Thursday the Senate Appropriations Committee adopted an
amendment in the form of a substitute for HR 2014 and reported the bill
favorably. Since an actual copy of the ‘amended’ bill is not yet available, it
is difficult to determine all of the changes made to the bill. The Committee
Report is available so there are a number of things that we can determine; for
example the CFATS extension for 1-year remains in the bill but now as §535
instead of §532 as found in the House passed language.
CFATS
The CFATS program comes in for mention in a couple of places
in the Report besides the afore mentioned program extension. This includes a
discussion of coordination of federal chemical security efforts, ISCD funding,
and CFATS implementation reporting.
The Committee Report talks about coordinating chemical
security efforts in two separate places. On page 13 there is a general
discussion where the Committee lauds the limited efforts to date by ISCD and
the Coast Guard (and ignores the ISCD-NRC
efforts) but notes that coordination with the TSA is lacking. They also suggest
that “DHS should work in conjunction with the Office of Management and Budget
to review and synchronize Federal entities involved in chemical security
activities”. Presumably those other efforts would include EPA regulation of
security of water treatment and waste water treatment facilities (including
chemicals used therein) as well as PHMSA regulation of hazmat trucking
security.
Then on page 100 in a general CFATS program discussion the
lack of Top Screen submission by West Fertilizer is mentioned as demonstrating
“the need for NPPD to have a more robust coordination effort to promote
cooperation among industry and with other relevant Federal agencies in the
chemical sector”. To help resolve this issue NPPD is required to “support the
Chemical Sector Coordination Council in an effort to develop (and, of course,
report to Congress on) recommendations to:
• Improve the coordination among
Federal agencies;
• Streamline reporting
requirements; and
• Improve the CFATS program to
create efficiency and effectiveness.
The Committee Report sets the spending for Infrastructure
Security Compliance (mainly CFATS program) at $
85.6 million (pg 98; just below the $85.8 million requested by the
President) compared to the House
Committee’s Report $ 77.1 million (pg 82).
And there is no mention of withholding funds in the Senate Report that we saw
in the House Report.
There are, of course, the obligatory requirements for
reporting to Congress. In addition to the reports mentioned above there is a
requirement found on pages 100-101 for NPPD to report on the CFATS
implementation process every six months (starting 90 days after this bill is
adopted). The report would include:
• The number of: facilities covered:
• Inspectors;
• Completed inspections;
• Inspections completed by region;
• Pending inspections;
• Days inspections are overdue;
• Enforcements resulting from
inspections; and
• Enforcements overdue for
resolution
TWIC
There is only a brief mention of TWIC in the Report on page
71. It focuses on the TSA’s effort to implement §709 of the Coast Guard and Maritime
Transportation Act of 2012 (PL
112-213) that required a one-visit process for issuing new TWICs. Another
report to Congress is required; “on the plan and timeline for implementing
section 709 and other plans to ease the burden on workers who must travel
hundreds of miles at great personal expense to obtain a TWIC card”.
Chemical Defense
Program
This relatively small ($0.8 million) program
run out of the Office of Health Affairs is tasked with developing a comprehensive
chemical defense framework. The Report notes (pg 108) that the “Committee
believes all high-risk situations [emphasis added] should be considered
for study to ensure useful information is made available on mitigation and
response measures”; a pretty big order for such small funding. Another report
(due August 2nd) is required “on the timeframe to finalize the
awards and the risk factors that will be considered in awarding demonstration
projects”.
Cybersecurity
In the NPPD section of the report (pgs 101 and 102) the
cybersecurity discussion is mainly about support for the security of federal
computer systems and networks. The report does discuss the President’s
decreased spending request for cyber-workforce training and asks that the
program be fully funded in the President’s FY 2015 request.
There is an interesting demand for a briefing from NPPD and
FEMA on “the likely physical and psychological consequences of a cyber attack,
including the potential magnitude of the effect; State, local, and tribal
government preparedness and response coordination; and Federal coordination and
readiness”. I would certainly like to hear that presentation.
There is a brief mention of the President’s cybersecurity
Executive order on page 102. It focuses on the incentives that the
Administration will be considering to gain voluntary compliance with the
Cybersecurity Framework. It does little more, however, than note that it “expects
the Administration to provide a comprehensive review of the incentives to
Congress, the private sector, and the public for input as soon as practicable”.
Another part of the Committee Report discussion on
cybersecurity is found on page 135 in the Science and Technology section and emphasizes
‘war gaming and cyber exercise programs’. In particular it mentions the
continued development “of a simulation based cybersecurity exercise tool for
the financial services sector and supports the further extension of the
financial sector tool into other critical infrastructure sectors such as
energy, the defense industrial base, transportation, and healthcare”.
The report does specifically mention control systems in the
same discussion noting that the “The Committee recognizes the cyber threats to
the Nation’s electric grid and the other control systems vital to our security
and economy”. To address those threats the Committee directs S&T (in
collaboration with NPPD) to establish ‘operational cybersecurity research
initiatives’ that include the “conduct experiments both at the lab scale and at
real-world scale using test bed applications to verify models using a
large-scale operational environment”.
All of this will be accomplished on a S&T cybersecurity
budget of $74.5 million.
Moving Forward
The bill is now ‘cleared’ for floor action in the Senate. I
have not seen anything on when this will be scheduled for debate, but I suspect
that we may see this process start later this week or next. I expect that it
will be amended and approved by the Senate before the summer recess. The
Conference may even be named before the recess so that work on the differences
between the two bills can get started.
This is one spending bill that has a good chance of getting
to the President before October 1st.
Posts
No comments:
Post a Comment