Friday, January 29, 2010

HR 4507 Introduced

On Tuesday, Congress Rodriguez (D, TX) introduced HR 4507, the Cyber Security Domestic Preparedness Act. The legislation would authorize the Secretary of DHS to establish the Cyber Security Domestic Preparedness Consortium which would train and assist State and local authorities prepare for and respond to cyber security attacks. The Act would also authorize the establishment of the Cyber Security Training Center where such training would take place. The Consortium would consist of “consist of academic, nonprofit and government partners that develop, update, and deliver cyber security training in support of homeland security” {§226(c)}. In addition to training, the Consortium would provide technical support to State and local authorities “in support of cyber security preparedness and response” {§226(b)(3)}as well as conducting simulation exercises to aid in developing techniques “to defend from and respond to cyber attacks” {§226(b)(4)}. The bill does not include a definition of ‘cyber attacks’, nor does it provide a description of the types of attacks for which the Consortium would provide training support. One would assume that attacks against industrial control systems would be included in ‘cyber attacks’ although there is already an organization within DHS that already conducts that type of training, the Control Systems Security Program (CSSP) under the DHS-CERT. The difference would be that the CSSP training is directed at private industry where industrial control systems reside, rather than at State and local authorities. It does strike me as unusual that this bill seems to intend to pass responsibility for preventing and responding to cyber attacks down to the State and local level. It seems to me that this should certainly fall under Federal responsibility under both the Commerce and Common Defense clauses of the Constitution.


D3 said...

Why should it surprise you to learn that the Federal Government realizes that cyber security is "everyone's responsibility?" Assuming the Federal Government is the sole entity responsible for security in "cyberspace" is a lot like saying the fire department is the only entity qualified to respond to fire emergencies...just a thought--not an attack.

PJCoyle said...

My response to D3's comment can be found at:

/* Use this with templates/template-twocol.html */