Cybersecurity: Legislation, Hearings, and
Executive Branch Documents
Rita Tehan
Information Research Specialist
October 21, 2015
Congressional Research Service
7-5700
www.crs.gov
R43317
link to page 9 link to page 11 link to page 12 link to page 13 link to page 14 link to page 15 link to page 14 link to page 15 link to page 16 link to page 17 link to page 20 link to page 23 link to page 28 link to page 30 link to page 33 link to page 33 link to page 35 link to page 35 link to page 36 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Summary
Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide.
Attacks have been initiated against individuals, corporations, and countries. Targets have included
government networks, companies, and political organizations, depending upon whether the
attacker was seeking military intelligence, conducting diplomatic or industrial espionage,
engaging in cybercrime, or intimidating political activists. In addition, national borders mean
little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult,
which may make responding problematic.
Despite many recommendations made over the past decade, most major legislative provisions
relating to cybersecurity had been enacted prior to 2002. However, on December 18, 2014, in the
last days of the 113th Congress, five cybersecurity bills were signed by the President. These bills
change federal cybersecurity programs in a number of ways:
codifying the role of the National Institute of Standards and Technology (NIST)
in developing a “voluntary, industry-led set of standards” to reduce cyber risk;
codifying the Department of Homeland Security’s (DHS’s) National
Cybersecurity and Communications Integration Center as a hub for interactions
with the private sector;
updating the Federal Information Security Management Act (FISMA) by
requiring the Office of Management and Budget (OMB) to “eliminate ...
inefficient and wasteful reports”; and
requiring DHS to develop a “comprehensive workforce strategy” within a year
and giving DHS new authorities for cybersecurity hiring.
In April 2011, the Obama Administration sent Congress legislative proposals that would have
given the federal government new authority to ensure that corporations owning assets most
critical to the nation’s security and economic prosperity adequately addressed risks posed by
cybersecurity threats. This report provides links to cybersecurity legislation in the 112th, 113th,
and 114th Congresses.
114th Congress Legislation, House, Table 1
114th Congress Legislation, Senate, Table 2
113th Congress, Major Legislation, Table 3 and Table 4
112th Congress, Major Legislation, Table 5 and Table 7
112th Congress, Senate Floor Debate: S. 3414, Table 6
112th Congress, House Floor Debate: H.R. 3523, Table 8
Congress has held cybersecurity hearings every year since 2001. This report also provides links to
cybersecurity-related committee hearings in the 112th, 113th, and 114th Congresses.
114th Congress, Senate Hearings, Table 9 and Table 10
114th Congress, House Hearings, Table 11 and Table 12
113th Congress, House Hearings, Table 14 and Table 15
113th Congress, House Committee Markups, Table 16
113th Congress, Senate Hearings, Table 17 and Table 19
113th Congress, Other Hearings, Table 18 and Table 20
Congressional Research Service
link to page 38 link to page 40 link to page 43 link to page 43 link to page 44 link to page 46 link to page 48 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
112th Congress, House Hearings, Table 21 and Table 22
112th Congress, House Markups, Table 23
112th Congress, Senate Hearings, Table 24 and Table 25
112th Congress, Congressional Committee Investigative Reports, Table 26
For a comparison of House and Senate information-sharing legislation in the 114th Congress, see
CRS Report R44069, Cybersecurity and Information Sharing: Comparison of House and Senate
Bills in the 114th Congress, by Eric A. Fischer and Stephanie M. Logan.
For a side-by-side comparison of cybersecurity and information legislation in the 114th Congress,
see CRS Report R43996, Cybersecurity and Information Sharing: Comparison of H.R. 1560 and
H.R. 1731 as Passed by the House, by Eric A. Fischer and Stephanie M. Logan.
For an economic analysis of information-sharing legislation, see CRS Report R43821,
Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis, by N. Eric
Weiss.
For a discussion of selected legislative proposals in the 112th and 113th Congresses, see CRS
Report R42114, Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current
Laws, and Proposed Legislation, by Eric A. Fischer
Executive orders authorize the President to manage federal government operations. Presidential
directives pertain to all aspects of U.S. national security policy as authorized by the President.
This report provides a list of executive orders and presidential directives pertaining to information
and computer security.
Executive Orders and Presidential Directives, Table 27
For a selected list of authoritative reports and resources on cybersecurity, see CRS Report
R42507, Cybersecurity: Authoritative Reports and Resources, by Topic, by Rita Tehan. For
selected cybersecurity data, statistics, and glossaries, see CRS Report R43310, Cybersecurity:
Data, Statistics, and Glossaries, by Rita Tehan.
Congressional Research Service
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Contents
Legislation ....................................................................................................................................... 1
CRS Reports and Other CRS Products: Legislation ................................................................. 3
Hearings in the 114th Congress ...................................................................................................... 10
Hearings in the 113th Congress ...................................................................................................... 22
Hearings in the 112th Congress ...................................................................................................... 32
Executive Orders and Presidential Directives ............................................................................... 42
CRS Reports on Executive Orders and Presidential Directives .............................................. 42
Tables
Table 1. 114th Congress Legislation: House .................................................................................... 4
Table 2. 114th Congress Legislation: Senate .................................................................................... 6
Table 3. 113th Congress, Major Legislation: Senate ........................................................................ 7
Table 4. 113th Congress, Major Legislation: House......................................................................... 8
Table 5. 112th Congress, Major Legislation: Senate ........................................................................ 9
Table 6. 112th Congress, Senate Floor Debate: S. 3414 ................................................................... 9
Table 7. 112th Congress, Major Legislation: House....................................................................... 10
Table 8. 112th Congress, House Floor Debate: H.R. 3523 ............................................................. 10
Table 9. 114th Congress, Senate Hearings, by Date ........................................................................ 11
Table 10. 114th Congress, Senate Hearings, by Committee ........................................................... 12
Table 11. 114th Congress, House Hearings, by Date ...................................................................... 15
Table 12. 114th Congress, House Hearings, by Committee ........................................................... 18
Table 13. 114th Congress, Other Hearings ..................................................................................... 21
Table 14. 113th Congress, House Hearings, by Date ..................................................................... 23
Table 15. 113th Congress, House Hearings, by Committee ........................................................... 25
Table 16. 113th Congress, House Committee Markups, by Date ................................................... 28
Table 17. 113th Congress, Senate Hearings, by Date ..................................................................... 28
Table 18. 113th Congress, Other Hearings, by Date ....................................................................... 30
Table 19. 113th Congress, Senate Hearings, by Committee ........................................................... 30
Table 20. 113th Congress, Other Hearings, by Committee ............................................................ 31
Table 21. 112th Congress, House Hearings, by Date ..................................................................... 33
Table 22. 112th Congress, House Hearings, by Committee ........................................................... 35
Table 23. 112th Congress, House Markups, by Date ...................................................................... 38
Table 24. 112th Congress, Senate Hearings, by Date ..................................................................... 38
Table 25. 112th Congress, Senate Hearings, by Committee ........................................................... 39
Table 26. 112th Congress, Congressional Committee Investigative Reports ................................. 41
Table 27. Executive Orders and Presidential Directives ............................................................... 43
Congressional Research Service
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Contacts
Author Contact Information .......................................................................................................... 46
Key CRS Policy Staff .................................................................................................................... 46
Congressional Research Service
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Legislation
Most major legislative provisions relating to cybersecurity had been enacted prior to 2002,
despite many recommendations made over the past decade.
In the 112th Congress, the White House sent a comprehensive, seven-part legislative proposal
(White House Proposal) to Congress on May 12, 2011.1 Some elements of that proposal were
included in both House and Senate bills. The House passed a series of bills that addressed a
variety of issues—from toughening law enforcement of cybercrimes to giving the Department of
Homeland Security (DHS) oversight of federal information technology and critical infrastructure
security to lessening liability for private companies that adopt cybersecurity best practices. The
Senate pursued a comprehensive cybersecurity bill (S. 3414) with several committees working to
create a single vehicle for passage, backed by the White House, but the bill failed to overcome
two cloture votes and did not pass. Despite the lack of enactment of cybersecurity legislation in
the 112th Congress, there still appears to be considerable support in principle for significant
legislation to address most of the issues.
In the 113th Congress, five cybersecurity bills were signed by the President on December 18,
2014:
H.R. 2952, the Cybersecurity Workforce Assessment Act, which requires the
DHS to develop a cyber-workforce strategy;
S. 1353, the Cybersecurity Enhancement Act of 2014, which codifies the
National Institute of Standards and Technology’s (NIST’s) role in cybersecurity;
S. 1691, the Border Patrol Agent Pay Reform Act of 2014, which gives DHS new
authorities for cybersecurity hiring;
S. 2519, the National Cybersecurity Protection Act of 2014, which codifies
DHS’s cybersecurity center; and
S. 2521, the Federal Information Security Modernization Act of 2014, which
reforms federal IT security management.
The National Defense Authorization Act for Fiscal Year 2014 became P.L. 113-66 on December
26, 2013.
In February 2013, the White House issued an executive order designed to improve the
cybersecurity of U.S. critical infrastructure.2 Executive Order 13636 attempts to enhance the
security and resiliency of critical infrastructure through voluntary, collaborative efforts involving
federal agencies and owners and operators of privately owned critical infrastructure, as well as
the use of existing federal regulatory authorities. Given the absence of comprehensive
cybersecurity legislation, some security observers contend that E.O. 13636 is a necessary step in
securing vital assets against cyberthreats. Others have expressed the view that the executive order
could make enactment of a bill less likely or could lead to government intrusiveness into private-
sector activities through increased regulation under existing statutory authority. For further
discussion of the executive order, see CRS Report R42984, The 2013 Cybersecurity Executive
Order: Overview and Considerations for Congress, by Eric A. Fischer et al.
1 The White House, Complete Cybersecurity Proposal, 2011, http://www.whitehouse.gov/sites/default/files/omb/
legislative/letters/law-enforcement-provisions-related-to-computer-security-full-bill.pdf.
2 Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” Federal Register 78, no. 33 (February 19,
2013): 11737–11744.
Congressional Research Service
1
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
In February 2015, the White House issued Executive Order 136913, which, along with a
legislative proposal, is aimed at enhancing information sharing in cybersecurity among private
sector entities. It promotes the use of information sharing and analysis organizations (ISAOs),
which were defined in the Homeland Security Act (6 U.S.C. §131(5)) as entities that gather,
analyze, and share information on the security of critical infrastructure (CI)4 to assist in defense
against and recovery from incidents. The White House initiatives would broaden the reach of
ISAOs beyond CI to any affinity group. In that sense, they differ from the more familiar
information sharing and analysis centers (ISACs), created in response to Presidential Decision
Directive (PDD) 63 in 1998 specifically to address information-sharing needs in CI sectors.
Also in February 2015, the Obama Administration established, via presidential memorandum5,
the Cyber Threat Intelligence Integration Center (CTIIC) to be established by the Director of
National Intelligence (DNI). Its purposes are to provide integrated analysis on foreign
cybersecurity threats and incidents affecting national interests and to support relevant government
entities, including the National Cybersecurity and Communications Integration Center (NCCIC)
at the Department of Homeland Security (DHS), as well as others at the Department of Defense
(DOD) and Department of Justice (DOJ).
More than 20 bills have been introduced in the 114th Congress that would address several issues,
including data-breach notification, incidents involving other nation-states, information sharing,
law enforcement and cybercrime, protection of critical infrastructure (CI), workforce
development, and education. The Obama Administration has released proposals for three bills—
on information sharing, data-breach notification, and revision of cybercrime laws. Several bills
have received or are expected to receive committee or floor action.
On April 22, 2015, the House passed H.R. 1560, which will provide liability protection to
companies that share cyber threat information with the government and other companies so long
as personal information is removed before the sharing of such information. On April 23, 2015, the
House passed H.R. 1731, which will encourage the sharing of information with the Department of
Homeland Security by protecting entities from civil liabilities.
In the Senate, S. 754, the Cybersecurity Information Sharing Act of 2015 (CISA), which was
reported in March, was proposed to be considered as an amendment to H.R. 1735, the National
Defense Authorization Act (NDAA). More than 70 amendments to CISA have been submitted
and a managers’ amendment has been circulated. A cloture motion was filed on August 5, 2015.
For a comparison of House and Senate information-sharing legislation in the 114th Congress, see
CRS Report R44069, Cybersecurity and Information Sharing: Comparison of House and Senate
Bills in the 114th Congress, by Eric A. Fischer and Stephanie M. Logan.
For a side-by-side comparison of cybersecurity and information legislation in the 114th Congress,
see CRS Report R43996, Cybersecurity and Information Sharing: Comparison of H.R. 1560 and
H.R. 1731 as Passed by the House, by Eric A. Fischer and Stephanie M. Logan.
3 E.O. 13691, Encouraging Private-Sector Cybersecurity Collaboration, White House, February 12, 2015, at:
http://www.whitehouse.gov/the-press-office/2015/02/12/fact-sheet-executive-order-promoting-private-sector-
cybersecurity-inform
4 PDD-63, Critical Infrastructure Protection, White House, May 22, 1998, at: http://www.fas.org/irp/offdocs/pdd/pdd-
63.htm
5 Presidential Memorandum—Establishment of the Cyber Threat Intelligence Integration Center. White House,
February 25, 2015, at: http://www.whitehouse.gov/the-press-office/2015/02/25/presidential-memorandum-
establishment-cyber-threat-intelligence-integrat
Congressional Research Service
2
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
CRS Reports and Other CRS Products: Legislation
CRS Report R43831, Cybersecurity Issues and Challenges: In Brief, by Eric A.
Fischer
CRS Report R44069, Cybersecurity and Information Sharing: Comparison of
House and Senate Bills in the 114th Congress, by Eric A. Fischer and Stephanie
M. Logan
CRS Report R43996, Cybersecurity and Information Sharing: Comparison of
H.R. 1560 and H.R. 1731 as Passed by the House, by Eric A. Fischer and
Stephanie M. Logan
CRS Report R42114, Federal Laws Relating to Cybersecurity: Overview of
Major Issues, Current Laws, and Proposed Legislation, by Eric A. Fischer
CRS Report R43821, Legislation to Facilitate Cybersecurity Information
Sharing: Economic Analysis, by N. Eric Weiss
CRS Insight IN10186, Cybersecurity: FISMA Reform, by Eric A. Fischer
CRS Report R42474, Selected Federal Data Security Breach Legislation, by
Kathleen Ann Ruane
CRS Report R42475, Data Security Breach Notification Laws, by Gina Stevens
CRS Legal Sidebar WSLG480, Privacy and Civil Liberties Issues Raised by
CISPA, by Andrew Nolan
CRS Legal Sidebar WSLG478, House Intelligence Committee Marks Up
Cybersecurity Bill CISPA, by Richard M. Thompson II
CRS Legal Sidebar CRS Legal Sidebar WSLG481, CISPA, Private Actors, and
the Fourth Amendment, by Richard M. Thompson II
CRS Legal Sidebar WSLG483, Obstacles to Private Sector Cyber Threat
Information Sharing, by Edward C. Liu and Edward C. Liu
Congressional Research Service
3
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Table 1. 114th Congress Legislation: House
Date
Latest Major
Bill No.
Title
Committee(s)
Introduced
Action
Date
H.R. 53
Cyber Security
Education and
January 6, 2015
Referred to
April 29, 2015
Education and
the Workforce;
Subcommittee of
Federal
Homeland
Higher
Workforce
Security;
Education and
Enhancement Act Science, Space,
Workforce
and Technology
Training
H.R. 60
Cyber Defense
Committee on
January 6, 2015
Referred to
January 6, 2015
National Guard
Intelligence
committee
Act
(Permanent
Select)
H.R. 104
Cyber Privacy
Judiciary
January 6, 2015
Referred to
January 22, 2015
Fortification Act
Subcommittee
of 2015
on Crime,
Terrorism,
Homeland
Security, and
Investigations
H.R. 234
Cyber
Armed Services, January 8, 2015
Referred to the
February 2, 2015
Intelligence
Homeland
Subcommittee
Sharing and
Security,
on the
Protection Act
Intelligence
Constitution and
(Permanent),
Civil Justice
Judiciary
H.R. 451
Safe and Secure
Oversight and
January 21, 2015
Ordered to be
May 19, 2015
Federal Websites Government
Reported
Act of 2015
Reform
(Amended) by
Voice Vote
H.R. 580
Data
Energy and
January 28, 2015
Referred to
January 30, 2015
Accountability
Commerce
subcommittee
and Trust Act
H.R. 1073
Critical
Homeland
February 25,
Placed on the
August 4, 2015
Infrastructure
Security
2015
Union Calendar
Protection Act
(CIPA)
H.R. 1560
Protecting Cyber Intelligence
March 24, 2015
Passed by House April 22, 2015
Networks Act
April 22, Rol
Cal Vote 170,
Received in
Senate
H.R. 1584
Cybercrime Anti-
Judiciary
March 24, 2015
Referred to
April 21, 2015
Resale Deterrent
Subcommittee
Extraterritoriality
on Crime,
Revision
Terrorism,
(CARDER) Act
Homeland
Security, and
Investigations
Congressional Research Service
4
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Date
Latest Major
Bill No.
Title
Committee(s)
Introduced
Action
Date
H.R. 1704
Personal Data
Judiciary, Energy March 26, 2015
Referred to
April 29, 2015
Notification and
and Commerce
Subcommittee
Protection Act
on the
Constitution and
Civil Justice
H.R. 1731
National
Homeland
April 14, 2015
Passed House,
April 23, 2015
Cybersecurity
Security
Rol Call Vote
Protection
173
Advancement
Act
H.R. 1753
Executive
Oversight and
April 13, 2015
Referred to
April 13, 2015
Cyberspace
Government
committee
Coordination
Reform
Act
H.R. 1770
Data Security
Energy &
April 14, 2015
Referred to the
April 17, 2015
and Breach
Commerce
Subcommittee
Notification Act
on Commerce,
of 2015
Manufacturing,
and Trade
H.R. 3305
EINSTEIN Act of
Oversight and
July 29, 2015
Referred to the
August 11, 2015
2015
Government
Subcommittee
Reform;
on
Homeland
Cybersecurity,
Security
Infrastructure
Protection, and
Security
Technologies
H.R. 3490
Strengthening
Homeland
September 11,
Ordered to be
September 30,
State and Local
Security and
2015
Reported
2015
Cyber Crime
Judiciary
(Amended) by
Fighting Act
Voice Vote
H.R. 3510
Department of
Homeland
September 17,
Ordered to be
September 30,
Homeland
Security
2015
Reported
2015
Security
(Amended) by
Cybersecurity
Voice Vote.
Act of 2015
Source: Compiled by the Congressional Research Service (CRS) from Congress.gov.
Congressional Research Service
5
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Table 2. 114th Congress Legislation: Senate
Date
Latest Major
Date
Bill No.
Title
Committee(s)
Introduced
Action
S. 135
Secure Data Act
Commerce,
January 8, 2015
Referred to
January 8, 2015
of 2015
Science, and
committee
Transportation
S. 177
Data Security
Commerce,
January 13, 2015
Referred to
January 13, 2015
and Breach
Science, and
committee
Notification Act
Transportation
of 2015
S. 456
Cyber Threat
Homeland
February 11,
Referred to
February 11,
Sharing Act of
Security and
2015
committee
2015
2015
Governmental
Affairs
S. 754
Cybersecurity
Intelligence
March 17, 2015
Senate floor
October 21,
Information
consideration
2015
Sharing Act of
2015
S. 1027
Cybersecurity
Commerce,
April 21, 2015
Referred to
April 21, 2015
Information
Science and
committee
Sharing Credit
Transportation
Act
S. 1241
Enhanced Grid
Energy and
May 7, 2015
Hearings held
June 9, 2015
Security Act of
Natural
2015
Resources
Source: Compiled by CRS from Congress.gov.
Congressional Research Service
6
link to page 12 link to page 13 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Table 3 and Table 4 provide lists of Senate and House legislation under consideration in the 113th
Congress.
Table 3. 113th Congress, Major Legislation: Senate
Date
Latest Major
Date
Bill No.
Title
Committee(s)
Introduced
Action
S. 2588
Cybersecurity Information
Intelligence
July 10,
Reported to
July 10,
Sharing Act of 2014
2014
Senate without
2014
written report
S. 2521
Federal Information Security Homeland Security
June 24,
P.L. 113-283
December
Modernization Act of 2014
and Government
2014
18, 2014
Affairs
S. 2519
National Cybersecurity and
Homeland Security
June 24,
P.L. 113-282
December
Communications Integration and Governmental
2014
18, 2014
Center Act of 2014
Affairs
S. 2410
Carl Levin National Defense Armed Services
June 2, 2014
With written
June 2, 2014
Authorization Act for Fiscal
S.Rept. 113-176
Year 2015
S. 2354
DHS Cybersecurity
Homeland Security
May 20,
With written
July 14,
Workforce Recruitment and and Government
2014
S.Rept. 113-207 2014
Retention Act of 2014
Affairs
S. 1927
Data Security Act of 2014
Banking, Housing, and January 15,
Subcommittee
February 3,
Urban Affairs
2014
on National
2014
Security and
International
Trade and
Finance
hearings held
S. 1691
Border Patrol Agent Pay
Senate Homeland
November
P.L. 113-277
December
Reform Act of 2014
Security and
13, 2013
18, 2014
Governmental Affairs;
House Oversight and
Government Reform;
House Homeland
Security
S. 1353
Cybersecurity Act of 2013
Commerce, Science,
July 24,
P.L. 113-274
December
and Transportation
2013
18, 2014
S. 1197
National Defense
Armed Services
June 20,
P.L. 113-66
December
Authorization for Fiscal
2013
26, 2013
Year 2014
Source: Legislative Information System (LIS).
Congressional Research Service
7
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Table 4. 113th Congress, Major Legislation: House
Date
Latest Major
Bill No.
Title
Committee(s)
Introduced
Action
Date
H.R.
National Defense
Armed Services
April 9, 2014
Passed/agreed to
May 22,
4435
Authorization Act for
in House, Rol
2014
Fiscal Year 2015
no. 240
H.R.
National Cybersecurity
Homeland Security
December
Passed/agreed to
July 28, 2014
3696
and Critical Infrastructure and House Science,
11, 2013
in House, by
Protection Act
Space, and Technology
voice vote
H.R.
Safe and Secure Federal
House Oversight and
December 3,
Passed House by
July 28, 2014
3635
Websites Act of 2014
Government Reform;
2013
voice vote
Senate Homeland
Security and
Governmental Affairs
H.R.
National Defense
House Armed
October 22,
P.L. 113-66
December
3304
Authorization Act for
Services; Senate
2013
26, 2013
Fiscal Year 2014
Armed Services
H.R.
Homeland Security
Homeland Security
September
Passed/agreed to
July 28, 2014
3107
Cybersecurity Boots-on-
17, 2013
in House, Rol
the-Ground Act
No. 457
H.R.
Critical Infrastructure
Homeland Security
August 1,
P.L. 113-246
December
2952
Research and
2013
18, 2014
Development
Advancement Act of 2013
H.R.
Federal Information
Oversight and
March 14,
Passed House.
April 17,
1163
Security Amendments
Government Reform
2013
Referred to
2013
Act of 2013
Senate
Committee on
Homeland
Security and
Governmental
Affairs
H.R.
Advancing America’s
Science, Space, and
March 14,
Passed House,
April 17,
967
Networking and
Technology
2013
Rol No. 108.
2013
Information Technology
Referred to the
Research and
Senate
Development Act of 2013
Commerce,
Science, and
Transportation
Committee
H.R.
Cybersecurity R&D
Science, Space, and
February 15,
Passed House,
April 16,
756
[Research and
Technology
2013
Rol no. 107.
2013
Development]
Congressional
Record text
H.R.
Cyber Intelligence Sharing Permanent Select
February 13,
Passed House.
April 18,
624
and Protection Act
Committee on
2013
Rol no. 117.
2013
(CISPA)
Intelligence
Referred to
Senate Select
Committee on
Intelligence
Source: LIS.
Congressional Research Service
8
link to page 14 link to page 15 link to page 14 link to page 15 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Table 5 and Table 7 list major Senate and House legislation considered by the 112th Congress.
The tables include bills with committee action, floor action, or significant legislative interest.
Table 6 provides Congressional Record links to Senate floor debate of S. 3414, the Cybersecurity
Act of 2012. Table 8 provides Congressional Record links to House floor debate of H.R. 3523,
the Cyber Intelligence Sharing and Protection Act.
Table 5. 112th Congress, Major Legislation: Senate
Bill No.
Title
Committee(s)
Date Introduced
S. 3414
Cybersecurity Act of 2012
N/A (Placed on Senate Legislative
July 19, 2012
Calendar under Read the First
Time)
S. 3342
SECURE IT
N/A (Placed on Senate Legislative
June 27, 2012
Calendar under General Orders.
Calendar No. 438)
S. 3333
Data Security and Breach Notification
Commerce, Science, and
June 21, 2012
Act of 2012
Transportation
S. 2151
SECURE IT
Commerce, Science, and
March 1, 2012
Transportation
S. 2105
Cybersecurity Act of 2012
Homeland Security and
February 14, 2012
Governmental Affairs
S. 2102
Cybersecurity Information Sharing Act
Homeland Security and
February 13, 2012
of 2012
Governmental Affairs
S. 1535
Personal Data Protection and Breach
Judiciary
September 8, 2011
Accountability Act of 2011
S. 1342
Grid Cyber Security Act
Energy and Natural Resources
July 11, 2011
S. 1151
Personal Data Privacy and Security Act
Judiciary
June 7, 2011
of 2011
S. 413
Cybersecurity and Internet Freedom Act Homeland Security and
February 17, 2011
of 2011
Governmental Affairs
Source: LIS.
Table 6. 112th Congress, Senate Floor Debate: S. 3414
Title
Date
Congressional Record Pages
Cybersecurity Act of 2012: Motion to Proceed
July 26, 2012
S5419-S5449
Cybersecurity Act of 2012: Motion to Proceed—
July 26, 2012
S5450-S5467
Continued and Cloture Vote
Cybersecurity Act of 2012
July 31, 2012
S5694-S5705
Cybersecurity Act of 2012: Continued
July 31, 2012
S5705-S5724
Cybersecurity Act of 2012: Debate and Cloture Vote
August 2, 2012
S5907-S5919
Cybersecurity Act of 2012: Motion to Proceed
November 14, 2012
S6774-S6784
Source: Congressional Record, Government Publishing Office (GPO).
Congressional Research Service
9
link to page 16 link to page 17 link to page 20 link to page 23 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Table 7. 112th Congress, Major Legislation: House
Bill No.
Title
Committee(s)
Date Introduced
H.R. 4257
Federal Information Security
Oversight and Government Reform
March 26, 2012
Amendments Act of 2012
H.R. 3834
Advancing America’s Networking and
Science, Space, and Technology
January 27, 2012
Information Technology Research and
Development Act of 2012
H.R. 4263
SECURE IT Act of 2012 Strengthening
Oversight and Government
March 27, 2012
and Enhancing Cybersecurity by Using
Reform; Judiciary; Armed Services;
Research, Education, Information, and
Intelligence (Permanent Select)
Technology
H.R. 3674
PRECISE Act of 2012
Homeland Security; Oversight and
December 15, 2011
Government Reform; Science,
Space, and Technology; Judiciary;
Intelligence (Permanent Select)
H.R. 3523
Cyber Intelligence Sharing and
Committee on Intelligence
November 30, 2011
Protection Act
(Permanent Select)
H.R. 2096
Cybersecurity Enhancement Act of 2012
Science, Space, and Technology
June 2, 2011
H.R. 174
Homeland Security Cyber and Physical
Technology; Education and the
January 5, 2011
Infrastructure Protection Act of 2011
Workforce; Homeland Security
H.R. 76
Cybersecurity Education Enhancement
Homeland Security; House
January 5, 2011
Act of 2011
Oversight and Government Reform
Source: LIS.
Table 8. 112th Congress, House Floor Debate: H.R. 3523
Title
Date
Congressional Record Pages
Cyber Intelligence Sharing and Protection Act: Providing for April 26, 2012
H2147-2156
Consideration of Motion to Suspend the Rules
Cyber Intelligence Sharing and Protection Act:
April 26, 2012
H2156-2186
Consideration of the Bil
Source: Congressional Record (GPO).
Hearings in the 114th Congress
The following tables list cybersecurity hearings in the 114th Congress. Table 9 and Table 10
contain identical content but are organized differently. Table 11 lists House hearings arranged by
date (most recent first), and Table 12 lists House hearings arranged by committee. When viewed
in HTML, the document titles are active links to the committee’s website for that particular
hearing.
Congressional Research Service
10
Table 9. 114th Congress, Senate Hearings, by Date
Title
Date
Committee
Subcommittee
Threats to the Homeland
October 8, 2015
Homeland Security and Governmental
Affairs
The Changing Landscape of U.S.-China
September 29, 2015
Foreign Relations
East Asia, The Pacific, and International
Relations: What's Next?
Cybersecurity Policy
United States Cybersecurity Policy and
September 29, 2015
Armed Services
Threats
Intelligence Issues
September 24, 2015
Intelligence
Protecting the Electric Grid from the
July 22, 2015
Homeland Security and Governmental
Potential Threats of Solar Storms and
Affairs
Electromagnetic Pulse
Counterterrorism, Counterintelligence,
July 8, 2015
Intelligence
and the Challenges of “Going Dark”
Cyber Crime: Modernizing our Legal
July 8, 2015
Judiciary
Framework for the Information Age
Under Attack: Federal Cybersecurity and June 25, 2015
Homeland Security and Governmental
the OPM Data Breach
Affairs
OPM Information Technology Spending
June 23, 2015
Appropriations
Financial Services and General
& Data Security
Government
Hearing on Energy Accountability and
June 9, 2015
Energy and Natural Resources
Reform Legislation (including S. 1241,
Enhanced Grid Security Act of 2015)
The IRS Data Breach: Steps to Protect
June 2, 2015
Homeland Security and Governmental
Americans’ Personal Information
Affairs
Cybersecurity: Setting the Rules for
May 14, 2015
Foreign Relations
East Asia, The Pacific, And International
Responsible Global Cyber Behavior
Cybersecurity Policy
Military Cyber Programs and Posture
April 15, 2015
Armed Services
Emerging Threats and Capabilities
From Protection to Partnership: Funding
April 15, 2015
Appropriations
Homeland Security
the DHS role in Cybersecurity
CRS-11
Title
Date
Committee
Subcommittee
Examining the Evolving Cyber Insurance
March 19, 2015
Commerce, Science and Transportation
Consumer Protection, Product Safety,
Marketplace
Insurance and Data Security
U.S. Strategic Command, U.S.
March 19, 2015
Armed Services
Transportation Command, and U.S.
Cyber Command in review of the
Defense Authorization Request for Fiscal
Year 2016 and the Future Years Defense
Program
[CLOSED] Markup of the
March 12, 2015
Intelligence
“Cybersecurity Information Sharing Act
of 2015”
The Connected World: Examining the
February 11, 2015
Commerce, Science & Transportation
Internet of Things
Getting it Right on Data Breach and
February 5, 2015
Commerce, Science & Transportation
Consumer Protection, Product Safety,
Notification Legislation in the 114th
Insurance, and Data Security
Congress
Building a More Secure Cyber Future:
February 4, 2015
Commerce, Science & Transportation
Examining Private Sector Experience
with the NIST Framework
Protecting America from Cyber Attacks:
January 28, 2015
Homeland Security and Governmental
The Importance of Information Sharing
Affairs
Source: Compiled by CRS from Congress.gov.
Table 10. 114th Congress, Senate Hearings, by Committee
Committee
Subcommittee
Title
Date
Appropriations
Financial Services and General
OPM Information Technology Spending
June 23, 2015
Government
& Data Security
Appropriations
Homeland Security
From Protection to Partnership: Funding
April 15, 2015
the DHS role in Cybersecurity
CRS-12
Committee
Subcommittee
Title
Date
Armed Services
United States Cybersecurity Policy and
September 30, 2015
Threats
Armed Services
Emerging Threats and Capabilities
Military Cyber Programs and Posture
April 15, 2015
Armed Services
U.S. Strategic Command, U.S.
March 19, 2015
Transportation Command, and U.S.
Cyber Command in review of the
Defense Authorization Request for Fiscal
Year 2016 and the Future Years Defense
Program
Commerce, Science and Transportation
Consumer Protection, Product Safety,
Examining the Evolving Cyber Insurance
March 19, 2015
Insurance and Data Security
Marketplace
Commerce, Science & Transportation
The Connected World: Examining the
February 11, 2015
Internet of Things
Commerce, Science & Transportation
Getting it Right on Data Breach and
February 5, 2015
Notification Legislation in the 114th
Congress
Commerce, Science & Transportation
Building a More Secure Cyber Future:
February 4, 2015
Examining Private Sector Experience
with the NIST Framework
Energy and Natural Resources
Hearing on Energy Accountability and
June 9, 2015
Reform Legislation (including S. 1241,
Enhanced Grid Security Act of 2015)
Financial Services
A Global Perspective on Cyber Threats
June 16, 2015
Foreign Relations
East Asia, The Pacific, And International
The Changing Landscape of U.S.-China
September 29, 2015
Cybersecurity Policy
Relations: What's Next?
Foreign Relations
East Asia, The Pacific, And International
Cybersecurity: Setting the Rules for
May 14, 2015
Cybersecurity Policy
Responsible Global Cyber Behavior
Homeland Security and Governmental
Threats to the Homeland
October 8, 2015
Affairs
CRS-13
Committee
Subcommittee
Title
Date
Homeland Security and Governmental
Protecting the Electric Grid from the
July 22, 2015
Affairs
Potential Threats of Solar Storms and
Electromagnetic Pulse
Homeland Security and Governmental
Under Attack: Federal Cybersecurity and June 25, 2015
Affairs
the OPM Data Breach
Homeland Security and Governmental
The IRS Data Breach: Steps to Protect
June 2, 2015
Affairs
Americans’ Personal Information
Homeland Security and Governmental
Protecting America from Cyber Attacks:
January 28, 2015
Affairs
The Importance of Information Sharing
Intelligence
Intelligence Issues
September 24, 2015
Intelligence
Counterterrorism, Counterintelligence,
July 8, 2015
and the Challenges of “Going Dark”
Intelligence
[CLOSED] Markup of the
March 12, 2015
“Cybersecurity Information Sharing Act
of 2015”
Judiciary
Cyber Crime: Modernizing our Legal
July 8, 2015
Framework for the Information Age
Source: Compiled by CRS from Congress.gov.
CRS-14
Table 11. 114th Congress, House Hearings, by Date
Title
Date
Committee
Subcommittee
Cybersecurity for Power Systems
October 21, 2015
Science, Space and Technology
Energy Subcommittee and Research and
Technology Subcommittee
Protecting Maritime Facilities in the 21st
October 8, 2015
Homeland Security
Century: Are Our Nation’s Ports at Risk
for a Cyber-Attack?
The EMV Deadline and What it Means
October 7, 2015
Small Business
for Small Business
Examining the Mission, Structure, and
October 7, 2915
Homeland Security
Cybersecurity, Infrastructure Protection,
Reorganization Effort of the National
and Security
Protection and Programs Directorate
Implementing the Department of
September 30, 2015
Armed Services
Defense Cyber Strategy
The State of the Cloud
September 22, 2015
Oversight and Government Reform
Information Technology (field hearing
University of Texas-San Antonio)
Markup: H.R. 3490, H.R. 3493, H.R.
September 17, 2015
Homeland Security
Cybersecurity, Infrastructure Protection
3510, & Committee
and Security Technologies
Examining Vulnerabilities of America's
September 10, 2015
Science, Space & Technology
Oversight/Energy
Power Supply
World Wide Cyber Threats
September 10, 2015
Intelligence
Internet of Things
July 29, 2015
Judiciary
Promoting and Incentivizing
July 28, 2015
Homeland Security
Cybersecurity, Infrastructure Protection,
Cybersecurity Best Practices
and Security Technologies
Cybersecurity: The Department of the
July 15, 2015
Oversight and Government Reform
Information Technology AND
Interior
Subcommittee on Interior (Joint hearing)
Is the OPM [Office of Personnel
July 8, 2015
Science, Space and Technology
Research and Technology
Management] Data Breach the Tip of the
Iceberg?
DHS’ Efforts to Secure .Gov
June 24, 2015
Homeland Security
Cybersecurity, Infrastructure Protection
and Security Technology
CRS-15
OPM Data Breach: Part II
June 24, 2015
Oversight and Government Reform
Evaluating the Security of the U.S.
June 24, 2015
Financial Services
Financial Sector (Task Force to
Investigate Terrorism Financing)
OPM Data Security Review
June 23, 2015
Appropriations
Financial Services and General
Government
OPM: Data Breach
June 16, 2015
Oversight and Government Reform
A Global Perspective on Cyber Threats
June 16, 2015
Financial Services
Protecting Critical Infrastructure: How
May 19, 2015
Financial Services
Financial Institutions and Consumer
the Financial Sector Addresses Cyber
Credit
Threats
Protecting Consumers: Financial Data
May 14, 2015
Financial Services
Security in the Age of Computer
Hackers
Enhancing Cybersecurity of Third-Party
April 22, 2015
Oversight and Government Reform
Contractors and Vendors
Small Business, Big Threat: Protecting
April 22, 2015
Small Business
Small Businesses from Cyber Attacks
Ful committee meets to formulate a rule April 21, 2015
Rules
on H.R.1560, the “Protecting Cyber
Networks Act”; and H.R.1731, the
“National Cybersecurity Protection
Advancement Act of 2015
[CLOSED] Special Activities
April 15, 2015
Intelligence
National Security Agency and
Cybersecurity
Markup: H.R. 1731, the National
April 14, 2015
Homeland Security
Cybersecurity Protection Advancement
Act of 2015
Markup of H.R. 1770, The Data Security
April 14, 2015
Energy and Commerce
and Breach Notification Act of 2015
[CLOSED] Markup of “Protecting Cyber
March 26, 2015
Intelligence
Networks Act”
CRS-16
The Internet of Things: Exploring the
March 24, 2015
Energy and Commerce
Commerce, Manufacturing and Trade
Next Technology Frontier
[MARKUP] H.R. 1704, Data Security and
March 24, 2015
Energy and Commerce
Breach Notification Act of 2015
The Growing Cyber Threat and its
March 19, 2015
Intelligence
Impact on American Business
Discussion Draft of H.R. 1704, Data
March 18, 2015
Energy and Commerce
Commerce, Manufacturing, and Trade
Security and Breach Notification Act of
2015
Cybersecurity: The Evolving Nature of
March 18, 2015
Oversight and Government Reform
Information Technology
Cyber Threats Facing the Private Sector
Industry Perspectives on the President’s
March 4, 2015
Homeland Security
Cybersecurity, Infrastructure Protection
Cybersecurity Information Sharing
and Security Technologies
Proposal
Cyber Operations: Improving the
March 4, 2015
Armed Services
Emerging Threats and Capabilities
Military Cyber Security Posture in an
Uncertain Threat Environment.
Understanding the Cyber Threat and
March 3, 2015
Energy and Commerce
Oversight and Investigations
Implications for the 21st Century
Economy
Examining the President’s Cybersecurity
February 25, 22015
Homeland Security
Information Sharing Proposal
Emerging Threats and Technologies to
February 12, 2015
Homeland Security
Cybersecurity, Infrastructure Protection,
Protect the Homeland
and Security Technologies
The Expanding Cyber Threat
January 27, 2015
Science, Space & Technology
Research and Technology
What are the Elements of Sound Data
January 27, 2015
Energy and Commerce
Breach Legislation?
Briefing: The North Korean Threat:
January 13, 2015
Foreign Affairs
Nuclear, Missiles and Cyber
Source: Compiled by CRS from Congress.gov.
CRS-17
Table 12. 114th Congress, House Hearings, by Committee
Committee
Subcommittee
Title
Date
Armed Services
Implementing the Department of
September 30, 2015
Defense Cyber Strategy
Armed Services
Emerging Threats and Capabilities
Cyber Operations: Improving the
March 4, 2015
Military Cyber Security Posture in an
Uncertain Threat Environment
Energy and Commerce
Markup of H.R. 1770, The Data Security
April 14, 2015
and Breach Notification Act of 2015
Energy and Commerce
Commerce, Manufacturing, and Trade
The Internet of Things: Exploring the
March 24, 2015
Next Technology Frontier
Energy and Commerce
[MARKUP] H.R. 1704, Data Security and
March 24, 2015
Breach Notification Act of 2015
Energy and Commerce
Commerce, Manufacturing, and Trade
Discussion Draft of H.R. 1704, Data
March 18, 2015
Security and Breach Notification Act
Energy and Commerce
Oversight and Investigations
Understanding the Cyber Threat and
March 3, 2015
Implications for the 21st Century
Economy
Energy and Commerce
What are the Elements of Sound Data
January 27, 2015
Breach Legislation?
Financial Services
Evaluating the Security of the U.S.
June 24, 2015
Financial Sector (Task Force to
Investigate Terrorism Financing)
Financial Services
Financial Institutions and Consumer
Protecting Critical Infrastructure: How
May 19, 2015
Credit
the Financial Sector Addresses Cyber
Threats
Financial Services
Protecting Consumers: Financial Data
May 14, 2015
Security in the Age of Computer
Hackers
Foreign Affairs
Briefing: The North Korean Threat:
January 13, 2015
Nuclear, Missiles and Cyber
CRS-18
Committee
Subcommittee
Title
Date
Homeland Security
Protecting Maritime Facilities in the 21st
October 8, 2015
Century: Are Our Nation’s Ports at Risk
for a Cyber-Attack?
Homeland Security
Cybersecurity, Infrastructure Protection
Examining the Mission, Structure, and
October 7, 2015
and Security Technologies
Reorganization Effort of the National
Protection and Programs Directorate
Homeland Security
Cybersecurity, Infrastructure Protection
Markup: H.R. 3490, H.R. 3493, H.R.
September 17, 2015
and Security Technologies
3510, & Committee
Homeland Security
Cybersecurity, Infrastructure Protection,
Promoting and Incentivizing
July 28, 2015
and Security Technologies
Cybersecurity Best Practices
Homeland Security
Cybersecurity, Infrastructure Protection
Oversight and Government Reform
June 24, 2015
and Security Technologies
Homeland Security
Markup: H.R. 1731, the National
April 14, 2015
Cybersecurity Protection Advancement
Act of 2015
Homeland Security
Cybersecurity, Infrastructure Protection
Industry Perspectives on the President’s
March 4, 2015
and Security Technologies
Cybersecurity Information Sharing
Proposal
Homeland Security
Examining the President’s Cybersecurity
February 25, 2015
Information Sharing Proposal
Homeland Security
Cybersecurity, Infrastructure Protection,
Emerging Threats and Technologies to
February 12, 2015
and Security Technologies
Protect the Homeland
Intelligence
World Wide Cyber Threats
September 10, 2015
Intelligence
National Security Agency and
[CLOSED] Special Activities
April 15, 2015
Cybersecurity
Intelligence
[CLOSED] Markup of “Protecting Cyber
March 26, 2015
Networks Act”
Intelligence
The Growing Cyber Threat and its
March 19, 2015
Impact on American Business
Judiciary
Internet of Things
July 29, 2015
CRS-19
Committee
Subcommittee
Title
Date
Oversight and Government Reform
Information Technology (field hearing
The State of the Cloud
September 22, 2015
University of Texas-San Antonio)
Oversight and Government Reform
Information Technology AND
Cybersecurity: The Department of the
July 15, 2015
Subcommittee on Interior (Joint hearing
Interior
Oversight and Government Reform
OPM Data Breach: Part II
June 24, 2015
Oversight and Government Reform
OPM: Data Breach
June 16, 2015
Oversight and Government Reform
Enhancing Cybersecurity of Third-Party
April 22, 2015
Contractors and Vendors
Oversight and Government Reform
Information Technology
Cybersecurity: The Evolving Nature of
March 18, 2015
Cyber Threats Facing the Private Sector
Rules
Ful committee meets to formulate a rule April 21, 2015
on H.R.1560, the “Protecting Cyber
Networks Act”; and H.R.1731, the
“National Cybersecurity Protection
Advancement Act of 2015
Examining Vulnerabilities of America’s
Examining Vulnerabilities of America's
September 10, 2015
Power Supply
Power Supply
Science, Space & Technology
Research and Technology Subcommittee
Cybersecurity for Power Systems
October 21, 2015
and Energy Subcommittee
Science, Space & Technology
Research and Technology
The Expanding Cyber Threat
January 27, 2015
Small Business
The EMV Deadline and What it Means
October 7, 2015
for Small Business
Small Business
Small Business, Big Threat: Protecting
April 22, 2015
Small Businesses from Cyber Attacks
Source: Compiled by CRS from Congress.gov.
CRS-20
Table 13. 114th Congress, Other Hearings
Committee
Subcommittee
Title
Date
U.S.-China Economic and Security
Commercial Cyber Espionage and
June 15, 2015
Review Commission
Barriers to Digital Trade in China
Source: Compiled by CRS
CRS-21
link to page 28 link to page 30 link to page 28 link to page 30 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Hearings in the 113th Congress
The following tables list cybersecurity hearings in the 113th Congress. Table 14 and Table 15
contain identical content but are organized differently. Table 14 lists House hearings arranged by
date (most recent first), and Table 15 lists House hearings arranged by committee. When viewed
in HTML, the document titles are active links to the committee’s website for that particular
hearing.
Congressional Research Service
22
Table 14. 113th Congress, House Hearings, by Date
Title
Date
Committee
Subcommittee
How Data Mining Threatens Student Privacy
June 25, 2014
Homeland Security
Cybersecurity, Infrastructure Protection, and
Security Technologies
Assessing Persistent and Emerging Cyber Threats to
May 21, 2014
Homeland Security
Counterterrorism and Intelligence
the U.S. Homeland
Electromagnetic Pulse (EMP): Threat to Critical
May 8, 2014
Homeland Security
Cybersecurity, Infrastructure Protection, and
Infrastructure
Security Technologies
Protecting Your Personal Data: How Law Enforcement April 16, 2014
Homeland Security
Cybersecurity, Infrastructure Protection, and
Works With the Private Sector to Prevent
Security Technologies (Field Hearing)
Cybercrime
Information Technology and Cyber Operations:
March 12, 2014
Armed Services
Intelligence, Emerging Threats, and
Modernization and Policy Issues in a Changing National
Capabilities
Security Environment
International Cybercrime Protection
March 6, 2014
Science, Space, and Technology
Financial Institutions and Consumer Credit
Data Security: Examining Efforts to Protect Americans’
March 5, 2014
Financial Services
Financial Information
Protecting Consumer Information: Can Data Breaches
February 5, 2014
Energy and Commerce
Commerce, Manufacturing, and Trade
Be Prevented?
A Roadmap for Hackers? - Documents Detailing
January 28, 2014
Oversight and Government
HealthCare.gov Security Vulnerabilities
Reform
HealthCare.gov: Consequences of Stolen Identity
January 19, 2014
Science, Space, and Technology
HHS’ Own Security Concerns About HealthCare.gov
January 16, 2014
Oversight and Government
Reform
Is My Data on Healthcare.gov Secure?
November 19, 2013
Science, Space, and Technology
Security of Healthcare.gov
November 19, 2013
Energy and Commerce
Cyber Side-Effects: How Secure is the Personal
November 13, 2013
Homeland Security
Information Entered into the Flawed Healthcare.gov?
Cyber Incident Response: Bridging the Gap Between
October 30, 2013
Homeland Security
Cybersecurity, Infrastructure Protection, and
Cybersecurity and Emergency Management
Security Technologies
CRS-23
Title
Date
Committee
Subcommittee
Cybersecurity: 21st Century Threats, Challenges, and
October 23, 2013
Permanent Select Committee on
Opportunities
Intelligence
A Look into the Security and Reliability of the Health
September 11, 2013
Homeland Security
Cybersecurity, Infrastructure Protection, and
Exchange Data Hub
Security Technologies
Asia: The Cyber Security Battleground
July 23, 2013
Foreign Affairs
Asia and the Pacific
Oversight of Executive Order 13636 and Development July 18, 2013
Homeland Security
Cybersecurity, Infrastructure Protection, and
of the Cybersecurity Framework
Security Technologies
Reporting Data Breaches: Is Federal Legislation
July 18, 2013
Energy and Commerce
Commerce, Manufacturing, and Trade
Needed to Protect Consumers?
Evaluating Privacy, Security, and Fraud Concerns with
July 17, 2013
(Joint Hearing) Homeland Security
ObamaCare’s Information Sharing Apparatus
and Oversight and Government
Reform
Cyber Espionage and the Theft of U.S. Intellectual
July 9, 2013
Energy and Commerce
Oversight and Investigation
Property and Technology
Cyber Threats and Security Solutions
May 21, 2013
Energy and Commerce
Cybersecurity: An Examination of the Communications May 21, 2013
Energy and Commerce
Communications and Technology
Supply Chain
Facilitating Cyber Threat Information Sharing and
May 16, 2013
Homeland Security
Cybersecurity, Infrastructure Protection, and
Partnering with the Private Sector to Protect Critical
Security Technologies
Infrastructure: An Assessment of DHS Capabilities
Striking the Right Balance: Protecting Our Nation’s
April 25, 2013
Homeland Security
Cybersecurity, Infrastructure Protection, and
Critical Infrastructure from Cyber Attack and Ensuring
Security Technologies
Privacy and Civil Liberties
Cyber Attacks: An Unprecedented Threat to U.S.
March 21, 2013
Foreign Affairs
Europe, Eurasia, and Emerging Threats
National Security
Protecting Small Business from Cyber-Attacks
March 21, 2013
Small Business
Healthcare and Technology
Cybersecurity and Critical Infrastructure [CLOSED
March 20, 2013
Appropriations
hearing]
Cyber Threats from China, Russia and Iran: Protecting
March 20, 2013
Homeland Security
Cybersecurity, Infrastructure Protection, and
American Critical Infrastructure
Security Technologies
CRS-24
Title
Date
Committee
Subcommittee
DHS Cybersecurity: Roles and Responsibilities to
March 13, 2013
Homeland Security
Protect the Nation’s Critical Infrastructure
Investigating and Prosecuting 21st Century Cyber
March 13, 2013
Judiciary
Crime, Terrorism, Homeland Security and
Threats
Investigations
Information Technology and Cyber Operations:
March 13, 2013
Armed Services
Intelligence, Emerging Threats, and
Modernization and Policy Issues to Support the Future
Capabilities
Force
Cyber R&D Challenges and Solutions
February 26, 2013
Science, Space, and Technology
Technology
Advanced Cyber Threats Facing Our Nation
February 14, 2013
Select Committee on Intelligence
Source: Compiled by CRS.
Table 15. 113th Congress, House Hearings, by Committee
Committee
Subcommittee
Title
Date
Appropriations
Cybersecurity and Critical Infrastructure [CLOSED
March 20, 2013
hearing]
Armed Services
Intelligence, Emerging Threats, and Capabilities
Information Technology and Cyber Operations:
March 12, 2014
Modernization and Policy Issues in a Changing
National Security Environment
Armed Services
Intelligence, Emerging Threats, and Capabilities
Information Technology and Cyber Operations:
March 13, 2013
Modernization and Policy Issues to Support the
Future Force
Energy and Commerce
Commerce, Manufacturing, and Trade
Protecting Consumer Information: Can Data
February 5, 2014
Breaches Be Prevented?
Energy and Commerce
Security of Healthcare.gov
November 19, 2013
Energy and Commerce
Commerce, Manufacturing, and Trade
Reporting Data Breaches: Is Federal Legislation
July 18, 2013
Needed to Protect Consumers?
Energy and Commerce
Oversight and Investigation
Cyber Espionage and the Theft of U.S. Intellectual
July 9, 2013
Property and Technology
Energy and Commerce
Cyber Threats and Security Solutions
May 21, 2013
CRS-25
Committee
Subcommittee
Title
Date
Energy and Commerce
Communications and Technology
Cybersecurity: An Examination of the
May 21, 2013
Communications Supply Chain
Financial Services
Financial Institutions and Consumer Credit
Data Security: Examining Efforts to Protect
March 5, 2014
Americans’ Financial Information
Foreign Affairs
Asia and the Pacific
Asia: The Cyber Security Battleground
July 23, 2013
Foreign Affairs
Europe, Eurasia, and Emerging Threats
Cyber Attacks: An Unprecedented Threat to U.S.
March 21, 2013
National Security
Homeland Security
Cybersecurity, Infrastructure Protection, and
How Data Mining Threatens Student Privacy
June 25, 2014
Security Technologies
Homeland Security
Counterterrorism and Intelligence
Assessing Persistent and Emerging Cyber Threats to May 21, 2014
the U.S. Homeland
Homeland Security
Cybersecurity, Infrastructure Protection, and
Electromagnetic Pulse (EMP): Threat to Critical
May 8, 2014
Security Technologies
Infrastructure
Homeland Security
Cybersecurity, Infrastructure Protection, and
Protecting Your Personal Data: How Law
April 16, 2014
Security Technologies (Field Hearing)
Enforcement Works With the Private Sector to
Prevent Cybercrime
Homeland Security
Cyber Side-Effects: How Secure is the Personal
November 13, 2013
Information Entered into the Flawed
Healthcare.gov?
Homeland Security
Cybersecurity, Infrastructure Protection, and
Cyber Incident Response: Bridging the Gap
October 30, 2013
Security Technologies
Between Cybersecurity and Emergency
Management
Homeland Security
Cybersecurity, Infrastructure Protection, and
A Look into the Security and Reliability of the
September 11, 2013
Security Technologies
Health Exchange Data Hub
Homeland Security
Cybersecurity, Infrastructure Protection, and
Oversight of Executive Order 13636 and
July 18, 2013
Security Technologies
Development of the Cybersecurity Framework
Homeland Security (Joint Hearing with
Cybersecurity, Infrastructure Protection, and
Facilitating Cyber Threat Information Sharing and
May 16, 2013
Oversight and Government Reform)
Security Technologies, and Energy Policy, Health
Partnering with the Private Sector to Protect
Care, and Entitlements (Joint Hearing)
Critical Infrastructure: An Assessment of DHS
Capabilities
CRS-26
Committee
Subcommittee
Title
Date
Homeland Security
Cybersecurity, Infrastructure Protection, and
Striking the Right Balance: Protecting Our Nation’s
April 25, 2013
Security Technologies
Critical Infrastructure from Cyber Attack and
Ensuring Privacy and Civil Liberties
Homeland Security
Cybersecurity, Infrastructure Protection, and
Cyber Threats from China, Russia and Iran:
March 20, 2013
Security Technologies
Protecting American Critical Infrastructure
Homeland Security
Cybersecurity, Infrastructure Protection, and
DHS Cybersecurity: Roles and Responsibilities to
March 13, 2013
Security Technologies
Protect the Nation’s Critical Infrastructure
Judiciary
Crime, Terrorism, Homeland Security, and
Investigating and Prosecuting 21st Century Cyber
March 13, 2013
Investigations
Threats
Oversight and Government Reform
A Roadmap for Hackers? - Documents Detailing
January 28, 2014
HealthCare.gov Security Vulnerabilities
Oversight and Government Reform
HHS’ Own Security Concerns About
January 16, 2014
HealthCare.gov
Oversight and Government Reform
Energy Policy, Health Care, and Entitlements (Joint Evaluating Privacy, Security, and Fraud Concerns
July 18, 2013
(Joint Hearing with Homeland
Hearing with Cybersecurity, Infrastructure
with ObamaCare’s Information Sharing Apparatus
Security)
Protection, and Security Technologies)
Science, Space, and Technology
International Cybercrime Protection
March 6, 2014
Science, Space, and Technology
HealthCare.gov: Consequences of Stolen Identity
January 19, 2014
Science, Space, and Technology
Is My Data on Healthcare.gov Secure?
November 19, 2013
Science, Space, and Technology
Technology
Cyber R&D [Research and Development]
February 26, 2013
Challenges and Solutions
Select Committee on Intelligence
Advanced Cyber Threats Facing Our Nation
February 14, 2013
Small Business
Healthcare and Technology
Protecting Small Business from Cyber-Attacks
March 21, 2013
Source: Compiled by CRS.
CRS-27
Table 16. 113th Congress, House Committee Markups, by Date
Committee
Subcommittee
Title
Date
Homeland Security
H.R. 3696, National Cybersecurity and Critical
February 5, 2014
Infrastructure Protection Act
Homeland Security
Cybersecurity, Infrastructure Protection, and
H.R. 3696, National Cybersecurity and Critical
January 15, 2014
Security Technologies
Infrastructure Protection Act
Homeland Security
Cybersecurity, Infrastructure Protection, and
H.R. 2952, CIRDA Act of 2013, and H.R. 3107, the
September 18, 2013
Security Technologies
Homeland Security Cybersecurity Boots-on-the-
Ground Act
Source: Compiled by CRS.
Table 17. 113th Congress, Senate Hearings, by Date
Title
Date
Committee
Subcommittee
Cybersecurity: Enhancing Coordination to Protect the
December 10, 2014
Banking, Housing, and Urban Affairs
Financial Sector
Taking Down Botnets: Public and Private Efforts to Disrupt
July 15, 2014
Judiciary
Crime and Terrorism
and Dismantle Cybercriminal Networks
Investing in Cybersecurity: Understanding Risks and Building
May 7, 2014
Appropriations
Homeland Security
Capabilities for the Future
Data Breach on the Rise: Protecting Personal Information
April 2, 2014
Homeland Security and Governmental Affairs
from Harm
Protecting Personal Consumer Information from Cyber
March 26, 2014
Commerce, Science, and Transportation
Attacks and Data Breaches
Strengthening Public-Private Partnerships to Reduce Cyber
March 26, 2014
Homeland Security and Governmental Affairs
Risks to Our Nation’s Critical Infrastructure
Nomination of Vice Admiral Michael S. Rogers, USN to be
March 11, 2014
Armed Services
admiral and Director, National Security Agency/ Chief,
Central Security Services/ Commander, U.S. Cyber Command
U.S. Strategic Command and U.S. Cyber Command in review
February 27, 2014
Armed Services
of the fiscal 2015 Defense Authorization Request and the
Future Years Defense Program
CRS-28
Title
Date
Committee
Subcommittee
Oversight of Financial Stability and Data Security
February 6, 2014
Banking, Housing, and Urban Affairs
Privacy in the Digital Age: Preventing Data Breaches and
February 4, 2014
Judiciary
Combating Cybercrime
Safeguarding Consumers’ Financial Data, Panel 2,
February 3, 2014
Banking, Housing, and Urban Affairs
National Security and
International Trade and Finance
The Partnership Between NIST [National Institute of
July 25, 2013
Commerce, Science, and Transportation
Standards and Technology] and the Private Sector: Improving
Cybersecurity
Resilient Military Systems and the Advanced Cyber Threat
June 26, 2013
Armed Services
(CLOSED BRIEFING)
Cybersecurity: Preparing for and Responding to the Enduring
June 12, 2013
Appropriations
Threat
Cyber Threats: Law Enforcement and Private Sector
May 8, 2013
Judiciary
Crime and Terrorism
Responses
Defense Authorization: Cybersecurity Threats: To receive a
March 19, 2013
Armed Services
Emerging Threats and Capabilities
briefing on cybersecurity threats in review of the Defense
Authorization Request for Fiscal Year 2014 and the Future
Years Defense Program
Fiscal 2014 Defense Authorization, Strategic Command: U.S.
March 12, 2013
Armed Services
Cyber Command
The Cybersecurity Partnership Between the Private Sector
March 7, 2013
(Joint) Homeland Security and Governmental
and Our Government: Protecting Our National and Economic
Affairs and Commerce, Science, and
Security
Transportation
Source: Compiled by CRS.
CRS-29
Table 18. 113th Congress, Other Hearings, by Date
Title
Date
Committee
Subcommittee
U.S.-China Cybersecurity Issues
July 11, 2013
Congressional-Executive Commission on China
Chinese Hacking: Impact on Human Rights and Commercial June 25, 2013
Congressional-Executive Commission on China
Rule of Law
Source: Compiled by CRS.
Table 19. 113th Congress, Senate Hearings, by Committee
Committee
Subcommittee
Title
Date
Appropriations
Homeland Security
Investing in Cybersecurity: Understanding Risks and
May 7, 2014
Building Capabilities for the Future
Appropriations
Cybersecurity: Preparing for and Responding to the
June 12, 2013
Enduring Threat
Armed Services
Nomination of Vice Admiral Michael S. Rogers, USN to
March 11, 2014
be admiral and Director, National Security Agency/ Chief,
Central Security Services/ Commander, U.S. Cyber
Command
Armed Services
U.S. Strategic Command and U.S. Cyber Command in
February 27, 2014
review of the Fiscal 2015 Defense Authorization Request
and the Future Years Defense Program
Armed Services
Resilient Military Systems and the Advanced Cyber Threat June 26, 2013
(CLOSED BRIEFING)
Armed Services
Emerging Threats and Capabilities
Defense Authorization: Cybersecurity Threats
March 19, 2013
Armed Services
Fiscal 2014 Defense Authorization, Strategic Command:
March 12, 2013
U.S. Cyber Command
Banking, Housing, and Urban Affairs
Cybersecurity: Enhancing Coordination to Protect the
December 10, 2014
Financial Sector
Banking, Housing, and Urban Affairs
Oversight of Financial Stability and Data Security
February 6, 2014
Banking, Housing, and Urban Affairs
National Security and International
Safeguarding Consumers’ Financial Data
February 3, 2014
Trade and Finance
CRS-30
Committee
Subcommittee
Title
Date
Commerce, Science, and Transportation
Protecting Personal Consumer Information from Cyber
March 26, 2014
Attacks and Data Breaches
Commerce, Science, and Transportation
The Partnership Between NIST [National Institute of
July 25, 2013
Standards and Technology] and the Private Sector:
Improving Cybersecurity
Homeland Security and Governmental
Data Breach on the Rise: Protecting Personal Information
April 2, 2014
Affairs
from Harm
Homeland Security and Governmental
Strengthening Public-Private Partnerships to Reduce
March 26, 2014
Affairs
Cyber Risks to Our Nation’s Critical Infrastructure
(Joint) Homeland Security and Governmental
The Cybersecurity Partnership Between the Private
March 7, 2013
Affairs and Commerce, Science, and
Sector and Our Government: Protecting Our National
Transportation
and Economic Security
Judiciary
Crime and Terrorism
Taking Down Botnets: Public and Private Efforts to
July 15, 2014
Disrupt and Dismantle Cybercriminal Networks
Judiciary
Privacy in the Digital Age: Preventing Data Breaches and
February 4, 2014
Combating Cybercrime
Judiciary
Crime and Terrorism
Cyber Threats: Law Enforcement and Private Sector
May 8, 2013
Responses
Source: Compiled by CRS.
Table 20. 113th Congress, Other Hearings, by Committee
Committee
Subcommittee
Title
Date
Congressional-Executive Commission on
U.S.-China Cybersecurity Issues
July 11, 2013
China
Congressional-Executive Commission on
Chinese Hacking: Impact on Human Rights and
June 25, 2013
China
Commercial Rule of Law
Source: Compiled by CRS.
CRS-31
link to page 38 link to page 40 link to page 38 link to page 40 link to page 43 link to page 43 link to page 44 link to page 43 link to page 44 link to page 46 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Hearings in the 112th Congress
The following tables list cybersecurity hearings in the 112th Congress. Table 21 and Table 22
contain identical content but are organized differently. Table 21 lists House hearings arranged by
date (most recent first) and Table 22 lists House hearings arranged by committee. Table 23 lists
House markups by date; Table 24 and Table 25 contain identical content. Table 24 lists Senate
hearings arranged by date and Table 25 lists Senate hearings arranged by committee. Table 26
lists two congressional committee investigative reports: the House Permanent Select Committee
on Intelligence investigative report into the counterintelligence and security threats posed by
Chinese telecommunications companies doing business in the United States, and the Senate
Permanent Subcommittee on Investigations’ review of U.S. Department of Homeland Security
efforts to engage state and local intelligence “fusion centers.” When viewed in HTML, the
document titles are active links to the committee’s website for that particular hearing.
Congressional Research Service
32
Table 21. 112th Congress, House Hearings, by Date
Title
Date
Committee
Subcommittee
Investigation of the Security Threat Posed by Chinese
September 13, 2012
Permanent Select Committee on
Telecommunications Companies Huawei and ZTE
Intelligence
Resilient Communications: Current Challenges and
September 12, 2012
Homeland Security
Emergency Preparedness, Response, and
Future Advancements
Communications
Cloud Computing: An Overview of the Technology
July 25, 2012
Judiciary
Intellectual Property, Competition, and the
and the Issues facing American Innovators
Internet
Digital Warriors: Improving Military Capabilities for
July 25, 2012
Armed Services
Emerging Threats and Capabilities
Cyber Operations
Cyber Threats to Capital Markets and Corporate
June 1, 2012
Financial Services
Capital Markets and Government
Accounts
Sponsored Enterprises
Iranian Cyber Threat to U.S. Homeland
April 26, 2012
Homeland Security
Cybersecurity, Infrastructure Protection,
and Security Technologies and
Counterterrorism and Intelligence
America is Under Cyber Attack: Why Urgent Action
April 24, 2012
Homeland Security
Oversight, Investigations and Management
is Needed
The DHS and DOE National Labs: Finding Efficiencies
April 19, 2012
Homeland Security
Cybersecurity, Infrastructure Protection,
and Optimizing Outputs in Homeland Security
and Security Technologies
Research and Development
Cybersecurity: Threats to Communications Networks
March 28, 2012
Energy and Commerce
Communications and Technology
and Public-Sector Responses
IT Supply Chain Security: Review of Government and
March 27, 2012
Energy and Commerce
Oversight and Investigations
Industry Efforts
Fiscal Year 2013 Budget Request for Information
March 20, 2012
Armed Services
Emerging Threats and Capabilities
Technology and Cyber Operations Programs
Cybersecurity: The Pivotal Role of Communications
March 7, 2012
Energy and Commerce
Communications and Technology
Networks
NASA Cybersecurity: An Examination of the Agency’s
February 29, 2012
Science, Space, and Technology
Investigations and Oversight
Information Security
Critical Infrastructure Cybersecurity: Assessments of
February 28, 2012
Energy and Commerce
Oversight and Investigations
Smart Grid Security
Hearing on Draft Legislative Proposal on
December 6, 2011
Homeland Security and
Cybersecurity, Infrastructure Protection,
Cybersecurity
Governmental Affairs
and Security Technologies
CRS-33
Title
Date
Committee
Subcommittee
Cyber Security: Protecting Your Small Business
December 1, 2011
Small Business
Healthcare and Technology
Combating Online Piracy (H.R. 3261, Stop the Online
November 16, 2011
Judiciary
Piracy Act)
Cybersecurity: Protecting America’s New Frontier
November 15, 2011
Judiciary
Crime, Terrorism and Homeland Security
Institutionalizing Irregular Warfare Capabilities
November 3, 2011
Armed Services
Emerging Threats and Capabilities
Cloud Computing: What are the Security Implications?
October 6, 2011
Homeland Security
Cybersecurity, Infrastructure Protection,
and Security Technologies
Cyber Threats and Ongoing Efforts to Protect the
October 4, 2011
Permanent Select Intelligence
Nation
The Cloud Computing Outlook
September 21, 2011
Science, Space, and Technology
Technology and Innovation
Cybersecurity: Threats to the Financial Sector
September 14, 2011
Financial Services
Financial Institutions and Consumer Credit
Cybersecurity: An Overview of Risks to Critical
July 26, 2011
Energy and Commerce
Oversight and Investigations
Infrastructure
Cybersecurity: Assessing the Nation’s Ability to
July 7, 2011
Oversight and Government Reform
Address the Growing Cyber Threat
Field Hearing: “Hacked Off: Helping Law Enforcement
June 29, 2011
Financial Services (field hearing in
Protect Private Financial Information"
Hoover, AL)
Examining the Homeland Security Impact of the
June 24, 2011
Homeland Security
Cybersecurity, Infrastructure Protection,
Obama Administration’s Cybersecurity Proposal
and Security Technologies
Sony and Epsilon: Lessons for Data Security Legislation June 2, 2011
Energy and Commerce
Commerce, Manufacturing, and Trade
Protecting the Electric Grid: the Grid Reliability and
May 31, 2011
Energy and Commerce
Infrastructure Defense Act
Unlocking the SAFETY Act’s [Support Anti-terrorism
May 26, 2011
Homeland Security
Cybersecurity, Infrastructure Protection,
by Fostering Effective Technologies—P.L. 107-296]
and Security Technologies
Potential to Promote Technology and Combat
Terrorism
Protecting Information in the Digital Age: Federal
May 25, 2011
Science, Space, and Technology
Research and Science Education and
Cybersecurity Research and Development Efforts
Technology and Innovation
Cybersecurity: Innovative Solutions to Challenging
May 25, 2011
Judiciary
Intellectual Property, Competition and the
Problems
Internet
Cybersecurity: Assessing the Immediate Threat to the
May 25, 2011
Oversight and Government Reform National Security, Homeland Defense and
United States
Foreign Operations
CRS-34
Title
Date
Committee
Subcommittee
DHS Cybersecurity Mission: Promoting Innovation and April 15, 2011
Homeland Security
Cybersecurity, Infrastructure Protection,
Securing Critical Infrastructure
and Security Technologies
Communist Chinese Cyber-Attacks, Cyber-Espionage
April 15, 2011
Foreign Affairs
Oversight and Investigations
and Theft of American Technology
Budget Hearing—National Protection and Programs
March 31, 2011
Appropriations (closed/classified)
Energy and Power
Directorate, Cybersecurity and Infrastructure
Protection Programs
Examining the Cyber Threat to Critical Infrastructure
March 16, 2011
Homeland Security
Cybersecurity, Infrastructure Protection,
and the American Economy
and Security Technologies
2012 Budget Request from U.S. Cyber Command
March 16, 2011
Armed Services
Emerging Threats and Capabilities
What Should the Department of Defense’s Role in
February 11, 2011
Armed Services
Emerging Threats and Capabilities
Cyber Be?
Preventing Chemical Terrorism: Building a Foundation
February 11, 2011
Homeland Security
Cybersecurity, Infrastructure Protection,
of Security at Our Nation’s Chemical Facilities
and Security Technologies
World Wide Threats
February 10, 2011
Permanent Select Intelligence
Source: Compiled by CRS.
Table 22. 112th Congress, House Hearings, by Committee
Committee
Subcommittee
Title
Date
Appropriations
Budget Hearing—National Protection and Programs Directorate,
March 31, 2011
(closed/classified)
Cybersecurity and Infrastructure Protection Programs
Armed Services
Emerging Threats and Capabilities
Digital Warriors: Improving Military Capabilities for Cyber Operations
July 25, 2012
Armed Services
Emerging Threats and Capabilities
Fiscal 2013 Defense Authorization: IT and Cyber Operations
March 20, 2012
Armed Services
Emerging Threats and Capabilities
Institutionalizing Irregular Warfare Capabilities
November 3, 2011
Armed Services
Emerging Threats and Capabilities
2012 Budget Request for U.S. Cyber Command
March 16, 2011
Armed Services
Emerging Threats and Capabilities
What Should the Department of Defense’s Role in Cyber Be?
February 11, 2011
Energy and Commerce Communications and Technology
Cybersecurity: Threats to Communications Networks and Public-Sector
March 28, 2012
Responses
Energy and Commerce Oversight and Investigations
IT Supply Chain Security: Review of Government and Industry Efforts
March 27, 2012
Energy and Commerce Communications and Technology
Cybersecurity: The Pivotal Role of Communications Networks
March 7, 2012
CRS-35
Committee
Subcommittee
Title
Date
Energy and Commerce Oversight and Investigations
Critical Infrastructure Cybersecurity: Assessments of Smart Grid Security
February 28, 2012
Energy and Commerce Oversight and Investigations
Cybersecurity: An Overview of Risks to Critical Infrastructure
July 26, 2011
Energy and Commerce Commerce, Manufacturing, and Trade
Sony and Epsilon: Lessons for Data Security Legislation
June 2, 2011
Energy and Commerce Energy and Power
Protecting the Electric Grid: the Grid Reliability and Infrastructure Defense
May 31, 2011
Act
Financial Services
Capital Markets and Government Sponsored
Cyber Threats to Capital Markets and Corporate Account
June 1, 2012
Enterprises
Financial Services
Financial Institutions and Consumer Credit
Cybersecurity: Threats to the Financial Sector
September 14, 2011
Financial Services
Field hearing in Hoover, AL
Field Hearing: “Hacked Off: Helping Law Enforcement Protect Private
June 29, 2011
Financial Information”
Foreign Affairs
Oversight and Investigations
Communist Chinese Cyber-Attacks, Cyber-Espionage and Theft of
April 15, 2011
American Technology
Homeland Security
Emergency Preparedness, Response, and
Resilient Communications: Current Challenges and Future Advancement
September 12, 2012
Communications
Homeland Security
Cybersecurity, Infrastructure Protection, and Iranian Cyber Threat to U.S. Homeland
April 26, 2012
Security Technologies and Counterterrorism
and Intelligence
Homeland Security
Oversight, Investigations and Management
America is Under Cyber Attack: Why Urgent Action is Needed
April 24, 2012
Homeland Security
Cybersecurity, Infrastructure Protection, and The DHS and DOE National Labs: Finding Efficiencies and Optimizing
April 19, 2012
Security Technologies
Outputs in Homeland Security Research and Development
Homeland Security
Cybersecurity, Infrastructure Protection, and Hearing on Draft Legislative Proposal on Cybersecurity
December 6, 2011
Security Technologies
Homeland Security
Cybersecurity, Infrastructure Protection, and Cloud Computing: What are the Security Implications?
October 6, 2011
Security Technologies
Homeland Security
Cybersecurity, Infrastructure Protection, and Examining the Homeland Security Impact of the Obama Administration’s
June 24, 2011
Security Technologies
Cybersecurity Proposal
Homeland Security
Unlocking the SAFETY Act’s [Support Anti-terrorism by Fostering Effective
May 26, 2011
Technologies—P.L. 107-296] Potential to Promote Technology and
Combat Terrorism
Homeland Security
Cybersecurity, Infrastructure Protection, and DHS Cybersecurity Mission: Promoting Innovation and Securing Critical
April 15, 2011
Security Technologies
Infrastructure
CRS-36
Committee
Subcommittee
Title
Date
Homeland Security
Cybersecurity, Infrastructure Protection, and Examining the Cyber Threat to Critical Infrastructure and the American
March 16, 2011
Security Technologies
Economy
Homeland Security
Cybersecurity, Infrastructure Protection, and Preventing Chemical Terrorism: Building a Foundation of Security at Our
February 11, 2011
Security Technologies
Nation’s Chemical Facilities
Judiciary
Intellectual Property, Competition, and the
Cloud Computing: An Overview of the Technology and the Issues facing
July 25, 2012
Internet
American Innovators
Judiciary
Combating Online Piracy (H.R. 3261, Stop the Online Piracy Act)
November 16, 2011
Judiciary
Crime, Terrorism and Homeland Security
Cybersecurity: Protecting America’s New Frontier
November 15, 2011
Judiciary
Intellectual Property, Competition, and the
Cybersecurity: Innovative Solutions to Challenging Problems
May 25, 2011
Internet
Oversight and
Cybersecurity: Assessing the Nation’s Ability to Address the Growing
July 7, 2011
Government Reform
Cyber Threat
Oversight and
Subcommittee on National Security,
Cybersecurity: Assessing the Immediate Threat to the United States
May 25, 2011
Government Reform
Homeland Defense and Foreign Operations
Permanent Select
Investigation of the Security Threat Posed by Chinese Telecommunications
September 13, 2012
Intelligence
Companies Huawei and ZTE
Permanent Select
Cyber Threats and Ongoing Efforts to Protect the Nation
October 4, 2011
Intelligence
Permanent Select
World Wide Threats
February 10, 2011
Intelligence
Science, Space, and
Investigations and Oversight
NASA Cybersecurity: An Examination of the Agency’s Information Security
February 29, 2012
Technology
Science, Space, and
Technology and Innovation
The Cloud Computing Outlook
September 21, 2011
Technology
Science, Space, and
Research and Science Education and
Protecting Information in the Digital Age: Federal Cybersecurity Research
May 25, 2011
Technology
Technology and Innovation
and Development Efforts
Small Business
Healthcare and Technology
Cyber Security: Protecting Your Small Business
November 30, 2011
Source: Compiled by CRS.
CRS-37
Table 23. 112th Congress, House Markups, by Date
Title
Date
Committee
Subcommittee
Consideration and Markup of H.R. 3674
February 1, 2012
Homeland Security
Cybersecurity, Infrastructure
Protection, and Security
Technologies
Markup: Draft Bil : Cyber Intelligence Sharing and Protection Act of 2011
December 1, 2011
Permanent Select Intelligence
Markup on H.R. 2096, Cybersecurity Enhancement Act of 2011
July 21, 2011
Science, Space, and
Technology
Discussion Draft of H.R. 2577, a bil to require greater protection for
June 15, 2011
Energy and Commerce
Commerce, Manufacturing, and
sensitive consumer data and timely notification in case of breach
Trade
Source: Compiled by CRS.
Table 24. 112th Congress, Senate Hearings, by Date
Title
Date
Committee
Subcommittee
State of Federal Privacy and Data Security Law: Lagging Behind the Times?
July 31, 2012
Homeland Security and
Oversight of Government
Governmental Affairs
Management, the Federal Workforce
and the District of Columbia
Cyber Security and the Grid
July 17, 2012
Energy and Natural Resources
Committee
U.S. Strategic Command and U.S. Cyber Command
March 27, 2012
Armed Services
Cybersecurity Research and Development
March 20, 2012
Armed Services
Emerging Threats and Capabilities
The Freedom of Information Act: Safeguarding Critical Infrastructure
March 13, 2012
Judiciary
Information and the Public’s Right to Know
Securing America’s Future: The Cybersecurity Act of 2012
February 16, 2012
Homeland Security and
Governmental Affairs
Cybercrime: Updating the Computer Fraud and Abuse Act to Protect
September 7, 2011
Judiciary
Cyberspace and Combat Emerging Threats
Role of Smal Businesses in Strengthening Cybersecurity Efforts in the United
July 25, 2011
Small Business and
States
Entrepreneurship
Privacy and Data Security: Protecting Consumers in the Modern World
June 29, 2011
Commerce, Science, and
Transportation
Cybersecurity: Evaluating the Administration’s Proposals
June 21, 2011
Judiciary
Crime and Terrorism
CRS-38
link to page 44
Title
Date
Committee
Subcommittee
Cybersecurity and Data Protection in the Financial Sector
June 21, 2011
Banking, Housing, and Urban
Affairs
Protecting Cyberspace: Assessing the White House Proposal
May 23, 2011
Homeland Security and
Governmental Affairs
Cybersecurity of the Bulk-Power System and Electric Infrastructure and for
May 5, 2011
Energy and Natural Resources
Other Purposes
Health and Status of the Defense Industrial Base
May 3, 2011
Armed Services
Emerging Threats and Capabilities
Cyber Security: Responding to the Threat of Cyber Crime and Terrorism
April 12, 2011
Judiciary
Crime and Terrorism
Oversight of the Federal Bureau of Investigation
March 30, 2011
Judiciary
Cybersecurity and Critical Electric Infrastructurea (closed hearing)
March 15, 2011
Energy and Natural Resources
Information Sharing in the Era of WikiLeaks: Balancing Security and
March 10, 2011
Homeland Security and
Col aboration
Governmental Affairs
Homeland Security Department’s Budget Submission for Fiscal Year 2012
February 17, 2011
Homeland Security and
Governmental Affairs
Source: Compiled by CRS.
a. The March 15, 2011, hearing before the Committee on Energy and Natural Resources was closed.
Table 25. 112th Congress, Senate Hearings, by Committee
Committee
Subcommittee
Title
Date
Armed Services
Emerging Threats and
Cybersecurity Research and Development
March 20, 2012
Capabilities
Armed Services
U.S. Strategic Command and U.S. Cyber Command
March 27, 2012
Armed Services
Emerging Threats and
Health and Status of the Defense Industrial Base
May 3, 2011
Capabilities
Banking, Housing, and Urban Affairs
Cybersecurity and Data Protection in the Financial Sector
June 21, 2011
Commerce, Science, and Transportation
Privacy and Data Security: Protecting Consumers in the Modern World
June 29, 2011
Energy and Natural Resources
Cybersecurity and the Grid
July 17, 2012
CRS-39
link to page 45
Committee
Subcommittee
Title
Date
Energy and Natural Resources
Cybersecurity of the Bulk-Power System and Electric Infrastructure and
May 5, 2011
For Other Purposes
Energy and Natural Resources (closed)a
Cybersecurity and Critical Electric Infrastructure
March 15, 2011
Homeland Security and Governmental
Oversight of Government State of Federal Privacy and Data Security Law: Lagging Behind the Times? July 31, 2012
Affairs
Management, the Federal
Workforce and the
District of Columbia
Homeland Security and Governmental
Securing America’s Future: The Cybersecurity Act of 2012
February 16, 2012
Affairs
Homeland Security and Governmental
Protecting Cyberspace: Assessing the White House Proposal
May 23, 2011
Affairs
Homeland Security and Governmental
Information Sharing in the Era of WikiLeaks: Balancing Security and
March 10, 2011
Affairs
Col aboration
Homeland Security and Governmental
Homeland Security Department’s Budget Submission for Fiscal Year 2012
February 17, 2011
Affairs
Judiciary
The Freedom of Information Act: Safeguarding Critical Infrastructure
March 13, 2012
Information and the Public’s Right to Know
Judiciary
Cybercrime: Updating the Computer Fraud and Abuse Act to Protect
September 7, 2011
Cyberspace and Combat Emerging Threats
Judiciary
Crime and Terrorism
Cybersecurity: Evaluating the Administration’s Proposals
June 21, 2011
Judiciary
Crime and Terrorism
Cyber Security: Responding to the Threat of Cyber Crime and Terrorism
April 12, 2011
Judiciary
Oversight of the Federal Bureau of Investigation
March 30, 2011
Small Business and Entrepreneurship
Role of Smal Business in Strengthening Cybersecurity Efforts in the
July 25, 2011
United States
Source: Compiled by CRS.
a. The March 15, 2011, hearing before the Committee on Energy and Natural Resources was closed.
CRS-40
Table 26. 112th Congress, Congressional Committee Investigative Reports
Title
Committee
Date
Pages
Notes
Investigative Report on the U.S.
House Permanent Select
October 8, 2012
60
The committee initiated this investigation in November 2011
National Security Issues Posed by
Committee on Intelligence
to inquire into the counterintelligence and security threat
Chinese Telecommunications
posed by Chinese telecommunications companies doing
Companies Huawei and ZTE
business in the United States.
Federal Support for and Involvement
U. S. Senate Permanent
October 3, 2012
141
A two-year bipartisan investigation found that U.S.
in State and Local Fusion Centers
Subcommittee on
Department of Homeland Security efforts to engage state
Investigations
and local intelligence “fusion centers” has not yielded
significant useful information to support federal
counterterrorism intelligence efforts. In Section VI, “Fusion
Centers Have Been Unable to Meaningful y Contribute to
Federal Counterterrorism Efforts,” Part G, “Fusion Centers
May Have Hindered, Not Aided, Federal Counterterrorism
Efforts,” the report discusses the Russian “Cyberattack” in
Il inois.
Source: Compiled by CRS.
CRS-41
link to page 48 Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Executive Orders and Presidential Directives
Executive orders are official documents through which the President of the United States
manages the operations of the federal government. Presidential directives guide the federal
rulemaking policy and are signed or authorized by the President.
CRS Reports on Executive Orders and Presidential Directives
The following reports provide additional information on executive orders and presidential
directives:
CRS Report R42984, The 2013 Cybersecurity Executive Order: Overview and
Considerations for Congress, by Eric A. Fischer et al.
CRS Report RS20846, Executive Orders: Issuance, Modification, and
Revocation, by Vivian S. Chu and Todd Garvey
CRS Report R42740, National Security and Emergency Preparedness
Communications: A Summary of Executive Order 13618, by Shawn Reese.
CRS Report 98-611, Presidential Directives: Background and Overview, by
Elaine Halchin.
Table 27 provides a list of executive orders and presidential directives pertaining to
cybersecurity. (Titles are linked to documents.)
Congressional Research Service
42
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Table 27. Executive Orders and Presidential Directives
(by date of issuance)
Title
Date
Source
Notes
E.O. 13694, Blocking the Property of
April 1,
White
The executive order establishes the first
Certain Persons Engaging in Significant
2015
House
sanctions program to allow the
Malicious Cyber-Enabled Activities
Administration to impose penalties on
individuals overseas who engage in
destructive attacks or commercial
espionage in cyberspace. The order
declares “significant malicious cyber-
enabled activities” a “national emergency”
and enables the Treasury Secretary to
target foreign individuals and entities that
take part in the il icit cyberactivity for
sanctions that could include freezing their
financial assets and barring commercial
transactions with them.
Presidential Memorandum—
February 25, White
The CTIIC wil be a national intelligence
Establishment of the Cyber Threat
2015
House
center focused on “connecting the dots”
Intelligence Integration Center
regarding malicious foreign cyber threats
to the nation and cyber incidents affecting
U.S. national interests, and on providing
all-source analysis of threats to U.S.
policymakers. The CTIIC wil also assist
relevant departments and agencies in their
efforts to identify, investigate, and mitigate
those threats
E.O. 13691, Encouraging Private-Sector
February 12, White
The executive order calls for establishing
Cybersecurity Col aboration
2015
House
new “information sharing and analysis
organizations to serve as focal points for
cybersecurity information sharing and
col aboration within the private sector and
between the private sector and
government.” It also aims to streamline
the process companies use to sign
agreements with the federal government
and grants DHS new powers to approve
sharing classified intelligence with the
private sector.
E.O. 13687, Imposing Additional
January 2,
White
The executive order states that North
Sanctions with Respect to North Korea
2015
House
Korea engaged in “provocative,
destabilizing, and repressive actions and
policies,” including “destructive, coercive
cyber-related actions during November
and December 2014,” and authorizes
sanctions against North Korea. The
sanctions prohibit the people and
organizations named from accessing the
U.S. financial system and forbid any banks
or other financial institutions that do
business with the U.S. system from doing
business with the sanctioned entities.
E.O. 13681, Improving the Security of
October 17,
White
The executive order mandates that
Consumer Financial Transactions
2014
House
government credit and debit cards be
enabled with chip and PIN technology and
federal facilities accept chip and PIN-
Congressional Research Service
43
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Title
Date
Source
Notes
enabled cards at retail terminals.
E.O. 13636, Improving Critical
February 12, White
E.O. 13636 addresses cybersecurity
Infrastructure Cybersecurity
2013
House
threats to critical infrastructure (CI) by,
among other things,
expanding to other CI sectors an
existing DHS program for information
sharing and col aboration between the
government and the private sector;
establishing a broadly consultative
process for identifying CI with
especially high priority for protection;
requiring the National Institute of
Standards and Technology to lead in
developing a Cybersecurity
Framework of standards and best
practices for protecting CI; and
requiring regulatory agencies to
determine the adequacy of current
requirements and their authority to
establish requirements to address the
risks.
Presidential Policy Directive (PPD) 21 -
February 12, White
This directive establishes national policy on
Critical Infrastructure Security and
2013
House
critical infrastructure security and
Resilience
resilience. This endeavor is a shared
responsibility among the federal, state,
local, tribal, and territorial (SLTT) entities,
and public and private owners and
operators of critical infrastructure
(hereinafter referred to as “critical
infrastructure owners and operators”).
This directive also refines and clarifies the
critical infrastructure-related functions,
roles, and responsibilities across the
federal government, as well as enhances
overall coordination and col aboration.
The federal government also has a
responsibility to strengthen the security
and resilience of its own critical
infrastructure, for the continuity of
national essential functions, and to
organize itself to partner effectively with
and add value to the security and resilience
efforts of critical infrastructure owners
and operators.
E. O. 13618, Assignment of National
July 6, 2012
White
This order addresses the federal
Security and Emergency Preparedness
House
government's need and responsibility to
Communications Functions
communicate during national security and
emergency situations and crises by
assigning federal national security and
emergency preparedness communications
functions. EO 13618 is a continuation of
older executive orders issued by other
presidents and is related to the
Communications Act of 1934 (47 U.S.C.
§606). This executive order, however,
Congressional Research Service
44
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Title
Date
Source
Notes
changes federal national security and
emergency preparedness communications
functions by dissolving the National
Communications System, establishing an
executive committee to oversee federal
national security and emergency
preparedness communications functions,
establishing a programs office within the
DHS to assist the executive committee,
and assigning specific responsibilities to
federal government entities.
E.O. 13587, Structural Reforms to
October 7,
White
This order directs structural reforms to
Improve the Security of Classified
2011
House
ensure responsible sharing and
Networks and the Responsible
safeguarding of classified information on
computer networks that shall be
consistent with appropriate protections
for privacy and civil liberties. Agencies bear
the primary responsibility for meeting
these twin goals. These policies and
minimum standards wil address all
agencies that operate or access classified
computer networks, all users of classified
computer networks (including contractors
and others who operate or access
classified computer networks control ed
by the federal government), and all
classified information on those networks.
E.O. 13407, Public Alert and Warning
June 26,
White
The order assigns the Secretary of
System
2006
House
Homeland Security the responsibility to
establish or adopt, as appropriate,
common alerting and warning protocols,
standards, terminology, and operating
procedures for the public alert and
warning system to enable interoperability
and the secure delivery of coordinated
messages to the American people through
as many communication pathways as
practicable, taking account of Federal
Communications Commission rules as
provided by law.
HSPD-7, Homeland Security Presidential December
White
Assigns the Secretary of Homeland
Directive No. 7: Critical Infrastructure
17, 2003
House
Security the responsibility of coordinating
Identification, Prioritization, and
the nation’s overall efforts in critical
Protection
infrastructure protection across all
sectors. HSPD-7 also designates the DHS
as lead agency for the nation’s information
and telecommunications sectors.
E.O. 13286, Amendment of Executive
February
White
Designates the Secretary of Homeland
Orders, and Other Actions, in
28, 2003
House
Security the Executive Agent of the
Connection With the Transfer of
National Communication System
Certain Functions to the Secretary of
Committee of Principals, which are the
Homeland Security
agencies, designated by the President, that
own or lease telecommunication assets
identified as part of the National
Communication System, or which bear
policy, regulatory, or enforcement
Congressional Research Service
45
Cybersecurity: Legislation, Hearings, and Executive Branch Documents
Title
Date
Source
Notes
responsibilities of importance to national
security and emergency preparedness
telecommunications.
Presidential Decision Directive/NSC-63
May 22,
White
Sets as a national goal the ability to protect
1998
House
the nation’s critical infrastructure from
intentional attacks (both physical and
cyber) by the year 2003. According to the
PDD, any interruptions in the ability of
these infrastructures to provide their
goods and services must be “brief,
infrequent, manageable, geographically
isolated, and minimally detrimental to the
welfare of the United States."
NSD-42, National Security Directive 42
July 5, 1990
White
Establishes the National Security
- National Policy for the Security of
House
Telecommunications and Information
National Security Telecommunications
Systems Security Committee, now called
and Information Systems
the Committee on National Security
Systems (CNSS). CNSS is an interagency
committee, chaired by the Department of
Defense. Among other assignments, NSD-
42 directs the CNSS to provide system
security guidance for national security
systems to executive departments and
agencies and submit annually to the
Executive Agent an evaluation of the
security status of national security systems.
NSD-42 also directs the CNSS to interact,
as necessary, with the National
Communications System Committee of
Principals.
Source: Descriptions compiled by CRS from government websites.
Author Contact Information
Rita Tehan
Information Research Specialist
rtehan@crs.loc.gov, 7-6739
Key CRS Policy Staff
See CRS Report R42619, Cybersecurity: CRS Experts, by Eric A. Fischer for the names and contact
information for CRS experts on policy issues related to cybersecurity bills currently being debated in the
114th Congress.
Congressional Research Service
46