I noted
last week Sen. McCain introduced S 3342 and without seeing the bill I
expected that it was some sort of compromise between his earlier bill, S
2151, and the Senate bill that has been expected to move forward, S
2105. This weekend the GPO made S 2151 available on-line and it turns out
that the new bill is more properly a tweaking of McCain’s earlier bill, falling
well short of being a compromise measure.
Changes in the Bill
The new bill adds the following new sections:
§104. Construction.
§106. Inspector General review.
§205. Clarification of authorities.
§307. No new funding.
Only one section was removed; §408. Cybersecurity strategic
research and development plan.
Additionally, a number of new definitions were added to §101.
They include:
• Federal information system
• Information security
• Local government
• Significant cyber incident
• Tribal
Finally there were a number of wording changes that fine-tuned
the privacy provisions and information sharing requirements of the bill. The
details of those changes, and the added provisions, will probably only be of
interest to lawyers and politicians.
There really are no significant changes in the bill and it
still completely ignores the problem of cybersecurity of industrial control
systems.
Moving Forward
With both the Senate and the House being on their extended
July 4th holiday next week nothing is going to get done any time
soon on the cybersecurity legislative front. This bill is dead in the water as
the only bill that has any chance of moving forward in the Senate (after
inevitable changes) is S 2105. Even that bill has little chance of passing
before the election due to privacy concerns and business opposition to new
regulations; too many people on both sides of the aisle oppose the bill, so it
is unlikely to come to a vote. In most cases this opposition is not just
election year posturing so passage even in the lame duck session is unlikely.
Posts
No comments:
Post a Comment