Yesterday Sen. McCain (R,AZ) offered an amendment to S 1243 (SA 1780), the Transportation, Housing and Urban Development, and Related Agencies Appropriations Act (THUD), 2014 that dealt with cybersecurity. The amendment would withhold DOT cybersecurity funds until the Secretary reported on the planned uses of those funds.
• The report would be required to include:
• How the cyber security funding will be obligated or expended;
• The programs and activities that will receive cyber security funding;
• If and how the use of the funding complies with the Federal Information Security Management Act of 2002 (6 U.S.C. 101 et seq.) and any other applicable Federal law;
• The performance metrics that will be used to measure and determine the effectiveness of cyber security plans and programs; and
• The strategy that will be employed to procure goods and services associated with the cyber security objectives of the Department of Transportation.
As I noted in an earlier blog, the bulk of the DOT cybersecurity spending identified in the Senate Appropriations Committee Report would be going to the FAA. Some of the systems involved could be described as control systems. They are of a very specialized nature and most of the cybersecurity tools developed for them would probably not be widely applicable to industrial control systems.
This amendment is not one of the limited number that has been listed as ‘pending’ in the Congressional Record’s Daily Digest, but it still could be brought to the floor at any time during the debate of HS 1243 at the discretion of the leadership. These ‘report’ types of amendments have a good probability of passing if brought to a vote even if this one is a bit coercive.