H. R. 6473
IN THE HOUSE OF REPRESENTATIVES
December 7, 2016
Mr. Upton introduced the following bill; which was referred to the Committee on Energy and Commerce
To express the sense of Congress that information security is critical to the economic security of the United States and to direct the Assistant Secretary of Commerce for Communications and Information to submit to Congress a report on the costs of information security.
Sense of Congress on information security
It is the sense of Congress that—
information is vital to all industries of the United States for domestic and international commerce;
the modern United States economy relies increasingly on digital information systems; and
information security is therefore critical to the economic security of the United States and should be protected in a manner that continues to promote economic growth.
NTIA report on costs of information security to United States economy
Not later than 2 years after the date of the enactment of this Act, the Assistant Secretary of Commerce for Communications and Information shall submit to Congress a report on the direct and indirect costs of information security to the economy of the United States. In preparing such report, the Assistant Secretary shall use existing commercial indices and other publicly available information.
The report required by subsection (a) shall contain an estimate of the costs described in such subsection. In preparing such estimate, the Assistant Secretary shall consider costs that include the cost of—
keeping information systems secure;
actions necessary to mitigate compromise of information systems;
measures used to hedge against such compromise; and
economic loss or harm caused by such compromise.
In this Act:
information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—
integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information;
availability, which means ensuring timely and reliable access to and use of information; and
authentication, which means utilizing digital credentials to assure the identity of users and validate their access.
information system means any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, and includes—
networks and computers and other network-enabled devices;
software, firmware, and related procedures;
services, including support services; and