Sunday, April 1, 2012

HR 4263 Introduced – Cyber Security

Last Tuesday Rep. Bono-Mack (R,CA) introduced HR 4263, the “Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act of 2012. While this bill has the same title as S 2151 and the language is nearly identical for large portions of the bill, there are a large number of not so subtle differences between the two bills.

First off there are a large number of relatively wording changes between the two bills. Most of these changes are insignificant and will be of interest only to legal scholars and lawyers arguing civil cases involving cybersecurity matters.

There are a number of significant additions in this bill not found in S 2151.  They include grant funding provisions (revised § 413), minor cloud computing provisions (new § 404), the creation of a cybersecurity university-industry task force (new § 405), the establishment of requirements of cybersecurity automation and checklists for government systems (new § 414) and the establishment of an NIST cybersecurity research program (new § 415).

Grant Funding

One thing this new bill does is to provide actual continuing funding authority for a number of cybersecurity grant programs over the next three fiscal years. Section 413 is completely re-written (from the S 2151 version) and it now provides funding for:

• Computer and Network Security Research Grants [$90,000,000/year]

• Computer and Network Security Research Centers [$4,500,000/year]

• Computer and Network Security Capacity Building Grants [$19,000,000/year]

• Scientific and Advanced Technology Act Grants [$2,500,000/year]

Of course there is no mention of where the money will come from for these grants. That will have to be worked out before this bill could come to the floor under House Rules.

Industrial Control Systems


None of the ICS security related provisions that I have identified in S 2151 have been significantly changed in this bill. There is one additional, if very brief, mention of industrial control systems in this legislation. It is found in the new §415 in a modification of §20 of the National Institute of Standards and Technology Act where it adds new ‘Intramural Security Research’ under sub-paragraph (e) it includes “carry out research associated with improving security of industrial control systems” {§415 adds §20(e)(4)}. It’s not much, but it is something.

No comments:

/* Use this with templates/template-twocol.html */