House Passes HR 4310 with Cyber Measures

Yesterday, after two long days of debate including the consideration of over 100 amendments the House passed H4310, the National Defense Authorization Act for Fiscal Year 2013, by a bipartisan vote of 299 to 120. The cyber provisions of the bill that I described in an earlier blog remain in the bill (one with a floor revision). Three cyber-related amendments to the bill were considered during the floor debate; all passed by voice vote.

There is still nothing specifically addressing industrial cybersecurity or control system security, but it does offer a look at the expansion of congressional interest in cyber operations. The interesting thing about the votes on these three cyber-related amendments is that they were considered as part of three separate ‘en bloc’ votes containing 15 or more other amendments. Such groupings are made up of non-controversial amendments because significant opposition to even one of the members of the group could result in all of the amendments being voted down.

Amending Offensive Operations in Cyberspace

In the earlier blog I noted that the bill considered this week amended the current congressional authority to conduct operations in cyberspace to specifically authorize clandestine operations in support of congressionally cleared operations. Rep. Rogers (R,MI) offered an amendment that would clarify that while clandestine operations would be authorized nothing “in this section shall be construed to authorize a covert action” {§954(d)}. While there may be more sophisticated explanations for the difference between ‘clandestine’ and ‘covert’ here it appears to rest upon the type of Congressional authorization required for the action.

Air Force and Cyber Security

Rep. Hanna (R,NY) offered an amendment that would require the Secretary to report on Air Force cyber operations research, science, and technology. Most of this is amendment is focused on military operations in cyberspace, but the last sub-paragraph requires the inclusion of a review of the “potential benefit to the Air Force for collaboration with private industry and the development of cyber security technology clusters” {§245(9)}. While not specific to control system security, any additional research into cybersecurity will probably be beneficial to the ICS  processes.

Interagency Coordination

The final cyber-related amendment was offered by Rep. Thornberry (R,TX) that would require the establishment of an interagency organization that would “coordinate and deconflict full-spectrum military cyber operations for the Federal Government” {§1084(a)}. While this is probably directed at DOD agencies (it does refer to military ‘cyber operations’ after all), this could be expanded to include non-DOD agencies like DHS. Coordination of government cyber operations (coordination of anything, for that matter) is probably a good thing in general.

Moving Forward

Now that it has passed in the House we can expect that the Senate will start with its own version of the bill (which I haven’t seen yet) and then the two will get reconciled in conference. It’s anybody’s guess as to what will survive that process.