As I
noted earlier Sen. Carper (D,DE) introduced S 2519, the National
Cybersecurity and Communications Integration Center (NCCIC) Act of 2014.
This bill would add a new section {§210G} to the Homeland Security Act of 2002
formally establishing the existing NCCIC.
The mandate included in this bill is very wide and vaguely
written. Two of the subparagraphs describing the functions of the NCCIC directly
affect the effect the industrial control system community through the functions
of the ICS-CERT which is part of the NCCIC:
• Sharing cybersecurity threat,
vulnerability, impact, and incident information and analysis by and among
Federal, State, and local government entities and private sector entities {§210G(a)(3)};
and
• Upon request, providing timely
technical assistance to Federal and non-Federal entities with respect to
cybersecurity threats and attribution, vulnerability mitigation, and incident
response and remediation {§210G(a)(3)}.
Both of these (actually all of the) activities are clearly
identified as discretionary:
The provision of assistance or
information to, and inclusion in the operations center of, governmental or
private entities under this section shall be at the discretion of the Under
Secretary appointed under section 103(a)(1)(H)
[Under Secretary for NPPD] {§210G(e)}.
The current organization
of the NCCIC can be seen here on the NCCIC web site. An interesting side
note; the link to this organizational chart provided on the NCCIC landing page
is an editing link which leads to one of those nasty ‘Access Denied’ warnings.
This bill was ordered reported by the Senate Homeland
Security and Governmental Affairs Committee on the day of its introduction. If
this bill makes it to the floor it will certainly be approved, probably under the
unanimous consent process in the Senate and under suspension of the rules in
the House. It could also find its way into a spending bill. It all depends on the discretion of the leadership of the respective bodies.
Posts
No comments:
Post a Comment