Sunday, March 17, 2013

HR 967 Ordered Reported – Cybersecurity Research

Last week the House Science, Space and Technology Committee marked-up HR 967, the Advancing America’s Networking and Information Technology Research and Development Act of 2013 and ordered it reported favorably by a voice vote, generally a sign of bipartisan support. This bill is very similar to HR 3834 introduced in the 112th Congress and passed in the House.

Cyber-Physical Systems

As I noted when the earlier version of the bill was introduced, this bill is significant for the control system community because it introduces the term ‘cyber-physical systems’ to the federal lexicon. The term is defined this way {§2(f) adds 55 USC 5503(1)}:

“‘[C]yber-physical systems’ means physical or engineered systems whose networking and information technology functions and physical elements are deeply integrated and are actively connected to the physical world through sensors, actuators, or other means to perform monitoring and control functions”.

Section 4(a) of the bill goes on to amend 55 USC 5511(a)(1) by adding a paragraph of R&D requirements for cyber-physical systems. The new 55 USC 5511(a)(1)(J) provides for research that would provide for research on the scientific principles of cyber-physical systems and “improve the methods available for the design, development, and operation of cyber-physical systems that are characterized by high reliability, safety, and security”.

Section 4(b) would amend 55 USC 5503 to require the establishment of a University/Industry Task Force to “explore mechanisms for carrying out collaborative research and development activities for cyber-physical systems, including the related technologies required to enable these systems” {§105(a)}. The task force would consist of “participants from institutions of higher education, Federal laboratories, and industry”. The Task Force would have one year to complete their work and issue a report to Congress. Unfortunately, there is nothing that mentions ‘security’ in the description of the function or scope of the Task Force.

Committee Mark-up

Four amendments were offered on the bill and all four were adopted by voice votes. Only one of the amendments (Johnson Amendment 440) was significant from a control system or cyber-physical system point of view.

The Johnson amendment would replace the Cyber-Physical task force outlined in Section 4(b) of the bill with a University/Industry Workshop, again my amending 55 USC 5503. In many ways this would be similar to the replaced Task Force, but in addition to the ‘exploring mechanisms’ task it would also be charged with developing “grand challenges in cyber-physical systems research and development” {§105(a)}.

One would think that the reason for calling for a workshop instead of a task force would be the shorter time needed to obtain results from a more concentrated work period. That isn’t the case here. Instead of the one-year reporting period found in the original bill, Johnson’s amendment would give the Director of the National Coordination Office 18 months to prepare a report on the findings and recommendations of the workshop.

Moving Forward

While the Committee voted to report the bill favorably on Thursday, there is no telling how soon the actual committee report will be filed. Generally speaking the House won’t take up a bill until the report has been filed. There is little doubt that this bill will easily pass muster on the House floor and probably the Senate floor as well. The problem will be seeing if or how soon the leadership will bring the bill to the floor.

Because the President’s cybersecurity executive order has taken off some of the political pressure to produce comprehensive cybersecurity legislation, this bill may make it through the legislative process during this session.

No comments:

/* Use this with templates/template-twocol.html */