Graves Secures a Dozen Cybersecurity Priorities in Funding Bills
The U.S. House of Representatives last week passed a number of annual government funding bills that included priorities drafted and championed by Rep. Tom Graves (R-GA-14) to boost our nation's telecommunications and cybersecurity. Over the last month, Rep. Graves worked to include a dozen cybersecurity related priorities in more than half of the 12 must-pass funding bills. Before the end of year, the U.S. Senate will plan to pass their version of each funding bill, then the two chambers will negotiate a final spending package.
"Especially as so much of our day-to-day lives have moved online in the last few months, the need for robust cybersecurity has never been more important. Just recently we learned of yet another attack by Chinese hackers, who have been actively working to steal COVID-19 research and American data. America needs to lead the way when it comes to improving the way the world responds to cyberattacks," said Rep. Graves.
The following priorities -- passed by the House last week - were part of Rep. Graves' work this appropriations cycle to ensure Congress is prioritizing cybersecurity policies, especially as so much of the U.S. workforce is operating remotely. To learn more about Rep. Graves cybersecurity work, please visit tomgraves.house.gov/cyber.
Reporting on NATO standards and protocols for countering cybersecurity incidents
Report language: The Committee notes that in July of 2016 the North Atlantic Treaty Organization (NATO) recognized cyberspace as a domain of operations in which NATO must defend itself as it does in other operational domains. The Committee directs the Secretary of State, in consultation with the Secretary of Defense, to report to the Committee on Appropriations not later than 180 days after the enactment of the Act on common NATO standards and protocols for countering cybersecurity incidents.
Keeping China out of our networks and apps
Report language: Chinese-government affiliated companies.--The Committee is concerned with companies operating within the United States that are known to have substantial ties to the Chinese government, including full or partial ownership by the Chinese government, and that are required by Chinese law to assist in espionage activities, including collection of personally identifiable information of American citizens. Such companies may pose cybersecurity risks, such as vulnerabilities in their equipment, and some are the subject of ongoing Congressional and Executive Branch investigations involving their business practices. The Committee directs DOJ to enforce applicable laws and prevent the operation of known foreign entities who participate in the theft of American intellectual property, the harvesting of personal identifiable information on behalf of a foreign government, and the unlawful surveillance of American citizens by adversarial state-owned enterprises.
Directing the Department of State to maintain an accurate list of Information Technology (IT) assets
Report language: The Committee has concerns that the Department of State continues to be at risk and a top target for foreign government hackers. In order to prevent potential cyber intrusions by unauthorized devices connected to agency networks and to protect the Personally Identifiable Information (PII) of State employees, the Committee directs the Department of State to maintain an accurate list of Information Technology (IT) assets. The Committee recognizes the importance of maintaining accurate IT lists and the implementation of basic cybersecurity standards, so that sensitive data is not compromised.
Boosting telehealth capabilities and access for U.S. veterans
Report text: The Committee provides $1,329,566,000 for VA telehealth services noting that the VA used $250,000,000 of the funds allocated to it by the CARES Act for telehealth expansion. Committee notes that telehealth increases access to VA services for underserved veterans and twice mentions veterans living in rural areas. Committee directs the VA to make a plan to increase awareness, access consumer satisfaction, effectiveness, and use of telehealth and report to Congress on the plan within 60 days of enactment. Committee directs the VA to make maternal fetal medicine a high priority of their telehealth program and to report to Congress on the development of MFM telehealth services.
Providing pro-bono legal services to U.S. veterans
Bill text: The Committee recognizes an unmet need for holistic programs that offer pro-bono legal services to Veterans and their dependents. The Committee acknowledges existing VA initiatives that guide Veterans during benefit-related interactions with administrative agencies and believes that public land-grant university law schools are suited to complement existing agency efforts in underserved areas.
Implementation of strong, national 5G strategy
Report language: 5G Security.--The Committee supports the development of secure 5G networks that are accessible nationwide, including rural communities, and that are developed using technology and equipment that is verified to be secure from foreign surveillance or influence, and. The Committee recognizes that it is in the best interest of the national and economic security of the United States to implement a strong national 5G strategy as outlined in Public Law 116---129.
Protecting our communications supply chain and nationwide networks
Report language: Supply Chain Security.--The Committee supports recent actions taken by the FCC to designate Huawei Technology Company and ZTE Corporation as covered entities for purposes of the agency's November 2019 ban on the use of universal service support to purchase equipment or services from companies posing a national security threat. The Committee encourages the FCC to continue working to ban the use of such funds to purchase, obtain, or maintain any equipment or services produced or provided by companies posing a national security threat to the integrity of communications networks or the communications supply chain within the United States. Furthermore, the Committee continues to support agency wide efforts to prevent and expel communications and technology companies from operating within the United States that are known to have substantial ties to foreign state-owned enterprises that conduct surveillance on and collect the data of American citizens on behalf of a foreign government, participate in the theft of American intellectual property, assist in espionage activities for foreign governments, have cybersecurity risks and vulnerabilities in their equipment, or face ongoing Congressional and Executive Branch concerns about their business models and practices.
Preventing international cybercriminals from accessing the U.S. financial market
Report language: The Committee encourages the Office of Foreign Assets Control (OFAC) to continue preventing known foreign sponsored actors of cybercrime from accessing the United States financial markets. The Committee is concerned that many cyber criminals, state sponsored or otherwise, are still gaining access to payments through financial markets and their activities pose a substantial national and economic threat to the United States.
Securing the Internet of Things
Report language: Internet of Things.--The Committee recognizes that the total number of Internet of Things (IoT) connected devices in use will reach 55 billion globally by 2025. The Committee further recognizes that the incorporation of IoT connected devices in both our personal and professional lives expands the cyber threat landscape into new domains, posing possible physical safety risks in addition to more traditional cybersecurity risks to data and information. The Committee directs the FTC to aggressively enforce any unfair and deceptive trade practices related to IoT devices and to issue appropriate guidelines that promote the use of reliable and secure IoT software and hardware components from all suppliers, domestic and foreign.
Empowering federal agencies to use cloud technology
Report language: The Committee continues to support efforts by the Federal Risk and Authorization Management Program (FedRAMP) to empower federal agencies to use modern cloud technologies, with emphasis on the security and protection of federal information, and to help accelerate the adoption of secure cloud solutions. The Committee recognizes that these efforts must be prioritized government-wide in order to ensure the effective security of federal information impacting millions of civil servants and taxpayers nation-wide, particularly in light of the ongoing COVID-19 pandemic, which has intensified the cyber vulnerability of the federal cloud services network.
Supporting coding in schools
Report language: The Committee recognizes that, as the American cybersecurity workforce shortage continues to grow, our nation becomes increasingly vulnerable to cyber attacks. The Committee believes it is critical to invest in cyber training for America's youth across a broad field of computer science curricula, including computer coding. Because computer coding plays an essential role in every industry, the Committee supports efforts by the Department of Education to encourage learning institutions from K-12, to higher education and career and technical schools to invest in computer science education, including computer coding instruction.
Modernizing and securing systems at the Department of Housing and Development
Report language: IT investment.--In its top management challenges report, the HUD OIG identified IT as a significant risk to the Department's ability to accomplish its mission. The Department's IT systems are outdated and incompatible with current technology, making them susceptible to failure and breach. The depth and breadth of these issues requires a multiyear investment and strategy. To address these issues, the Committee provides $35,400,000 above the request for migrating and retiring the remaining 15 COBOL-based legacy systems; streamlining, modernizing, and consolidating grant management systems, including the disaster grant system; and developing and deploying the Office of Native American Programs Loan Origination System. In addition, the Committee urges the Department of Housing and Urban Development to maintain an accurate inventory of Information Technology assets, especially to protect Personally Identifiable Information of Americans.