Last week Sen. Gardner (R,CO) introduced S Res
23, Establishing the Select Committee on Cybersecurity. The resolution would
establish a new committee in the Senate tasked with the oversight of
cybersecurity matters in the Federal government.
Membership
The Committee would consist of the Chair and the Ranking
Member (or their designees) from the {§1(c)}:
• Committee on Appropriations;
• Committee on Armed Services;
• Committee on Banking, Housing,
and Urban Affairs;
• Committee on Commerce, Science,
and Transportation;
• Committee on Foreign Relations;
• Committee on Homeland Security
and Governmental Affairs;
• Committee on Intelligence; and
• Committee on the Judiciary.
Five additional members from the Senate would be appointed;
three by the Majority Leader and two by the Minority Leader.
Jurisdiction
The resolution would authorize the Select Committee to{§1(b)}:
• To oversee and make continuing
studies of and recommendations regarding cybersecurity threats to the United
States; and
• Report by bill or otherwise on
matters within its jurisdiction.
The resolution would require bills to be referred to the
Select Committee for consideration if they relate to {§1(e)}:
• Domestic and foreign cybersecurity
risks (including state-sponsored threats) to the United States;
• The activities of any department
or agency relating to preventing, protecting against, or responding to cybersecurity
threats to the United States, and relevant incidents or actions;
• The organization or
reorganization of any department or agency to the extent that the organization
or reorganization relates to a function or activity involving preventing,
protecting against, or responding to cybersecurity threats to the United States,
and relevant incidents or actions; and
• Authorizations for
appropriations, both direct and indirect, for preventing, protecting against, or
responding to cybersecurity threats to the United States, and relevant
incidents or actions.
Moving Forward
Neither Gardner nor his sole cosponsor {Sen. Coons (D,DE)}
are members of the Committee on Rules and Administration (the committee to
which the resolution was referred for consideration), so it is extremely
unlikely that that Committee will take action on the bill. While some of the
most affected committees in the Senate would be represented on the Select
Committee, the formation of this Committee would serve to dilute (at least to
some extent) the power of all of the existing committee chairs and ranking
members. That will probably provide for sufficient opposition to the bill to
prevent it from being considered by the whole Senate even if the bill did make
it out of committee.
Commentary
Industrial control systems are not specifically mentioned in
the resolution. The key definition in this resolution is a ‘new’ term; ‘cyberspace’.
That term is defined as “the global domain within the information environment
consisting of the interdependent network of information systems infrastructures
(including the Internet, telecommunications networks, computer systems, and embedded
processors and controllers)” {§1(a)(3)}.
While that definition would seem to exclude industrial
control systems, that is probably not as important as it would be in
legislation pertaining to the Executive branch operation or the regulation of
the private sector. What bills are referred to a committee is not exactly a
legal matter, it is more of a political decision. Matters related to industrial
control system security would almost certainly come under the actual purview of
the Select Committee.
The important thing to remember here is that the Select Committee
would not have exclusive jurisdiction over matters relating to cybersecurity.
Where existing committees already have jurisdiction (for example the Homeland
Security and Governmental Affairs Committee) over related matters, that jurisdiction
would now be shared. For example, a cybersecurity bill giving DHS regulatory
authority would be referred to both the HSGA Committee and the Select Committee
for consideration and either could effectively kill the bill by failing to
consider it.
The one upside to this resolution would be that the
professional staff (and the political staff probably) would almost certainly
contain a much higher concentration of cybersecurity professionals than any
other committee in the Senate. This could allow for a much better technical
analysis of (and hopefully influence on) cybersecurity issues. Where that
underpaid staff would come from is an interesting question; most would probably
come directly out of graduate schools.
Weighing the pros and cons of this bill, I would support the
establishment of the Select Committee. I think that the existence of a
professional staff with a strong cybersecurity background could end up being enough
of a benefit to outweigh the formation of a new political silo in the Senate.
No comments:
Post a Comment