skip to main content

H.R. 6473 (114th): To express the sense of Congress that information security is critical to the economic security of the United States and to direct the Assistant Secretary of Commerce for Communications and Information to submit to Congress a report on the costs of information security.

The text of the bill below is as of Dec 7, 2016 (Introduced).


I

114th CONGRESS

2d Session

H. R. 6473

IN THE HOUSE OF REPRESENTATIVES

December 7, 2016

introduced the following bill; which was referred to the Committee on Energy and Commerce

A BILL

To express the sense of Congress that information security is critical to the economic security of the United States and to direct the Assistant Secretary of Commerce for Communications and Information to submit to Congress a report on the costs of information security.

1.

Sense of Congress on information security

It is the sense of Congress that—

(1)

information is vital to all industries of the United States for domestic and international commerce;

(2)

the modern United States economy relies increasingly on digital information systems; and

(3)

information security is therefore critical to the economic security of the United States and should be protected in a manner that continues to promote economic growth.

2.

NTIA report on costs of information security to United States economy

(a)

In general

Not later than 2 years after the date of the enactment of this Act, the Assistant Secretary of Commerce for Communications and Information shall submit to Congress a report on the direct and indirect costs of information security to the economy of the United States. In preparing such report, the Assistant Secretary shall use existing commercial indices and other publicly available information.

(b)

Required considerations

The report required by subsection (a) shall contain an estimate of the costs described in such subsection. In preparing such estimate, the Assistant Secretary shall consider costs that include the cost of—

(1)

keeping information systems secure;

(2)

actions necessary to mitigate compromise of information systems;

(3)

measures used to hedge against such compromise; and

(4)

economic loss or harm caused by such compromise.

3.

Definitions

In this Act:

(1)

Information security

The term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—

(A)

integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;

(B)

confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information;

(C)

availability, which means ensuring timely and reliable access to and use of information; and

(D)

authentication, which means utilizing digital credentials to assure the identity of users and validate their access.

(2)

Information system

The term information system means any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, and includes—

(A)

networks and computers and other network-enabled devices;

(B)

ancillary equipment;

(C)

software, firmware, and related procedures;

(D)

services, including support services; and

(E)

related resources.