership Between NIST [National Institute of Standards and ] and the Private Sector: Improving Cybersecurity Resilient Military Systems and the Advanced Cyber Threat (CLOSED BRIEFING) Cybersecurity: Preparing for and Responding to the Enduring Threat Cyber Threats: Law Enforcement and Private Sector Responses Defense Authorization: Cybersecurity Threats: To receive a briefing on cybersecurity threats in review of the Defense Authorization Request for Fiscal Year and the Future Years Defense Program March 26, March 11, February 27, February 6, February 4, February 3, July 25, June 26, June 12, and Governmental Affairs Banking, Housing, and Urban Affairs Judiciary Banking, Housing, and Urban Affairs Commerce, Science, and Appropriations National Security and International Trade and Finance May 8, Judiciary Crime and Terrorism March 19, Fiscal Defense Authorization, March 12, Emerging Threats and

28 Strategic Command: U.S. Cyber Command The Cybersecurity Partnership Between the Private Sector and Our Government: Protecting Our National and Economic Security March 7, (Joint) and Governmental Affairs and Commerce, Science, and Source: Compiled by CRS. Table th Congress, Other Hearings, by Date Title Date Committee Subcommittee U.S.-China Cybersecurity Issues July 11, Congressional-Executive Commission on China Chinese Hacking: Impact on Human Rights and Commercial Rule of Law June 25, Congressional-Executive Commission on China Source: Compiled by CRS. Table th Congress, Senate Hearings, by Committee Committee Subcommittee Title Date Appropriations Investing in Cybersecurity: Understanding Risks and Building for the Future Appropriations Cybersecurity: Preparing for and Responding to the Enduring Threat Nomination of Vice Admiral Michael S. Rogers, USN to be admiral and Director, National Security Agency/ Chief, Central Security Services/ Commander, U.S. Cyber Command U.S. Strategic Command and U.S. Cyber Command in review of the Fiscal Defense Authorization Request and the Future Years Defense Program May 7, June 12, March 11, February 27, Resilient Military Systems and the June 26,

29 Banking, Housing, and Urban Affairs Banking, Housing, and Urban Affairs Banking, Housing, and Urban Affairs Commerce, Science, and Commerce, Science, and and Governmental Affairs and Governmental Affairs (Joint) and Governmental Affairs and Commerce, Science, and Emerging Threats and National Security and International Trade and Finance Advanced Cyber Threat (CLOSED BRIEFING) Defense Authorization: Cybersecurity Threats Fiscal Defense Authorization, Strategic Command: U.S. Cyber Command Cybersecurity: Enhancing Coordination to Protect the Financial Sector Oversight of Financial Stability and Data Security Safeguarding Consumers' Financial Data Protecting Personal Consumer Information from Cyber Attacks and Data Breaches The Partnership Between NIST [National Institute of Standards and ] and the Private Sector: Improving Cybersecurity Data Breach on the Rise: Protecting Personal Information from Harm Strengthening Public-Private Partnerships to Reduce Cyber Risks to Our Nation's Critical Infrastructure The Cybersecurity Partnership Between the Private Sector and Our Government: Protecting Our National and Economic Security Judiciary Crime and Terrorism Taking Down Botnets: Public and Private Efforts to Disrupt and Dismantle Cybercriminal Networks Judiciary Privacy in the Digital Age: Preventing Data Breaches and March 19, March 12, December 10, February 6, February 3, March 26, July 25, April 2, March 26, March 7, July 15, February 4,

30 Combating Cybercrime Judiciary Crime and Terrorism Cyber Threats: Law Enforcement and Private Sector Responses May 8, Source: Compiled by CRS. Table th Congress, Other Hearings, by Committee Committee Subcommittee Title Date Congressional-Executive Commission on China Congressional-Executive Commission on China U.S.-China Cybersecurity Issues July 11, Chinese Hacking: Impact on Human Rights and Commercial Rule of Law June 25, Source: Compiled by CRS. Hearings in the 112 th Congress The following tables list cybersecurity hearings in the 112 th Congress. Table 20 and Table 21 contain identical content but are organized differently. Table 20 lists House hearings arranged by date (most recent first) and Table 21 lists House hearings arranged by committee. Table 22 lists House markups by date; Table 23 and Table 24 contain identical content. Table 23 lists Senate hearings arranged by date and Table 24 lists Senate hearings arranged by committee. Table 25 lists two congressional committee investigative reports: the House Permanent Select Committee on investigative report into the counterintelligence and security threats posed by Chinese telecommunications companies doing business in the United States, and the Senate Permanent Subcommittee on Investigations' review of U.S. Department of efforts to engage state and local intelligence "fusion centers." When viewed in HTML, the document titles are active links to the committee's website for that particular hearing. Table th Congress, House Hearings, by Date Title Date Committee Subcommittee Investigation of the Security Threat Posed by Chinese Telecommunications Companies Huawei and ZTE Resilient Communications: Current Challenges and Future Advancements September 13, September 12, Permanent Select Committee on Emergency Preparedness, Response, and Communications Cloud Computing: An Overview of July 25, Judiciary Intellectual Property,

31 the and the Issues facing American Innovators Digital Warriors: Improving Military for Cyber Operations Cyber Threats to Capital Markets and Corporate Accounts Iranian Cyber Threat to U.S. Homeland America is Under Cyber Attack: Why Urgent Action is Needed The DHS and DOE National Labs: Finding Efficiencies and Optimizing Outputs in Homeland Security Research and Development Cybersecurity: Threats to Communications Networks and Public-Sector Responses IT Supply Chain Security: Review of Government and Industry Efforts Fiscal Year Budget Request for Information and Cyber Operations Programs Cybersecurity: The Pivotal Role of Communications Networks NASA Cybersecurity: An Examination of the Agency's Information Security Critical Infrastructure Cybersecurity: Assessments of Smart Grid Security Hearing on Draft Legislative Proposal on Cybersecurity Competition, and the Internet July 25, Emerging Threats and June 1, Financial Services Capital Markets and Government Sponsored Enterprises April 26, April 24, April 19, March 28, March 27, March 20, March 7, February 29, February 28, December 6, Energy and Commerce Energy and Commerce Energy and Commerce Science, Space, and Energy and Commerce and Governmental Infrastructure Protection, and Security and Counterterrorism and Oversight, Investigations and Management Infrastructure Protection, and Security Communications and Investigations Emerging Threats and Communications and Investigations and Oversight Investigations Infrastructure Protection,

32 Cyber Security: Protecting Your Small Business Combating Online Piracy (H.R. 3261, Stop the Online Piracy Act) Cybersecurity: Protecting America's New Frontier Institutionalizing Irregular Warfare Cloud Computing: What are the Security Implications? Cyber Threats and Ongoing Efforts to Protect the Nation The Cloud Computing Outlook Cybersecurity: Threats to the Financial Sector Cybersecurity: An Overview of Risks to Critical Infrastructure Cybersecurity: Assessing the Nation's Ability to Address the Growing Cyber Threat Field Hearing: "Hacked Off: Helping Law Enforcement Protect Private Financial Information" Examining the Impact of the Obama Administration's Cybersecurity Proposal Sony and Epsilon: Lessons for Data Security Legislation Protecting the Electric Grid: the Grid Reliability and Infrastructure Defense Act Unlocking the SAFETY Act's [Support Anti-terrorism by Fostering Effective P.L ] December 1, November 16, November 15, November 3, October 6, October 4, September 21, September 14, July 26, July 7, June 29, June 24, Affairs Small Business Judiciary Judiciary Permanent Select Science, Space, and Financial Services Energy and Commerce Government Reform Financial Services (field hearing in Hoover, AL) and Security Healthcare and Crime, Terrorism and Emerging Threats and Infrastructure Protection, and Security and Innovation Financial Institutions and Consumer Credit Investigations Infrastructure Protection, and Security June 2, Energy and Commerce Commerce, Manufacturing, and Trade May 31, May 26, Energy and Commerce Infrastructure Protection, and Security

33 Potential to Promote and Combat Terrorism Protecting Information in the Digital Age: Federal Cybersecurity Research and Development Efforts Cybersecurity: Innovative Solutions to Challenging Problems Cybersecurity: Assessing the Immediate Threat to the United States DHS Cybersecurity Mission: Promoting Innovation and Securing Critical Infrastructure Communist Chinese Cyber- Attacks, Cyber-Espionage and Theft of American Budget Hearing National Protection and Programs Directorate, Cybersecurity and Infrastructure Protection Programs Examining the Cyber Threat to Critical Infrastructure and the American Economy Budget Request from U.S. Cyber Command What Should the Department of Defense's Role in Cyber Be? Preventing Chemical Terrorism: Building a Foundation of Security at Our Nation's Chemical Facilities May 25, May 25, May 25, April 15, April 15, March 31, March 16, March 16, February 11, February 11, World Wide Threats February 10, Science, Space, and Judiciary Government Reform Foreign Affairs Appropriations (closed/classified) Permanent Select Research and Science Education and and Innovation Intellectual Property, Competition and the Internet National Security, Homeland Defense and Foreign Operations Infrastructure Protection, and Security Investigations Energy and Power Infrastructure Protection, and Security Emerging Threats and Emerging Threats and Infrastructure Protection, and Security Source: Compiled by CRS. Table th Congress, House Hearings, by Committee

34 Committee Subcommittee Title Date Appropriations (closed/classified) Energy and Commerce Energy and Commerce Energy and Commerce Energy and Commerce Energy and Commerce Energy and Commerce Energy and Commerce Financial Services Financial Services Financial Services Foreign Affairs Emerging Threats and Emerging Threats and Emerging Threats and Emerging Threats and Emerging Threats and Communications and Investigations Communications and Investigations Investigations Commerce, Manufacturing, and Trade Energy and Power Capital Markets and Government Sponsored Enterprises Financial Institutions and Consumer Credit Field hearing in Hoover, AL Investigations Budget Hearing National Protection and Programs Directorate, Cybersecurity and Infrastructure Protection Programs Digital Warriors: Improving Military for Cyber Operations Fiscal Defense Authorization: IT and Cyber Operations Institutionalizing Irregular Warfare Budget Request for U.S. Cyber Command What Should the Department of Defense's Role in Cyber Be? Cybersecurity: Threats to Communications Networks and Public-Sector Responses IT Supply Chain Security: Review of Government and Industry Efforts Cybersecurity: The Pivotal Role of Communications Networks Critical Infrastructure Cybersecurity: Assessments of Smart Grid Security Cybersecurity: An Overview of Risks to Critical Infrastructure Sony and Epsilon: Lessons for Data Security Legislation Protecting the Electric Grid: the Grid Reliability and Infrastructure Defense Act Cyber Threats to Capital Markets and Corporate Account Cybersecurity: Threats to the Financial Sector Field Hearing: "Hacked Off: Helping Law Enforcement Protect Private Financial Information" Communist Chinese Cyber-Attacks, Cyber- Espionage and Theft of American March 31, July 25, March 20, November 3, March 16, February 11, March 28, March 27, March 7, February 28, July 26, June 2, May 31, June 1, September 14, June 29, April 15,