Thursday, October 14, 2010

HR 6351 Introduced 09-29-10

Well, the last of the bills that I was watching for from the last days before the election recess was finally published on the GPO web site. The only one that was of any significance to the chemical security committee was HR 6351, the Strengthening Cybersecurity for Critical Infrastructure Act, introduced by Rep. Langevin (D, RI). This is one of the shorter cybersecurity bills introduced in this session, but it is one that will, if passed, have potential impact on the chemical security community.

There are two basic provisions of this bill. First it makes DHS the lead agency for cybersecurity matters related to critical infrastructure information systems, including those owned or operated by the Federal Government. Second it creates the National Office for Cyberspace in the Executive Office of the President and establishes a Director to head that office. This office would have authority to coordinate interagency cybersecurity matters related to critical infrastructure information systems.

The unique thing about this bill is that it specifically deals with industrial control systems. It defines ‘critical infrastructure information systems’ as “the electronic information and communications systems, software, and assets that control, protect, process, transmit, receive, program, or store information in any form, including data, voice, and video, relied upon by critical infrastructure, industrial control systems” {§2(1)}.

The specific authority given to the Secretary is rather vague, providing authority for the “creation, verification, and enforcement of measures with respect to the protection of critical information infrastructure” {§3(a)}. It provides the Secretary with the authority to conduct “such audits as are necessary to ensure that appropriate measures are taken to secure critical information infrastructure” {§3(a)(1)}, to issue subpoenas as “necessary to determine compliance with Federal regulatory requirements for securing critical information infrastructure” {§3(a)(2)}, and to require other sector specific Federal regulatory agencies to conduct compliance audits {§3(a)(3)}.

The bill was referred to the House Homeland Security and the House Oversight and Government Reform Committees and Langevin is not on either Committee. In the shortened and intense lame-duck session after the election this bill is unlikely to be acted upon by either Committee. In the unlikely event this makes it to the House floor and passes (passing would be likely), it would be most unlikely (almost impossible) to make it out of committee in time for consideration by the Senate before the final adjournment of the 111th Congress.

Rep. Langevin appears likely to be re-elected next month, so we might expect to see this legislation re-submitted in January.

No comments:

/* Use this with templates/template-twocol.html */