HR 3583 Introduced – PREPARE Act

Last week Rep. McSally (R,AZ) introduced HR 3583, the Promoting Resilience and Efficiency in Preparing for Attacks and Responding to Emergencies (PREPARE) Act. The bill reauthorizes and makes minor modifications to a number of emergency response and planning grant programs. Program changes of specific interest to readers of this blog include

• Cybersecurity protections for Public Safety Broadband Network;

• DHS use of social networking; and

• The medical countermeasures program

FirstNet Cybersecurity

Section 206 of the bill requires the DHS National Protection and Programs Directorate Under Secretary to provide Congress with a report on the cybersecurity support that DHS is providing to the Department of Commerce FirstNet program. Specifically the Under Secretary is tasked with the requirement “to identify and address cyber risks that could impact the near term or long term availability and operations of such [public safety broadband] network and recommendations to mitigate such risks”.

Social Networking

Section 207 of the bill would add §318 to the Homeland Security Act of 2002. It provides for the establishment of a DHS Social Media Working Group. Alert readers of this blog will realize that I recently reported that the HR 623, with nearly identical language, has been reported in the Senate.

Medical Countermeasures Program

Section 303 of the bill would add §527 to the Homeland Security Act of 2002. It establishes a medical countermeasures program under the DHS Chief Medical Officer. The program is to be designed to “facilitate personnel readiness, and protection for working animals, employees, and individuals in the Department’s care and custody, in the event of a chemical, biological, radiological, nuclear, or explosives attack, naturally occurring disease outbreak, or pandemic” {new §527(a)}.

Moving Forward

McSally is the Chair of the Emergency Preparedness, Response, and Communications Subcommittee of the House Homeland Security Committee. The Committee Chair, Rep. McCaul, is cosponsor of this bill. So there is certainly the political will and power to move this bill forward.

The Subcommittee marked-up this bill before it was introduced. The full Committee markup is scheduled for Wednesday. I suspect that the bill will be approved by a voice vote without further amendment. If so it will move to the floor of the House before the end of the year; probably to be considered under suspension of the rules with little debate and no floor amendments.

Commentary

The Congress is taking more and more actions like that seen here in specifying that DHS will report on the cybersecurity of FirstNet. These little one section toss offs in a wide variety of legislation are doing more to further the centralization of cybersecurity responsibility in DHS than any single piece of legislation could. I expect that this means that I am going to have to be watching a wider variety of bills to find those mentions that might be of specific interest to the control system security community.

I am not sure why the Social Media Working Group language is once again in legislation that is obviously heading to the floor. It was already passed in the House as a standalone bill. The only thing that makes a modicum of sense is that McSally and McCaul do not expect the Senate to actually take up HR 623 and they really want this group to be formed.

Of concern to me is that this version of the §318 language is also missing any mention of monitoring social media to provide situational awareness to the Department. While the intel folks are trying desperately to monitor the social network communications of IS and AQ supporters, the emergency response folks are, due to excessive concern with avoiding the appearance of spying on the public, being forced to ignore the vital information that could be available in natural disasters and after attacks or manmade disasters. A vitally important requirement for this SMWG should be the development of tools to abstract information from publicly available social networks to support emergency response.

The medical countermeasures program also seems to be an overly limited, if certainly legitimate DHS program. DHS certainly has a responsibility to ensure that medically foreseeable countermeasures to CBRNE attacks are available to keep their troops in the field fully functioning in their emergency response and criminal investigation capacities in the event of such attacks.

With minimal expansion of responsibility, however, the DHS Office of Health Affairs could be developing plans and standards for the deployment of medical countermeasures to the general public. In particular, incidents like the acrylonitrile train wreck this summer point to the need for the centralized stockpiling and subsequent distribution of medical countermeasures for industrial chemical accidents. OHA could have been tasked in this bill with the requirement to identify those industrial chemicals requiring specific medical countermeasures that would not routinely be available to local emergency rooms. In conjunction with such a list they could have been required to submit a plan to Congress on how a regional stockpiling and distribution plan could be put together for such countermeasures.