Cybersecurity Week Update II

The witness list for today’s Iranian Cybersecurity Threat hearing is not available as is a list of proposed amendments to HR 3523.

Iranian Cybersecurity Threat

Today’s hearing about the ‘growing’ Iranian cybersecurity threat has some distinguished witnesses, but as with yesterday’s hearing, none are currently in the intelligence community. We should get some interesting theoretical and political insights into the potential for Iranian attacks on critical infrastructure cyber-systems (maybe even control systems, ala retaliation for Stuxnet), but there will be no hard information about specific or credible threats that anyone will be willing or able to act upon.

The witness include:

• Mr. Frank J. Cilluffo; Associate Vice President and Director; Homeland Security Policy Institute; The George Washington University

• Mr. Ilan Berman; Vice President; American Foreign Policy Council; and

• Mr. Roger Caslow; Executive Cyberconsultant; Suss Consulting

HR 3523 Amendments

Last night was the close of acceptance of amendments that might be considered later this week during the floor action on HR 3523, CISPA. The Rules Committee web page for the bill contains a brief summary of over 40 amendments that they will review in this afternoons hearing. Depending on the type of rule they decide upon, all or some (more likely about 10) of these amendments could come to the floor for their 10 minutes of debate.

Without being able to read the actual amendments (and those are not currently available) we only have the summaries to divine what will be included, but it doesn’t look like anyone is concerned with control system security. There is a nice spread of practical to ideological amendments for the Committee to consider.

Rep. Thompson (D,MS; Ranking Member of the Homeland Security Committee) has three amendments offered; including the expected privacy issue amendment that will probably be included in the short list going to the floor. Another of his amendments  may be of more practical effect:

“Would authorize existing activities of the Department of Homeland Security for securing Federal networks and supporting private sector cybersecurity efforts. Would also put in place a framework by which the Secretary would determine which infrastructure sectors are critical to our Nation, conduct risk assessments of those sectors, develop and disseminate best practices for mitigating cybersecurity risks, and work with existing regulatory agencies of critical infrastructure to incorporate best practices into existing regulations, where necessary.”

Depending on the wording of the actual amendment this could result in some interesting regulatory changes, particularly in MTSA and CFATS regulations where DHS would have the most control.