An appropriations bill in the House covering Commerce, Justice, NASA, the National Science Foundation and several small entities including EEOC, directs those agencies to annually report to Congress describing the cyber attacks and attempted cyber attacks against them and their consequences; the steps taken to prevent, mitigate or otherwise respond to such attacks; and the cybersecurity policies and procedures in place, including policies about ensuring safe use of computer and mobile devices by individual employees.
Says the committee report on the bill: "Safeguarding such systems and the information they contain has been on the Government Accountability Office’s list of high-risk areas since 1997. Risks to such systems include escalating and emerging threats from around the globe, which are further heightened by steady advances in the sophistication of attack technology and the ease of obtaining and using hacking tools."
The annual reports are to include a description of all outreach efforts undertaken to increase awareness of cybersecurity risks among employees and contractors. In addition, the bill (HR-5326) requires Commerce, Justice, NASA and NSF to assess the risk of cyber-espionage or sabotage before acquiring any information technology system. Further, if those same agencies plan to acquire systems produced by entities owned, directed or subsidized by the People’s Republic of China, they would have to first make a determination that to do so is in the national interest.
