Last week the Cybersecurity, Infrastructure Protection, and
Security Technologies Subcommittee of the House Homeland Security Committee amended
and favorably recommended to the full Committee HR
3490, the Strengthening State and Local Cyber Crime Fighting Act. The
action was taken on a voice vote, suggesting substantial bipartisan support for
the bill as I suggested in my earlier post.
The sole
amendment added the Federal Law Enforcement Training Center (FLETC) to the
list of agencies that the National Computer
Forensics Institute is supposed to work with in furthering the goals of
effective cyber forensics.
Moving Forward
Again, I expect that this bill will move forward to a full
Committee markup fairly quickly. It will not be this week due to the short work
week in the House (effectively
only two days), but I expect it before the Columbus Day recess.
Commentary
I would still like to see this bill amended to specifically
mention a requirement to establish control system forensics capabilities
established at the NCFI. While the ICS-CERT certainly significant expertise in
this area, they are woefully understaffed and funded to investigate an ever
widening number of ‘control’ systems in the internet of things that will be
coming under increasing attack as awareness of the vulnerabilities in these
systems becomes increasingly understood by the cyber-criminal community. Even
critical infrastructure ICS cases are going to start to come under criminal
investigation and I don’t believe that criminal forensics is really the purview
of ICS-CERT.
Posts
No comments:
Post a Comment