Thursday, May 20, 2010

HR 4842 Committee Report

The House Homeland Security Committee published their report on HR 4842, the Homeland Security Science and Technology Authorization Act of 2010 on Tuesday, though the report was not available from the GPO until Thursday. The bill was then assigned to the House Committee on Science and Technology for a period ending not later than June 18, 2010. Depending on how fast the Science and Technology Committee gets through their review, it is just barely possible that this bill could get to the floor of the House before the July 4th recess. Lacking that, it still has a decent chance of making it to the floor before the summer recess on August 6th. Whether or not it has any chance of making it through the Senate during this session remains to be seen. The chemical security related provisions that I described in an earlier blog remain intact and unchanged. There have been a number of new provisions added to the bill during the two markup hearings that were held in the Homeland Security Committee. Only one of those provisions will have any significant effect on the chemical security community. The Commission Section 701 of the revised bill provides for the establishment of the Commission on the Protection of Critical Electric and Electronic Infrastructures. Mainly directed at assessing the vulnerabilities of the electrical grid it also covers ‘electronic infrastructures’ that includes “all computerized control systems used in all United States critical infrastructure sectors” {§701(b)(1)(A)(ii)}. The Homeland Security Committee intends for the Commission “to take up where the former Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack—often referred to as the EMP Commission—left off when its authorization expired in December of 2008” (pg 48 of House Report 111-486). They have however, greatly expanded the scope of threats to assess.
“The Commission shall give particular attention to threats that can disrupt or damage critical electric and electronic infrastructures, including— “(A) cyber attacks or unintentional cyber disruption [emphasis added]; “(B) electromagnetic phenomena such as geomagnetically induced currents, intentional electromagnetic interference, and electromagnetic pulses caused by nuclear weapons; and “(C) other physical attack, act of nature, or accident [emphasis added].”
I think that it is entirely appropriate that the Commission is specifically being tasked to look at cyber disruptions that have nothing to do with intentional acts. Cyber attacks will almost certainly remain much less common than the accidents, equipment failures and weather events that will be a common part of our world for a long time to come. Their ability to disrupt the operation of critical cyber systems will vary from the inconvenient to catastrophic. But, they will inevitably cause more problems than actual terrorist attacks. The authorization for this Commission includes funding for two years. That is certainly reasonable for a comprehensive study like that envisioned in HR 4842. That is also the main shortcoming of these types of studies. They take too long to complete and then Congress will play with the results for a while before they have any chance of putting substantive legislation together Then there will be a lengthy rule making process started in motion. Even if this bill were approved this summer it would be late 2012 before we could possibly see even obvious measures make their way through the political system. The controversial recommendations could take much longer to move through the political maze.

No comments:

/* Use this with templates/template-twocol.html */