Letter on H.R. 4061, the "Cyber Security Enhancement Act of 2009"

February 2, 2010

TO THE MEMBERS OF THE U.S. HOUSE OF REPRESENTATIVES:

The U.S. Chamber of Commerce, the world's largest business federation representing the interests of more than three million businesses and organizations of every size, sector, and region, believes H.R. 4061, the "Cyber Security Enhancement Act of 2009," is an important step towards enhancing federal cyber security research and development (R&D) activities to address America's vulnerabilities in cyberspace as well as increasing public education regarding risks, consequences, and best practices. However, the Chamber strongly opposes amendments that could be offered to this legislation on matters, such as net neutrality, unrelated to cyber security.

The Chamber is especially encouraged by the bill's promotion of cyber security awareness and education among small- and medium-size businesses, individuals, state and local governments, and educational institutions. Indeed, the Obama Administration's Cyberspace Policy Review correctly calls for a public campaign to promote cyber security in user-friendly ways. Over the past year, the Chamber has organized a series of meetings across the country in partnership with the Department of Homeland Security (DHS) to increase businesses' awareness of, and investments in, cyber security from an enterprise, or more holistic, perspective. The bill also calls for added R&D to improve the security of industrial control systems as well as identity management systems, which should, for instance, make online transactions more secure and trustworthy for both consumers and merchants.

The Chamber opposes two net neutrality-related amendments expected to be offered by Rep. Chellie Pingree. Not only is H.R. 4061 an inappropriate vehicle for debate on net neutrality, internet regulation is unnecessary and would hinder the ability of broadband service providers to employ robust and reasonable network management techniques to ensure that America's broadband infrastructure is secure and reliable. Network engineers should not be second-guessed by regulators, and provisions related to net neutrality should not be included in H.R. 4061.

The Chamber is also concerned that H.R. 4061 leaves several important issues unaddressed. For example, DHS, which has a key role in building partnerships with businesses to secure critical infrastructures, should be included in federal efforts to develop a strategic plan or roadmap for cyber security R&D. Congress should update federal law, such as the High-Performance Computing Act of 1991, to reflect existing structures as well as include DHS in the Networking and Information Technology Research and Development program. Similarly, the Department of State should be authorized to work in conjunction with the National Institute for Standards and Technology (NIST) in coordinating U.S. government participation in international standards-development bodies. The statutory responsibilities of the Department of State and NIST in this regard should be made explicit to clarify roles and expectations.

Moreover, in order to move forward on a university-industry task force devoted to cyber security R&D, the ownership of intellectual property will need to be addressed to the mutual satisfaction of university and industry partners. Also, a federal cyber security scholarship-forservices program currently exists at DHS, so a new scholarship program at the National Science Foundation may be duplicative.

The Chamber believes H.R. 4061 is an important step toward addressing cyber security concerns. The Chamber looks forward to continuing to work with Congress on this important issue.

Sincerely,

R. Bruce Josten