Today the House Homeland Security Committee added two new hearings on cybersecurity topics for this week.
On Wednesday the Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee will be holding a hearing on “Oversight of the Cybersecurity Act of 2015”. This is the second hearing on the CSA scheduled for tomorrow. The witness list includes:
• Matthew J. Eggers, U.S. Chamber of Commerce
• Robert H. Mayer, United States Telecom Association
• Mark G. Clancy, Soltra
On Thursday the Emergency Preparedness, Response and Communications Subcommittee will hold a markup hearing on three bills, one of which is HR 5459, the Cyber Preparedness Act of 2016. The text of the bill is not yet available from the GPO, but a committee draft is available.
HR 5346 Draft
Section 2 of the bill would amend 6 USC 124h adding cybersecurity information sharing responsibilities to the existing “homeland security information, terrorism information, and weapons of mass destruction information” sharing requirements for Fusion Center in paragraphs (b)(6), (b)(8) and (d)(a). It would also amend 6 USC 148 adding requirements for the National Cybersecurity and Communications Integration Center to provide support to Fusion Centers.
Section 3 of the bill would add “enhancing cybersecurity, including preparing for and responding to cybersecurity risks and incidents” to the list of types of projects for which a variety of Homeland Security Grants can be used.
No additional funds are authorized by this bill.
The language of HR 5346 does not change the existing language in §148 that limits the term ‘information system’ to classic IT systems, not control systems. There is no language in §124h defining ‘cybersecurity risk information’ so a broad use of that term could conceivably include risk information about control systems, but I would be surprised to see that broader definition used in practice due to the shortage of control system security experts, especially since no additional funds are being made available.